Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need a good cleaning and have Win 8


  • This topic is locked This topic is locked
21 replies to this topic

#1 GlowingGlitter

GlowingGlitter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 18 July 2014 - 12:00 AM

http://www.bleepingcomputer.com/forums/t/539163/virus-i-keep-getting-popup-update-windows-nt-drivers/page-3

 

 

It seems the pop-ups are getting more aggressive ie. auto downloading & locking up my browser w/ a big red window saying  I have a possible infection & gives me an 800 # to call had to use task manager to kill browser 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 23 July 2014 - 12:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541404 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 GlowingGlitter

GlowingGlitter
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 23 July 2014 - 09:58 PM

This was my original post, although now I am getting popups for java & media player also.

Windows 8.1- Google Chrome. I keep getting a popup box that says, "The page at 0vezz.playnow.giftglue.eu says:        

UPDATES RECOMMENDED  It is recommended that you install the software to ensure your browser is the latest version. Please update to continue." I can close this but a new tab has opened up to a lookalike Windows download page "UPDATE WINDOWS NT DRIVERS"   The address keeps changing slightly but it always has playnow & .eu in it. I am on a home network w/ three other comps. they are all getting the same popup. 

 

I have ran:

Esets

Malwarebytes

 

I can't run DDS

 

System is Windows 8.1 pro w/ media center 64 bit (Originally Win. 7) don't have cd

 

TY



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 24 July 2014 - 07:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 GlowingGlitter

GlowingGlitter
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 26 July 2014 - 11:17 PM

MALWAREBYTES

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/26/2014
Scan Time: 7:02:07 PM
Logfile: malware report.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.27.02
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Pam
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327008
Time Elapsed: 25 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.DomaIQ, C:\Users\Pam\Downloads\8F25.tmp, Quarantined, [752c9808c4b7b2845362663a867b3bc5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ADWCLEANER
# AdwCleaner v3.216 - Report created 26/07/2014 at 20:49:12
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : Pam - PAM-PC
# Running from : C:\Users\Pam\Desktop\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AlawarEntertainment
Folder Deleted : C:\Users\Pam\AppData\Roaming\AlawarEntertainment
Folder Deleted : C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : adpkifcfcacgmnggcbpbjbkdijciiigm
 
*************************
 
AdwCleaner[R0].txt - [3161 octets] - [14/07/2014 03:49:06]
AdwCleaner[R1].txt - [1342 octets] - [26/07/2014 20:39:52]
AdwCleaner[S0].txt - [3249 octets] - [14/07/2014 03:58:03]
AdwCleaner[S1].txt - [1273 octets] - [26/07/2014 20:49:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1333 octets] ##########
 
 
FARBAR FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Pam (administrator) on PAM-PC on 26-07-2014 21:08:48
Running from C:\Users\Pam\Desktop\farbar
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1747744730-1917151460-2537227103-1001\...\Run: [SkyDrive] => C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251080 2014-06-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/?ocid=msn_mymsn_msnonwin8_msninproduct_msnonwin8_anklet
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF538B84C800DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Tcpip\Parameters: [DhcpNameServer] 162.243.157.142 107.170.168.61 76.14.96.13
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Pam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: hxxp://www.facebook.com/
CHR StartupUrls: "hxxp://www.facebook.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Pam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-07-13]
CHR Extension: (Photo Zoomer For Facebook) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\addibmjelefaholbfacfnekmojekodaf [2014-04-01]
CHR Extension: (Bejeweled) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-07-14]
CHR Extension: (Duolingo) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2013-09-26]
CHR Extension: (Plain) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpcdipecmmhmhfchegpaflpjkmceiip [2013-02-19]
CHR Extension: (Angry Birds) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-26]
CHR Extension: (Google Docs) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-14]
CHR Extension: (Google Drive) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-14]
CHR Extension: (Spider Solitaire) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcopgabdbdohekgeabpbfhledmdahkpe [2013-11-19]
CHR Extension: (Kleki) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdndldkfimmnnfbagnkjgnemgpjadbag [2013-10-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Fotor Photo Editor) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-04-01]
CHR Extension: (Hidden Objects - House 1) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdeppfcebbaecjpbgjejpdmejgndopo [2013-12-06]
CHR Extension: (YouTube) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-14]
CHR Extension: (Rock Garden Deluxe) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfoofdjpbkongolgoiphlfkapgifppl [2014-02-25]
CHR Extension: (Adblock Plus) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-16]
CHR Extension: (Entanglement) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnpffgfpcohhpoddjankjanolcekbni [2013-12-06]
CHR Extension: (Google Search) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-14]
CHR Extension: (Lara Croft and the Guardian of Light) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfdbmpeeihbpddkneaploeinlbaaodn [2013-07-12]
CHR Extension: (WGT Golf Challenge) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2013-09-26]
CHR Extension: (Bomomo) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln [2013-09-26]
CHR Extension: (Sumo Paint) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2013-12-20]
CHR Extension: (Jewel Quest Deluxe) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2013-09-04]
CHR Extension: (Hex Lines) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgghmnllkjbknbmbndlncbjcokfgkhah [2014-02-25]
CHR Extension: (Voodoo Friends) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmedapekkakaehidplfhmblngkelolaj [2013-09-26]
CHR Extension: (Crush the castle series) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\geblmcokaocbfbjebkabgkpofoagfdbd [2013-12-06]
CHR Extension: (Picadilo) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\geljjpapbfokifgnlnpdbiplebdhlein [2013-11-19]
CHR Extension: (TiltShiftMaker) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2013-11-19]
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2014-02-25]
CHR Extension: (Isoball 3) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-05-30]
CHR Extension: (Pixlr Editor) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2013-09-26]
CHR Extension: (Crazy Shooting) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbhccdddhenjmeamogpjhicnoffdood [2013-09-26]
CHR Extension: (Chalk Painting) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoffilhgdelflmoemaeaoncpbfpoank [2013-11-19]
CHR Extension: (Bubble Shooter) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iocnhlojjlpbgnfmnloobpooiidgoedn [2013-12-06]
CHR Extension: (Blocks) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnglanfhhkanekkdmakmbegnojgpmnm [2013-12-06]
CHR Extension: (Pixlr Touch Up) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2013-11-19]
CHR Extension: (Resident Evil) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelgpfmgciingekkpfaikcjmcomfikgp [2013-09-26]
CHR Extension: (Divvr) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackkieddhpmioebogincgkkcagabhgm [2013-07-12]
CHR Extension: (Evernote Web) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-06-06]
CHR Extension: (Pix: Pixel Mixer) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbjiacdnbellpbhocabghholhnlboibg [2013-12-20]
CHR Extension: (Pic Maker) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcmgcbgahjfokkiniknnafmeoaolkfab [2013-11-19]
CHR Extension: (Artillery Tower Protector) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgcejmkikbadghamaadggncnbfekdik [2014-02-25]
CHR Extension: (Blue Ribbon) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjljnfnkbnkggmenhmhkffjkhhooaoc [2013-12-25]
CHR Extension: (Sprocket Rocket) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe [2013-12-06]
CHR Extension: (Space TV) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkmgodgigjnbfkbobclaaafjmldcdo [2013-11-19]
CHR Extension: (Mahjong) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimcabmfjaeoldnchodmelflfjmgaojh [2014-05-04]
CHR Extension: (deviantART muro) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2013-09-26]
CHR Extension: (Unblock Car 3D) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndaflanlochpiijbgjgofgmnbgmhgkmd [2013-12-06]
CHR Extension: (InspirARTion - Sketch & Draw!) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhbmpilemgmpbdaniehhmodkkppkelec [2013-11-18]
CHR Extension: (Minecraft Demo 2) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhclpjmjiideilnpianakcmnjfaiohol [2013-11-18]
CHR Extension: (Google Wallet) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (My Chrome Theme) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-11-19]
CHR Extension: (Bubble Shooter) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk [2013-12-06]
CHR Extension: (Picasa) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2013-10-19]
CHR Extension: (PhotoFit Me) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpbdnchfplfpdjbckgbmpnddnjdijjk [2014-02-25]
CHR Extension: (Psykopaint) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-11-18]
CHR Extension: (Gmail) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-14]
CHR Extension: (Cargo Bridge 2) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmphjijgcdpmmnfjbemolkdiidinogml [2013-12-06]
CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\Pam\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]
CHR HKLM-x32\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\Pam\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-26 21:08 - 2014-07-26 21:08 - 00000000 ____D () C:\FRST
2014-07-26 21:06 - 2014-07-26 21:08 - 00000000 ____D () C:\Users\Pam\Desktop\farbar
2014-07-26 20:48 - 2014-07-26 20:48 - 00001342 _____ () C:\Users\Pam\Desktop\AdwCleaner[R1].txt
2014-07-26 20:38 - 2014-07-26 20:38 - 01354223 _____ () C:\Users\Pam\Desktop\adwcleaner_3.216.exe
2014-07-26 19:30 - 2014-07-26 19:30 - 00001124 _____ () C:\Users\Pam\Desktop\malware report.txt
2014-07-26 07:24 - 2014-07-26 07:24 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\TikisLab
2014-07-22 17:12 - 2014-07-22 17:12 - 00002210 _____ () C:\Users\Public\Desktop\Play Haunted Hotel - Death Sentence Survey.lnk
2014-07-22 17:12 - 2014-07-22 17:12 - 00001304 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-07-22 17:11 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Haunted Hotel - Death Sentence Survey
2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel - Death Sentence Survey
2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Hotel - Death Sentence Survey
2014-07-19 16:13 - 2014-07-20 08:33 - 00000000 ____D () C:\Users\Pam\Desktop\camera
2014-07-17 22:43 - 2014-07-17 22:43 - 00000907 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumo Draw.lnk
2014-07-17 22:43 - 2014-07-17 22:43 - 00000895 _____ () C:\Users\Public\Desktop\Sumo Draw.lnk
2014-07-17 22:43 - 2014-07-17 22:43 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\com.sumodraw.air
2014-07-17 22:42 - 2014-07-17 22:43 - 00000000 ____D () C:\Program Files (x86)\Sumo Draw
2014-07-17 22:39 - 2014-07-17 22:41 - 38361359 _____ () C:\Users\Pam\Downloads\sumodraw.air
2014-07-17 18:19 - 2014-07-17 18:19 - 00688992 _____ (Swearware) C:\Users\Pam\Downloads\dds.com
2014-07-16 19:40 - 2014-07-16 19:40 - 00002286 _____ () C:\Users\Public\Desktop\Play Mystery of Unicorn Castle - The Beastmaster.lnk
2014-07-16 19:39 - 2014-07-16 19:40 - 00000000 ____D () C:\Program Files (x86)\Mystery of Unicorn Castle - The Beastmaster
2014-07-16 19:39 - 2014-07-16 19:39 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of Unicorn Castle - The Beastmaster
2014-07-16 19:39 - 2014-07-16 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery of Unicorn Castle - The Beastmaster
2014-07-16 19:17 - 2014-07-16 19:17 - 00237568 _____ (Big Fish Games) C:\Users\Pam\Downloads\dead-reckoning-silvermoon-isle-ce_s1_l1_gF7906T1L1_d2334086779.exe
2014-07-16 18:54 - 2014-07-16 19:03 - 00000000 ____D () C:\Users\Pam\Desktop\BigFish
2014-07-16 02:52 - 2014-07-16 02:53 - 688128000 _____ () C:\Users\Pam\Documents\Drive_C.002
2014-07-16 02:52 - 2014-07-16 02:53 - 113414656 _____ () C:\Users\Pam\Documents\Drive_C.003
2014-07-16 02:51 - 2014-07-16 02:53 - 688128000 _____ () C:\Users\Pam\Documents\Drive_C.001
2014-07-16 02:49 - 2014-07-16 02:53 - 688128000 _____ () C:\Users\Pam\Documents\Drive_C.dat
2014-07-16 02:49 - 2014-07-16 02:53 - 01056075 _____ () C:\Users\Pam\Documents\Drive_C.xml
2014-07-15 23:20 - 2014-07-15 23:20 - 00001129 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-07-15 23:20 - 2014-07-15 23:20 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-07-15 23:16 - 2014-07-15 23:16 - 02026456 _____ () C:\Users\Pam\Desktop\dixmlsetup.exe
2014-07-15 21:44 - 2014-07-15 21:44 - 01186944 _____ () C:\Users\Pam\Downloads\jvlsetup (1).exe
2014-07-15 15:07 - 2014-07-15 15:08 - 01186944 _____ () C:\Users\Pam\Downloads\jvlsetup.exe
2014-07-14 05:00 - 2014-07-14 05:00 - 00000977 _____ () C:\Users\Public\Desktop\Games.lnk
2014-07-14 04:58 - 2014-07-14 04:58 - 00001945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2014-07-14 04:58 - 2014-07-14 04:58 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2014-07-14 04:57 - 2014-07-14 04:58 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2014-07-14 04:57 - 2014-07-14 04:57 - 00000000 ____D () C:\ProgramData\Big Fish
2014-07-14 04:56 - 2014-07-23 12:41 - 00000000 ____D () C:\BigFishCache
2014-07-14 04:56 - 2014-07-14 04:56 - 34483264 _____ (Big Fish Games) C:\Users\Pam\Downloads\bfginstaller32_s1_l1.exe
2014-07-14 04:34 - 2014-07-14 04:34 - 00001355 _____ () C:\Users\Pam\Desktop\JRT.txt
2014-07-14 04:30 - 2014-07-14 04:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-14 04:16 - 2014-07-14 04:16 - 01016261 _____ (Thisisu) C:\Users\Pam\Downloads\JRT.exe
2014-07-14 03:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-14 03:48 - 2014-07-26 20:49 - 00000000 ____D () C:\AdwCleaner
2014-07-14 03:46 - 2014-07-14 03:47 - 01348263 _____ () C:\Users\Pam\Downloads\AdwCleaner.exe
2014-07-14 03:43 - 2014-07-14 03:44 - 00002046 _____ () C:\Users\Pam\Desktop\Rkill.txt
2014-07-14 03:42 - 2014-07-14 03:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Pam\Downloads\rkill.exe
2014-07-14 03:38 - 2014-07-14 03:38 - 00854390 _____ () C:\Users\Pam\Downloads\SecurityCheck (1).exe
2014-07-14 03:37 - 2014-07-14 03:37 - 00854390 _____ () C:\Users\Pam\Downloads\SecurityCheck.exe
2014-07-12 05:00 - 2014-07-12 05:00 - 00002154 _____ () C:\Users\Public\Desktop\Play Rite of Passage - Hide and Seek.lnk
2014-07-12 05:00 - 2014-07-12 05:00 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rite of Passage - Hide and Seek
2014-07-12 05:00 - 2014-07-12 05:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rite of Passage - Hide and Seek
2014-07-12 05:00 - 2014-07-12 05:00 - 00000000 ____D () C:\Program Files (x86)\Rite of Passage - Hide and Seek
2014-07-11 14:02 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-11 14:01 - 2014-07-11 14:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-10 19:59 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 19:59 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 19:59 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 19:59 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 19:59 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 19:59 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 19:59 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 19:59 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 19:59 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 19:59 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 19:58 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 19:58 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 19:58 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 19:58 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 19:58 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 19:58 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 19:58 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 19:58 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 19:58 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 19:58 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 19:58 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 19:58 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 19:58 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 19:58 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 19:58 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 19:58 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 19:58 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 19:58 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 19:58 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 19:58 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 19:58 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 19:58 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 19:58 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 19:58 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 19:58 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 19:58 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 19:58 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 19:58 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 19:58 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 19:58 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 19:58 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 19:58 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 19:58 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 19:58 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 19:58 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 19:58 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 19:58 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 19:58 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 19:58 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 19:58 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 19:58 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 19:58 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 19:58 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 19:58 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-05 07:05 - 2014-07-05 07:05 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\LestaStudio
2014-07-03 21:23 - 2014-07-03 21:23 - 00002077 _____ () C:\Users\Public\Desktop\Play Fright Collector's Edition.lnk
2014-07-03 21:20 - 2014-07-03 21:23 - 00000000 ____D () C:\Program Files (x86)\Fright Collector's Edition
2014-07-03 21:20 - 2014-07-03 21:20 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fright Collector's Edition
2014-07-03 21:20 - 2014-07-03 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fright Collector's Edition
2014-07-03 07:19 - 2014-07-03 07:19 - 00002437 _____ () C:\Users\Public\Desktop\Play Hidden Expedition - The Crown of Solomon Collector's Edition.lnk
2014-07-03 07:18 - 2014-07-03 07:19 - 00000000 ____D () C:\Program Files (x86)\Hidden Expedition - The Crown of Solomon Collector's Edition
2014-07-03 07:18 - 2014-07-03 07:18 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - The Crown of Solomon Collector's Edition
2014-07-03 07:18 - 2014-07-03 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - The Crown of Solomon Collector's Edition
2014-06-30 12:33 - 2014-06-30 12:33 - 00000167 _____ () C:\Users\Pam\Desktop\lzncome.txt
2014-06-27 21:30 - 2014-06-27 21:30 - 00617060 _____ () C:\Users\Pam\Desktop\CheckResults.txt
2014-06-27 21:29 - 2014-06-27 21:29 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Pam\Desktop\mbam-check-2.1.0.0002.exe
2014-06-27 21:05 - 2014-07-26 19:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 21:04 - 2014-06-27 21:08 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-27 21:04 - 2014-06-27 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-27 21:04 - 2014-06-27 21:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-27 21:04 - 2014-06-27 21:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 21:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-27 21:04 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-27 21:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-27 20:53 - 2014-06-27 20:54 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Pam\Downloads\mbam-setup.exe
2014-06-27 20:52 - 2014-06-27 20:52 - 00000399 _____ () C:\Users\Pam\Desktop\eset.txt
2014-06-27 19:26 - 2014-06-27 19:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 19:24 - 2014-06-27 19:24 - 02347384 _____ (ESET) C:\Users\Pam\Downloads\esetsmartinstaller_enu.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-26 21:08 - 2014-07-26 21:08 - 00000000 ____D () C:\FRST
2014-07-26 21:08 - 2014-07-26 21:06 - 00000000 ____D () C:\Users\Pam\Desktop\farbar
2014-07-26 21:07 - 2013-02-14 11:42 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1747744730-1917151460-2537227103-1001
2014-07-26 21:02 - 2013-11-19 01:16 - 02070661 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-26 21:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-26 21:02 - 2013-02-14 18:00 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-26 21:02 - 2013-02-14 18:00 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 21:02 - 2013-02-14 14:03 - 00000000 __RDO () C:\Users\Pam\SkyDrive
2014-07-26 20:59 - 2013-02-14 18:00 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 20:51 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-26 20:50 - 2013-09-29 21:03 - 00506938 _____ () C:\WINDOWS\PFRO.log
2014-07-26 20:50 - 2013-08-22 06:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-26 20:49 - 2014-07-14 03:48 - 00000000 ____D () C:\AdwCleaner
2014-07-26 20:48 - 2014-07-26 20:48 - 00001342 _____ () C:\Users\Pam\Desktop\AdwCleaner[R1].txt
2014-07-26 20:40 - 2013-02-21 09:44 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A46EDA98-4CAF-4C9D-96BF-6929489E1E35}
2014-07-26 20:38 - 2014-07-26 20:38 - 01354223 _____ () C:\Users\Pam\Desktop\adwcleaner_3.216.exe
2014-07-26 20:24 - 2013-04-14 04:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-26 19:35 - 2013-03-13 11:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 19:35 - 2013-03-13 11:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 19:30 - 2014-07-26 19:30 - 00001124 _____ () C:\Users\Pam\Desktop\malware report.txt
2014-07-26 19:28 - 2013-09-29 20:55 - 00000000 ____D () C:\WINDOWS\SKB
2014-07-26 19:02 - 2014-06-27 21:05 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 16:14 - 2013-05-21 17:55 - 00000000 ____D () C:\Program Files\My Dell
2014-07-26 16:14 - 2013-02-14 16:29 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-26 15:09 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-26 10:33 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-26 08:22 - 2013-02-14 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-26 08:21 - 2013-02-14 13:01 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-26 07:32 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-26 07:24 - 2014-07-26 07:24 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\TikisLab
2014-07-26 07:23 - 2013-08-22 04:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-07-26 07:23 - 2013-08-22 04:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-07-26 07:23 - 2013-08-22 04:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-07-26 07:23 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-07-26 07:23 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-07-26 07:23 - 2013-08-21 21:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-07-26 07:23 - 2013-08-21 20:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-07-26 07:23 - 2013-08-21 20:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-07-26 07:23 - 2013-08-21 20:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-07-26 07:23 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-07-26 07:23 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-07-26 07:22 - 2013-08-21 21:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-07-26 07:22 - 2013-08-21 20:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-07-26 07:22 - 2013-08-21 20:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-07-24 09:37 - 2013-03-13 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 12:41 - 2014-07-14 04:56 - 00000000 ____D () C:\BigFishCache
2014-07-23 00:04 - 2013-02-21 04:06 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Elephant Games
2014-07-22 17:13 - 2014-07-22 17:11 - 00000000 ____D () C:\Program Files (x86)\Haunted Hotel - Death Sentence Survey
2014-07-22 17:12 - 2014-07-22 17:12 - 00002210 _____ () C:\Users\Public\Desktop\Play Haunted Hotel - Death Sentence Survey.lnk
2014-07-22 17:12 - 2014-07-22 17:12 - 00001304 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel - Death Sentence Survey
2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Hotel - Death Sentence Survey
2014-07-20 08:33 - 2014-07-19 16:13 - 00000000 ____D () C:\Users\Pam\Desktop\camera
2014-07-19 07:59 - 2013-03-03 20:49 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Eipix
2014-07-18 23:38 - 2013-02-14 13:44 - 00007618 _____ () C:\Users\Pam\AppData\Local\resmon.resmoncfg
2014-07-17 22:43 - 2014-07-17 22:43 - 00000907 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumo Draw.lnk
2014-07-17 22:43 - 2014-07-17 22:43 - 00000895 _____ () C:\Users\Public\Desktop\Sumo Draw.lnk
2014-07-17 22:43 - 2014-07-17 22:43 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\com.sumodraw.air
2014-07-17 22:43 - 2014-07-17 22:42 - 00000000 ____D () C:\Program Files (x86)\Sumo Draw
2014-07-17 22:41 - 2014-07-17 22:39 - 38361359 _____ () C:\Users\Pam\Downloads\sumodraw.air
2014-07-17 18:19 - 2014-07-17 18:19 - 00688992 _____ (Swearware) C:\Users\Pam\Downloads\dds.com
2014-07-16 19:40 - 2014-07-16 19:40 - 00002286 _____ () C:\Users\Public\Desktop\Play Mystery of Unicorn Castle - The Beastmaster.lnk
2014-07-16 19:40 - 2014-07-16 19:39 - 00000000 ____D () C:\Program Files (x86)\Mystery of Unicorn Castle - The Beastmaster
2014-07-16 19:39 - 2014-07-16 19:39 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of Unicorn Castle - The Beastmaster
2014-07-16 19:39 - 2014-07-16 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery of Unicorn Castle - The Beastmaster
2014-07-16 19:17 - 2014-07-16 19:17 - 00237568 _____ (Big Fish Games) C:\Users\Pam\Downloads\dead-reckoning-silvermoon-isle-ce_s1_l1_gF7906T1L1_d2334086779.exe
2014-07-16 19:03 - 2014-07-16 18:54 - 00000000 ____D () C:\Users\Pam\Desktop\BigFish
2014-07-16 02:53 - 2014-07-16 02:52 - 688128000 _____ () C:\Users\Pam\Documents\Drive_C.002
2014-07-16 02:53 - 2014-07-16 02:52 - 113414656 _____ () C:\Users\Pam\Documents\Drive_C.003
2014-07-16 02:53 - 2014-07-16 02:51 - 688128000 _____ () C:\Users\Pam\Documents\Drive_C.001
2014-07-16 02:53 - 2014-07-16 02:49 - 688128000 _____ () C:\Users\Pam\Documents\Drive_C.dat
2014-07-16 02:53 - 2014-07-16 02:49 - 01056075 _____ () C:\Users\Pam\Documents\Drive_C.xml
2014-07-15 23:20 - 2014-07-15 23:20 - 00001129 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-07-15 23:20 - 2014-07-15 23:20 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-07-15 23:20 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-15 23:16 - 2014-07-15 23:16 - 02026456 _____ () C:\Users\Pam\Desktop\dixmlsetup.exe
2014-07-15 21:44 - 2014-07-15 21:44 - 01186944 _____ () C:\Users\Pam\Downloads\jvlsetup (1).exe
2014-07-15 19:03 - 2013-02-14 16:27 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\PCDr
2014-07-15 15:08 - 2014-07-15 15:07 - 01186944 _____ () C:\Users\Pam\Downloads\jvlsetup.exe
2014-07-14 05:04 - 2013-09-29 21:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-14 05:00 - 2014-07-14 05:00 - 00000977 _____ () C:\Users\Public\Desktop\Games.lnk
2014-07-14 04:58 - 2014-07-14 04:58 - 00001945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2014-07-14 04:58 - 2014-07-14 04:58 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2014-07-14 04:58 - 2014-07-14 04:57 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2014-07-14 04:57 - 2014-07-14 04:57 - 00000000 ____D () C:\ProgramData\Big Fish
2014-07-14 04:56 - 2014-07-14 04:56 - 34483264 _____ (Big Fish Games) C:\Users\Pam\Downloads\bfginstaller32_s1_l1.exe
2014-07-14 04:34 - 2014-07-14 04:34 - 00001355 _____ () C:\Users\Pam\Desktop\JRT.txt
2014-07-14 04:30 - 2014-07-14 04:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-14 04:16 - 2014-07-14 04:16 - 01016261 _____ (Thisisu) C:\Users\Pam\Downloads\JRT.exe
2014-07-14 04:04 - 2013-08-22 07:44 - 00416096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-14 04:01 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-14 04:01 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 04:01 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 04:01 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-14 03:47 - 2014-07-14 03:46 - 01348263 _____ () C:\Users\Pam\Downloads\AdwCleaner.exe
2014-07-14 03:44 - 2014-07-14 03:43 - 00002046 _____ () C:\Users\Pam\Desktop\Rkill.txt
2014-07-14 03:42 - 2014-07-14 03:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Pam\Downloads\rkill.exe
2014-07-14 03:38 - 2014-07-14 03:38 - 00854390 _____ () C:\Users\Pam\Downloads\SecurityCheck (1).exe
2014-07-14 03:37 - 2014-07-14 03:37 - 00854390 _____ () C:\Users\Pam\Downloads\SecurityCheck.exe
2014-07-12 05:00 - 2014-07-12 05:00 - 00002154 _____ () C:\Users\Public\Desktop\Play Rite of Passage - Hide and Seek.lnk
2014-07-12 05:00 - 2014-07-12 05:00 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rite of Passage - Hide and Seek
2014-07-12 05:00 - 2014-07-12 05:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rite of Passage - Hide and Seek
2014-07-12 05:00 - 2014-07-12 05:00 - 00000000 ____D () C:\Program Files (x86)\Rite of Passage - Hide and Seek
2014-07-11 14:05 - 2013-07-27 08:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-11 14:05 - 2013-02-22 00:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-11 14:04 - 2013-02-14 15:40 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-11 14:01 - 2014-07-11 14:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-11 14:01 - 2013-09-29 20:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 20:24 - 2013-04-14 04:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-10 20:14 - 2013-11-19 00:53 - 00000000 ____D () C:\Users\Pam
2014-07-10 19:41 - 2013-11-19 00:53 - 00000000 ____D () C:\Users\Administrator
2014-07-10 19:40 - 2013-09-29 20:55 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-07-10 19:40 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-07-10 19:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-07-10 19:40 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-07-10 19:40 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-07-10 19:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-10 19:39 - 2013-02-14 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 19:26 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\registration
2014-07-08 13:32 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-06 05:07 - 2013-03-08 08:38 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\ERS Game Studios
2014-07-05 07:05 - 2014-07-05 07:05 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\LestaStudio
2014-07-03 21:23 - 2014-07-03 21:23 - 00002077 _____ () C:\Users\Public\Desktop\Play Fright Collector's Edition.lnk
2014-07-03 21:23 - 2014-07-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Fright Collector's Edition
2014-07-03 21:20 - 2014-07-03 21:20 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fright Collector's Edition
2014-07-03 21:20 - 2014-07-03 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fright Collector's Edition
2014-07-03 07:19 - 2014-07-03 07:19 - 00002437 _____ () C:\Users\Public\Desktop\Play Hidden Expedition - The Crown of Solomon Collector's Edition.lnk
2014-07-03 07:19 - 2014-07-03 07:18 - 00000000 ____D () C:\Program Files (x86)\Hidden Expedition - The Crown of Solomon Collector's Edition
2014-07-03 07:18 - 2014-07-03 07:18 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - The Crown of Solomon Collector's Edition
2014-07-03 07:18 - 2014-07-03 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - The Crown of Solomon Collector's Edition
2014-06-30 12:33 - 2014-06-30 12:33 - 00000167 _____ () C:\Users\Pam\Desktop\lzncome.txt
2014-06-30 09:08 - 2013-03-25 09:21 - 00000000 ____D () C:\Users\Pam\AppData\Roaming\Blue Tea Games
2014-06-27 21:30 - 2014-06-27 21:30 - 00617060 _____ () C:\Users\Pam\Desktop\CheckResults.txt
2014-06-27 21:29 - 2014-06-27 21:29 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Pam\Desktop\mbam-check-2.1.0.0002.exe
2014-06-27 21:08 - 2014-06-27 21:04 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-27 21:08 - 2014-06-27 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-27 21:08 - 2014-06-27 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-27 21:04 - 2014-06-27 21:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 20:54 - 2014-06-27 20:53 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Pam\Downloads\mbam-setup.exe
2014-06-27 20:52 - 2014-06-27 20:52 - 00000399 _____ () C:\Users\Pam\Desktop\eset.txt
2014-06-27 19:26 - 2014-06-27 19:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 19:24 - 2014-06-27 19:24 - 02347384 _____ (ESET) C:\Users\Pam\Downloads\esetsmartinstaller_enu.exe
2014-06-26 13:55 - 2013-08-22 08:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 13:55 - 2013-08-22 08:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Pam\AppData\Local\Temp\bfguni.exe
C:\Users\Pam\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-26 07:07
 
==================== End Of Log ============================
 
FARBAR ADDITION
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Pam at 2014-07-26 21:10:08
Running from C:\Users\Pam\Desktop\farbar
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fright Collector's Edition (HKLM-x32\...\BFG-Fright Collector's Edition) (Version:  - )
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haunted Hotel: Death Sentence Survey (HKLM-x32\...\BFG-Haunted Hotel - Death Sentence Survey) (Version:  - )
Hidden Expedition: The Crown of Solomon Collector's Edition (HKLM-x32\...\BFG-Hidden Expedition - The Crown of Solomon Collector's Edition) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Mystery of Unicorn Castle: The Beastmaster (HKLM-x32\...\BFG-Mystery of Unicorn Castle - The Beastmaster) (Version:  - )
Nancy Drew: The Deadly Device (HKLM-x32\...\BFG-Nancy Drew - The Deadly Device) (Version:  - )
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
Octodad (HKLM-x32\...\Octodad) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Particle Fire 2 (HKLM-x32\...\Particle Fire 2) (Version:  - )
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}) (Version: 1.3.10 - Microsoft Corporation)
Rite of Passage: Hide and Seek (HKLM-x32\...\BFG-Rite of Passage - Hide and Seek) (Version:  - )
Rooms: The Main Building (HKLM-x32\...\BFG-Rooms - The Main Building) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sumo Draw (HKLM-x32\...\com.sumodraw.air) (Version: 4.9 - UNKNOWN)
Sumo Draw (x32 Version: 4.9 - UNKNOWN) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tales of Terror: House on the Hill (HKLM-x32\...\BFG-Tales of Terror - House on the Hill) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft en-us Dictionary (Version: 16.1.1026.1 - Microsoft Corporation) Hidden
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1747744730-1917151460-2537227103-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
17-07-2014 01:38:29 Removed Sumopaint Pro
24-07-2014 15:14:30 Windows Update
26-07-2014 14:22:29 Windows Modules Installer
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00D0380C-C4CC-4822-962D-4150CFBD0B4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2BDCBEC4-5AD3-4D94-B07F-35BF175C760C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DD8A791-7B11-47E4-8A1A-541848EA1A0C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E36B1A2-9A9B-44B7-8B3F-0B38F8E863BF} - System32\Tasks\Test TimeTrigger => C:\Users\Pam\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {752165D6-8645-47B8-AE7C-90FAB8ADB20C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {76621C27-DD9E-4F88-869D-AF4284AB742F} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {77E1AF5C-1795-43A6-9DD1-E50631D8CF2D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AD62A00-F3C8-459F-ADC5-13BC5B95BE82} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {97FAACB1-511E-4112-81E5-839ACD52ED34} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9EFD03FA-C5A9-4076-B6A9-E32167103BE8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A99216BE-6BEE-4334-BE16-8E32A5270FDE} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {B0C2AA51-0DFE-4B22-A92D-3F632FC7F5E0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {BBF13A08-6CA3-4DA2-9CDF-DF52D3DFC256} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {BF307C37-5BE5-4164-8E08-37B496CD2D3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D71988F3-19A6-4C20-95C9-C2CAE4394F55} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1747744730-1917151460-2537227103-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E8B074C4-FD5B-4FCB-B653-53050C168B6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {EBA62A76-8BA8-4D61-AB6D-1B7675BB4A94} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-18 11:00 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 11:00 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 11:01 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 11:01 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 11:00 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:02F30776
AlternateDataStreams: C:\ProgramData\TEMP:02FFE068
AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C
AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8
AlternateDataStreams: C:\ProgramData\TEMP:08767DE0
AlternateDataStreams: C:\ProgramData\TEMP:087CB364
AlternateDataStreams: C:\ProgramData\TEMP:099BA123
AlternateDataStreams: C:\ProgramData\TEMP:09AEED56
AlternateDataStreams: C:\ProgramData\TEMP:0AC0213C
AlternateDataStreams: C:\ProgramData\TEMP:0AD90625
AlternateDataStreams: C:\ProgramData\TEMP:0B9DC6BB
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:0C9E06A2
AlternateDataStreams: C:\ProgramData\TEMP:0E10B960
AlternateDataStreams: C:\ProgramData\TEMP:104A1C3E
AlternateDataStreams: C:\ProgramData\TEMP:10DB9BB7
AlternateDataStreams: C:\ProgramData\TEMP:11C7FAE3
AlternateDataStreams: C:\ProgramData\TEMP:120E44A4
AlternateDataStreams: C:\ProgramData\TEMP:128B55C8
AlternateDataStreams: C:\ProgramData\TEMP:12D136AA
AlternateDataStreams: C:\ProgramData\TEMP:1309637A
AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD
AlternateDataStreams: C:\ProgramData\TEMP:14A1BBE3
AlternateDataStreams: C:\ProgramData\TEMP:15734396
AlternateDataStreams: C:\ProgramData\TEMP:18B241CC
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:19F8EB29
AlternateDataStreams: C:\ProgramData\TEMP:1A259A13
AlternateDataStreams: C:\ProgramData\TEMP:1BC4E1C1
AlternateDataStreams: C:\ProgramData\TEMP:1D759F5E
AlternateDataStreams: C:\ProgramData\TEMP:1DB77A89
AlternateDataStreams: C:\ProgramData\TEMP:1EADCBDE
AlternateDataStreams: C:\ProgramData\TEMP:1EC13383
AlternateDataStreams: C:\ProgramData\TEMP:20ABE827
AlternateDataStreams: C:\ProgramData\TEMP:220E9B9E
AlternateDataStreams: C:\ProgramData\TEMP:236FF5C6
AlternateDataStreams: C:\ProgramData\TEMP:27A88EF2
AlternateDataStreams: C:\ProgramData\TEMP:29EA7E22
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2C4F33F6
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2F1D743F
AlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6
AlternateDataStreams: C:\ProgramData\TEMP:2F947175
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:3480F458
AlternateDataStreams: C:\ProgramData\TEMP:35501BA4
AlternateDataStreams: C:\ProgramData\TEMP:366EFA1A
AlternateDataStreams: C:\ProgramData\TEMP:36ED5C45
AlternateDataStreams: C:\ProgramData\TEMP:38534D53
AlternateDataStreams: C:\ProgramData\TEMP:398D2775
AlternateDataStreams: C:\ProgramData\TEMP:3A133158
AlternateDataStreams: C:\ProgramData\TEMP:3A28C54D
AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E
AlternateDataStreams: C:\ProgramData\TEMP:3B71586E
AlternateDataStreams: C:\ProgramData\TEMP:3BDF57F4
AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:3F266659
AlternateDataStreams: C:\ProgramData\TEMP:406E0034
AlternateDataStreams: C:\ProgramData\TEMP:417C2BC3
AlternateDataStreams: C:\ProgramData\TEMP:454191C8
AlternateDataStreams: C:\ProgramData\TEMP:45A64DE6
AlternateDataStreams: C:\ProgramData\TEMP:4762F1D2
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:48977386
AlternateDataStreams: C:\ProgramData\TEMP:489EA5E5
AlternateDataStreams: C:\ProgramData\TEMP:494E4266
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7
AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB
AlternateDataStreams: C:\ProgramData\TEMP:4F49DA66
AlternateDataStreams: C:\ProgramData\TEMP:5008417E
AlternateDataStreams: C:\ProgramData\TEMP:506698B2
AlternateDataStreams: C:\ProgramData\TEMP:50868536
AlternateDataStreams: C:\ProgramData\TEMP:5164A01F
AlternateDataStreams: C:\ProgramData\TEMP:5520ED93
AlternateDataStreams: C:\ProgramData\TEMP:5559517D
AlternateDataStreams: C:\ProgramData\TEMP:567A1FC4
AlternateDataStreams: C:\ProgramData\TEMP:5819B64E
AlternateDataStreams: C:\ProgramData\TEMP:58447932
AlternateDataStreams: C:\ProgramData\TEMP:587F3582
AlternateDataStreams: C:\ProgramData\TEMP:58B3FE52
AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5
AlternateDataStreams: C:\ProgramData\TEMP:5AF26A5B
AlternateDataStreams: C:\ProgramData\TEMP:5C3637D2
AlternateDataStreams: C:\ProgramData\TEMP:5C42F64A
AlternateDataStreams: C:\ProgramData\TEMP:5C717402
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2
AlternateDataStreams: C:\ProgramData\TEMP:5FD6C9E1
AlternateDataStreams: C:\ProgramData\TEMP:607A99D7
AlternateDataStreams: C:\ProgramData\TEMP:641A21EA
AlternateDataStreams: C:\ProgramData\TEMP:64E05835
AlternateDataStreams: C:\ProgramData\TEMP:65484F45
AlternateDataStreams: C:\ProgramData\TEMP:669AB5E1
AlternateDataStreams: C:\ProgramData\TEMP:66C764F5
AlternateDataStreams: C:\ProgramData\TEMP:66F7E5A9
AlternateDataStreams: C:\ProgramData\TEMP:67E674B0
AlternateDataStreams: C:\ProgramData\TEMP:699EFEED
AlternateDataStreams: C:\ProgramData\TEMP:69F562A6
AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4
AlternateDataStreams: C:\ProgramData\TEMP:6C15BEAD
AlternateDataStreams: C:\ProgramData\TEMP:6F39FFF1
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5
AlternateDataStreams: C:\ProgramData\TEMP:747457CF
AlternateDataStreams: C:\ProgramData\TEMP:77B64C59
AlternateDataStreams: C:\ProgramData\TEMP:79A7F369
AlternateDataStreams: C:\ProgramData\TEMP:7C27C41C
AlternateDataStreams: C:\ProgramData\TEMP:7C8AA9A6
AlternateDataStreams: C:\ProgramData\TEMP:7E802BFF
AlternateDataStreams: C:\ProgramData\TEMP:7F4D8125
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA
AlternateDataStreams: C:\ProgramData\TEMP:865F21BF
AlternateDataStreams: C:\ProgramData\TEMP:871526BA
AlternateDataStreams: C:\ProgramData\TEMP:88C5973F
AlternateDataStreams: C:\ProgramData\TEMP:8A620099
AlternateDataStreams: C:\ProgramData\TEMP:8CEC3A68
AlternateDataStreams: C:\ProgramData\TEMP:8D565A9B
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137
AlternateDataStreams: C:\ProgramData\TEMP:8EBAFFA8
AlternateDataStreams: C:\ProgramData\TEMP:8F1B55BE
AlternateDataStreams: C:\ProgramData\TEMP:8F6B75BF
AlternateDataStreams: C:\ProgramData\TEMP:90C320E1
AlternateDataStreams: C:\ProgramData\TEMP:918A387B
AlternateDataStreams: C:\ProgramData\TEMP:9254F782
AlternateDataStreams: C:\ProgramData\TEMP:92BD9737
AlternateDataStreams: C:\ProgramData\TEMP:92CA7E75
AlternateDataStreams: C:\ProgramData\TEMP:93E63CFB
AlternateDataStreams: C:\ProgramData\TEMP:94A31742
AlternateDataStreams: C:\ProgramData\TEMP:94B25DF5
AlternateDataStreams: C:\ProgramData\TEMP:95BC5FB8
AlternateDataStreams: C:\ProgramData\TEMP:968F624D
AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
AlternateDataStreams: C:\ProgramData\TEMP:97427454
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:991283D0
AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675
AlternateDataStreams: C:\ProgramData\TEMP:9FC58CBB
AlternateDataStreams: C:\ProgramData\TEMP:A015B193
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A391510C
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C
AlternateDataStreams: C:\ProgramData\TEMP:A52D07E2
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
AlternateDataStreams: C:\ProgramData\TEMP:A6F30843
AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
AlternateDataStreams: C:\ProgramData\TEMP:A9562832
AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D
AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AD179392
AlternateDataStreams: C:\ProgramData\TEMP:AE324BE5
AlternateDataStreams: C:\ProgramData\TEMP:AEC59117
AlternateDataStreams: C:\ProgramData\TEMP:AF2F9D4A
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:AFB89C92
AlternateDataStreams: C:\ProgramData\TEMP:AFC732F7
AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69
AlternateDataStreams: C:\ProgramData\TEMP:B2DC8D6B
AlternateDataStreams: C:\ProgramData\TEMP:B602AC45
AlternateDataStreams: C:\ProgramData\TEMP:B69CF390
AlternateDataStreams: C:\ProgramData\TEMP:B6D84F71
AlternateDataStreams: C:\ProgramData\TEMP:B74BD6BF
AlternateDataStreams: C:\ProgramData\TEMP:B7957D59
AlternateDataStreams: C:\ProgramData\TEMP:B7B127A5
AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4
AlternateDataStreams: C:\ProgramData\TEMP:BBC9C1EB
AlternateDataStreams: C:\ProgramData\TEMP:BD50071F
AlternateDataStreams: C:\ProgramData\TEMP:BD84F7D6
AlternateDataStreams: C:\ProgramData\TEMP:BECA50FF
AlternateDataStreams: C:\ProgramData\TEMP:BF1E0621
AlternateDataStreams: C:\ProgramData\TEMP:BF6C4AAC
AlternateDataStreams: C:\ProgramData\TEMP:C0D23A2F
AlternateDataStreams: C:\ProgramData\TEMP:C1D3D9A3
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C2A47725
AlternateDataStreams: C:\ProgramData\TEMP:C3899C0B
AlternateDataStreams: C:\ProgramData\TEMP:C3E7F2E9
AlternateDataStreams: C:\ProgramData\TEMP:C55217E2
AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1
AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C
AlternateDataStreams: C:\ProgramData\TEMP:C89D1773
AlternateDataStreams: C:\ProgramData\TEMP:CB5AA1E6
AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D
AlternateDataStreams: C:\ProgramData\TEMP:CCD8056E
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D276CDF4
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D4F5419A
AlternateDataStreams: C:\ProgramData\TEMP:D8F64D5A
AlternateDataStreams: C:\ProgramData\TEMP:DBD787A7
AlternateDataStreams: C:\ProgramData\TEMP:DC8E5CD4
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:DFDBC05C
AlternateDataStreams: C:\ProgramData\TEMP:E03D9F40
AlternateDataStreams: C:\ProgramData\TEMP:E1520A02
AlternateDataStreams: C:\ProgramData\TEMP:E4272706
AlternateDataStreams: C:\ProgramData\TEMP:E4996D81
AlternateDataStreams: C:\ProgramData\TEMP:E4FD113F
AlternateDataStreams: C:\ProgramData\TEMP:E517FE76
AlternateDataStreams: C:\ProgramData\TEMP:E5496666
AlternateDataStreams: C:\ProgramData\TEMP:E5AF754F
AlternateDataStreams: C:\ProgramData\TEMP:E732B44B
AlternateDataStreams: C:\ProgramData\TEMP:E8074E20
AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
AlternateDataStreams: C:\ProgramData\TEMP:E8B61305
AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047
AlternateDataStreams: C:\ProgramData\TEMP:EDB03249
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C
AlternateDataStreams: C:\ProgramData\TEMP:EF0BD3A1
AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33
AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
AlternateDataStreams: C:\ProgramData\TEMP:F49868C8
AlternateDataStreams: C:\ProgramData\TEMP:F4BF61E8
AlternateDataStreams: C:\ProgramData\TEMP:F5082CD2
AlternateDataStreams: C:\ProgramData\TEMP:F816645E
AlternateDataStreams: C:\ProgramData\TEMP:F83E8359
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\ProgramData\TEMP:FF717A18
AlternateDataStreams: C:\Users\Pam\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/26/2014 09:02:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x824
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5
 
Error: (07/26/2014 08:32:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/26/2014 07:36:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0xde8
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5
 
Error: (07/26/2014 05:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x42e8
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5
 
Error: (07/26/2014 10:19:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/26/2014 10:18:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/26/2014 10:14:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/26/2014 10:13:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/26/2014 09:51:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/26/2014 09:50:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
 
System errors:
=============
Error: (07/24/2014 10:07:08 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR6.
 
Error: (07/19/2014 02:28:35 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.
 
Error: (07/17/2014 08:19:04 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (07/16/2014 07:41:47 PM) (Source: DCOM) (EventID: 10010) (User: PAM-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (07/16/2014 07:41:17 PM) (Source: DCOM) (EventID: 10010) (User: PAM-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (07/16/2014 07:25:28 PM) (Source: DCOM) (EventID: 10010) (User: PAM-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (07/16/2014 07:24:57 PM) (Source: DCOM) (EventID: 10010) (User: PAM-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (07/16/2014 07:06:17 PM) (Source: DCOM) (EventID: 10010) (User: PAM-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (07/16/2014 07:05:47 PM) (Source: DCOM) (EventID: 10010) (User: PAM-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (07/16/2014 07:05:17 PM) (Source: DCOM) (EventID: 10010) (User: PAM-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (07/26/2014 09:02:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342582401cfa94f99460513C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlld84af325-1542-11e4-bea9-bc773765df3c
 
Error: (07/26/2014 08:32:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Pam\Downloads\esetsmartinstaller_enu.exe
 
Error: (07/26/2014 07:36:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425de801cfa9439ec62557C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlldf17d4cc-1536-11e4-bea8-bc773765df3c
 
Error: (07/26/2014 05:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342542e801cfa932c5d69960C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll052f8662-1526-11e4-bea7-bc773765df3c
 
Error: (07/26/2014 10:19:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (07/26/2014 10:18:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (07/26/2014 10:14:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (07/26/2014 10:13:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (07/26/2014 09:51:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (07/26/2014 09:50:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-26 10:31:39.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:38.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:38.888
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:38.669
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:38.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:38.497
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:37.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:37.653
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:37.560
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-26 10:31:37.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 3990.16 MB
Available physical RAM: 2677.27 MB
Total Pagefile: 4694.16 MB
Available Pagefile: 3313.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:393.5 GB) NTFS
Drive h: (HD-PCFU3) (Fixed) (Total:465.76 GB) (Free:269.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 948E19D8)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 27 July 2014 - 08:03 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\Pam\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]
CHR HKLM-x32\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\Pam\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#7 GlowingGlitter

GlowingGlitter
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 28 July 2014 - 04:37 AM

when I restart I am getting a msg saying "onedrive has quit working"

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Pam at 2014-07-28 02:27:23 Run:1
Running from C:\Users\Pam\Desktop\farbar
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 ->
{BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\Pam\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]
CHR HKLM-x32\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\Pam\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-13]
 
End
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32:  SkyDrive3 ->" => Key not found.
"HKCR\Wow6432Node\CLSID\ShellIconOverlayIdentifiers-x32:  SkyDrive3 ->" => Key not found.
{BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb" => Key deleted successfully.
C:\Users\Pam\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb" => Key deleted successfully.
"C:\Users\Pam\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx" => File/Directory not found.
 
==== End of Fixlog ====


#8 GlowingGlitter

GlowingGlitter
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 28 July 2014 - 04:41 AM

now a new tab opens from adfoc.us



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 28 July 2014 - 07:46 AM

when I restart I am getting a msg saying "onedrive has quit working"


Nothing was removed concerning onedrive.

Has this task been modified?
Task: {D71988F3-19A6-4C20-95C9-C2CAE4394F55} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1747744730-1917151460-2537227103-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Can you create a new one?
Or possibly reinstall the application.
===

I missed the removal of these Alternate Data Streams.
Please run this fix.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:02F30776
AlternateDataStreams: C:\ProgramData\TEMP:02FFE068
AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C
AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8
AlternateDataStreams: C:\ProgramData\TEMP:08767DE0
AlternateDataStreams: C:\ProgramData\TEMP:087CB364
AlternateDataStreams: C:\ProgramData\TEMP:099BA123
AlternateDataStreams: C:\ProgramData\TEMP:09AEED56
AlternateDataStreams: C:\ProgramData\TEMP:0AC0213C
AlternateDataStreams: C:\ProgramData\TEMP:0AD90625
AlternateDataStreams: C:\ProgramData\TEMP:0B9DC6BB
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:0C9E06A2
AlternateDataStreams: C:\ProgramData\TEMP:0E10B960
AlternateDataStreams: C:\ProgramData\TEMP:104A1C3E
AlternateDataStreams: C:\ProgramData\TEMP:10DB9BB7
AlternateDataStreams: C:\ProgramData\TEMP:11C7FAE3
AlternateDataStreams: C:\ProgramData\TEMP:120E44A4
AlternateDataStreams: C:\ProgramData\TEMP:128B55C8
AlternateDataStreams: C:\ProgramData\TEMP:12D136AA
AlternateDataStreams: C:\ProgramData\TEMP:1309637A
AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD
AlternateDataStreams: C:\ProgramData\TEMP:14A1BBE3
AlternateDataStreams: C:\ProgramData\TEMP:15734396
AlternateDataStreams: C:\ProgramData\TEMP:18B241CC
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:19F8EB29
AlternateDataStreams: C:\ProgramData\TEMP:1A259A13
AlternateDataStreams: C:\ProgramData\TEMP:1BC4E1C1
AlternateDataStreams: C:\ProgramData\TEMP:1D759F5E
AlternateDataStreams: C:\ProgramData\TEMP:1DB77A89
AlternateDataStreams: C:\ProgramData\TEMP:1EADCBDE
AlternateDataStreams: C:\ProgramData\TEMP:1EC13383
AlternateDataStreams: C:\ProgramData\TEMP:20ABE827
AlternateDataStreams: C:\ProgramData\TEMP:220E9B9E
AlternateDataStreams: C:\ProgramData\TEMP:236FF5C6
AlternateDataStreams: C:\ProgramData\TEMP:27A88EF2
AlternateDataStreams: C:\ProgramData\TEMP:29EA7E22
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2C4F33F6
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2F1D743F
AlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6
AlternateDataStreams: C:\ProgramData\TEMP:2F947175
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:3480F458
AlternateDataStreams: C:\ProgramData\TEMP:35501BA4
AlternateDataStreams: C:\ProgramData\TEMP:366EFA1A
AlternateDataStreams: C:\ProgramData\TEMP:36ED5C45
AlternateDataStreams: C:\ProgramData\TEMP:38534D53
AlternateDataStreams: C:\ProgramData\TEMP:398D2775
AlternateDataStreams: C:\ProgramData\TEMP:3A133158
AlternateDataStreams: C:\ProgramData\TEMP:3A28C54D
AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E
AlternateDataStreams: C:\ProgramData\TEMP:3B71586E
AlternateDataStreams: C:\ProgramData\TEMP:3BDF57F4
AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:3F266659
AlternateDataStreams: C:\ProgramData\TEMP:406E0034
AlternateDataStreams: C:\ProgramData\TEMP:417C2BC3
AlternateDataStreams: C:\ProgramData\TEMP:454191C8
AlternateDataStreams: C:\ProgramData\TEMP:45A64DE6
AlternateDataStreams: C:\ProgramData\TEMP:4762F1D2
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:48977386
AlternateDataStreams: C:\ProgramData\TEMP:489EA5E5
AlternateDataStreams: C:\ProgramData\TEMP:494E4266
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7
AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB
AlternateDataStreams: C:\ProgramData\TEMP:4F49DA66
AlternateDataStreams: C:\ProgramData\TEMP:5008417E
AlternateDataStreams: C:\ProgramData\TEMP:506698B2
AlternateDataStreams: C:\ProgramData\TEMP:50868536
AlternateDataStreams: C:\ProgramData\TEMP:5164A01F
AlternateDataStreams: C:\ProgramData\TEMP:5520ED93
AlternateDataStreams: C:\ProgramData\TEMP:5559517D
AlternateDataStreams: C:\ProgramData\TEMP:567A1FC4
AlternateDataStreams: C:\ProgramData\TEMP:5819B64E
AlternateDataStreams: C:\ProgramData\TEMP:58447932
AlternateDataStreams: C:\ProgramData\TEMP:587F3582
AlternateDataStreams: C:\ProgramData\TEMP:58B3FE52
AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5
AlternateDataStreams: C:\ProgramData\TEMP:5AF26A5B
AlternateDataStreams: C:\ProgramData\TEMP:5C3637D2
AlternateDataStreams: C:\ProgramData\TEMP:5C42F64A
AlternateDataStreams: C:\ProgramData\TEMP:5C717402
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2
AlternateDataStreams: C:\ProgramData\TEMP:5FD6C9E1
AlternateDataStreams: C:\ProgramData\TEMP:607A99D7
AlternateDataStreams: C:\ProgramData\TEMP:641A21EA
AlternateDataStreams: C:\ProgramData\TEMP:64E05835
AlternateDataStreams: C:\ProgramData\TEMP:65484F45
AlternateDataStreams: C:\ProgramData\TEMP:669AB5E1
AlternateDataStreams: C:\ProgramData\TEMP:66C764F5
AlternateDataStreams: C:\ProgramData\TEMP:66F7E5A9
AlternateDataStreams: C:\ProgramData\TEMP:67E674B0
AlternateDataStreams: C:\ProgramData\TEMP:699EFEED
AlternateDataStreams: C:\ProgramData\TEMP:69F562A6
AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4
AlternateDataStreams: C:\ProgramData\TEMP:6C15BEAD
AlternateDataStreams: C:\ProgramData\TEMP:6F39FFF1
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5
AlternateDataStreams: C:\ProgramData\TEMP:747457CF
AlternateDataStreams: C:\ProgramData\TEMP:77B64C59
AlternateDataStreams: C:\ProgramData\TEMP:79A7F369
AlternateDataStreams: C:\ProgramData\TEMP:7C27C41C
AlternateDataStreams: C:\ProgramData\TEMP:7C8AA9A6
AlternateDataStreams: C:\ProgramData\TEMP:7E802BFF
AlternateDataStreams: C:\ProgramData\TEMP:7F4D8125
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA
AlternateDataStreams: C:\ProgramData\TEMP:865F21BF
AlternateDataStreams: C:\ProgramData\TEMP:871526BA
AlternateDataStreams: C:\ProgramData\TEMP:88C5973F
AlternateDataStreams: C:\ProgramData\TEMP:8A620099
AlternateDataStreams: C:\ProgramData\TEMP:8CEC3A68
AlternateDataStreams: C:\ProgramData\TEMP:8D565A9B
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137
AlternateDataStreams: C:\ProgramData\TEMP:8EBAFFA8
AlternateDataStreams: C:\ProgramData\TEMP:8F1B55BE
AlternateDataStreams: C:\ProgramData\TEMP:8F6B75BF
AlternateDataStreams: C:\ProgramData\TEMP:90C320E1
AlternateDataStreams: C:\ProgramData\TEMP:918A387B
AlternateDataStreams: C:\ProgramData\TEMP:9254F782
AlternateDataStreams: C:\ProgramData\TEMP:92BD9737
AlternateDataStreams: C:\ProgramData\TEMP:92CA7E75
AlternateDataStreams: C:\ProgramData\TEMP:93E63CFB
AlternateDataStreams: C:\ProgramData\TEMP:94A31742
AlternateDataStreams: C:\ProgramData\TEMP:94B25DF5
AlternateDataStreams: C:\ProgramData\TEMP:95BC5FB8
AlternateDataStreams: C:\ProgramData\TEMP:968F624D
AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
AlternateDataStreams: C:\ProgramData\TEMP:97427454
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:991283D0
AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675
AlternateDataStreams: C:\ProgramData\TEMP:9FC58CBB
AlternateDataStreams: C:\ProgramData\TEMP:A015B193
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A391510C
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C
AlternateDataStreams: C:\ProgramData\TEMP:A52D07E2
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
AlternateDataStreams: C:\ProgramData\TEMP:A6F30843
AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
AlternateDataStreams: C:\ProgramData\TEMP:A9562832
AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D
AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AD179392
AlternateDataStreams: C:\ProgramData\TEMP:AE324BE5
AlternateDataStreams: C:\ProgramData\TEMP:AEC59117
AlternateDataStreams: C:\ProgramData\TEMP:AF2F9D4A
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:AFB89C92
AlternateDataStreams: C:\ProgramData\TEMP:AFC732F7
AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69
AlternateDataStreams: C:\ProgramData\TEMP:B2DC8D6B
AlternateDataStreams: C:\ProgramData\TEMP:B602AC45
AlternateDataStreams: C:\ProgramData\TEMP:B69CF390
AlternateDataStreams: C:\ProgramData\TEMP:B6D84F71
AlternateDataStreams: C:\ProgramData\TEMP:B74BD6BF
AlternateDataStreams: C:\ProgramData\TEMP:B7957D59
AlternateDataStreams: C:\ProgramData\TEMP:B7B127A5
AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4
AlternateDataStreams: C:\ProgramData\TEMP:BBC9C1EB
AlternateDataStreams: C:\ProgramData\TEMP:BD50071F
AlternateDataStreams: C:\ProgramData\TEMP:BD84F7D6
AlternateDataStreams: C:\ProgramData\TEMP:BECA50FF
AlternateDataStreams: C:\ProgramData\TEMP:BF1E0621
AlternateDataStreams: C:\ProgramData\TEMP:BF6C4AAC
AlternateDataStreams: C:\ProgramData\TEMP:C0D23A2F
AlternateDataStreams: C:\ProgramData\TEMP:C1D3D9A3
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C2A47725
AlternateDataStreams: C:\ProgramData\TEMP:C3899C0B
AlternateDataStreams: C:\ProgramData\TEMP:C3E7F2E9
AlternateDataStreams: C:\ProgramData\TEMP:C55217E2
AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1
AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C
AlternateDataStreams: C:\ProgramData\TEMP:C89D1773
AlternateDataStreams: C:\ProgramData\TEMP:CB5AA1E6
AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D
AlternateDataStreams: C:\ProgramData\TEMP:CCD8056E
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D276CDF4
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D4F5419A
AlternateDataStreams: C:\ProgramData\TEMP:D8F64D5A
AlternateDataStreams: C:\ProgramData\TEMP:DBD787A7
AlternateDataStreams: C:\ProgramData\TEMP:DC8E5CD4
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:DFDBC05C
AlternateDataStreams: C:\ProgramData\TEMP:E03D9F40
AlternateDataStreams: C:\ProgramData\TEMP:E1520A02
AlternateDataStreams: C:\ProgramData\TEMP:E4272706
AlternateDataStreams: C:\ProgramData\TEMP:E4996D81
AlternateDataStreams: C:\ProgramData\TEMP:E4FD113F
AlternateDataStreams: C:\ProgramData\TEMP:E517FE76
AlternateDataStreams: C:\ProgramData\TEMP:E5496666
AlternateDataStreams: C:\ProgramData\TEMP:E5AF754F
AlternateDataStreams: C:\ProgramData\TEMP:E732B44B
AlternateDataStreams: C:\ProgramData\TEMP:E8074E20
AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
AlternateDataStreams: C:\ProgramData\TEMP:E8B61305
AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047
AlternateDataStreams: C:\ProgramData\TEMP:EDB03249
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C
AlternateDataStreams: C:\ProgramData\TEMP:EF0BD3A1
AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33
AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
AlternateDataStreams: C:\ProgramData\TEMP:F49868C8
AlternateDataStreams: C:\ProgramData\TEMP:F4BF61E8
AlternateDataStreams: C:\ProgramData\TEMP:F5082CD2
AlternateDataStreams: C:\ProgramData\TEMP:F816645E
AlternateDataStreams: C:\ProgramData\TEMP:F83E8359
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\ProgramData\TEMP:FF717A18

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
 

now a new tab opens from adfoc.us

Which browser is being used?

If you have one than one browser check them and let me know.

#10 GlowingGlitter

GlowingGlitter
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 28 July 2014 - 09:01 AM

sorry but i don't know how to tell if a task has been modified or how to create a new one

ok but check this out I just got a popup/new tab saying a virus was detected & to call 800 # it happened when i clicked on the smiley face in this reply box

 

i only use google



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 28 July 2014 - 10:36 AM

Task: {D71988F3-19A6-4C20-95C9-C2CAE4394F55} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1747744730-1917151460-2537227103-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe


Refer to this article.

http://www.c-sharpcorner.com/UploadFile/6cde20/create-schedule-task-in-windows-8/

Do you see the task for the auto update?

==

popup/new tab saying a virus was detected & to call 800 # it happened when i clicked on the smiley face in this reply box

Do not click on the icon.

Run Malwarebytes.

Run the FRST tool and post a fresh log for my review.

#12 GlowingGlitter

GlowingGlitter
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 28 July 2014 - 03:17 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Pam at 2014-07-28 13:14:32 Run:2
Running from C:\Users\Pam\Desktop\farbar
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:02F30776
AlternateDataStreams: C:\ProgramData\TEMP:02FFE068
AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C
AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8
AlternateDataStreams: C:\ProgramData\TEMP:08767DE0
AlternateDataStreams: C:\ProgramData\TEMP:087CB364
AlternateDataStreams: C:\ProgramData\TEMP:099BA123
AlternateDataStreams: C:\ProgramData\TEMP:09AEED56
AlternateDataStreams: C:\ProgramData\TEMP:0AC0213C
AlternateDataStreams: C:\ProgramData\TEMP:0AD90625
AlternateDataStreams: C:\ProgramData\TEMP:0B9DC6BB
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:0C9E06A2
AlternateDataStreams: C:\ProgramData\TEMP:0E10B960
AlternateDataStreams: C:\ProgramData\TEMP:104A1C3E
AlternateDataStreams: C:\ProgramData\TEMP:10DB9BB7
AlternateDataStreams: C:\ProgramData\TEMP:11C7FAE3
AlternateDataStreams: C:\ProgramData\TEMP:120E44A4
AlternateDataStreams: C:\ProgramData\TEMP:128B55C8
AlternateDataStreams: C:\ProgramData\TEMP:12D136AA
AlternateDataStreams: C:\ProgramData\TEMP:1309637A
AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD
AlternateDataStreams: C:\ProgramData\TEMP:14A1BBE3
AlternateDataStreams: C:\ProgramData\TEMP:15734396
AlternateDataStreams: C:\ProgramData\TEMP:18B241CC
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:19F8EB29
AlternateDataStreams: C:\ProgramData\TEMP:1A259A13
AlternateDataStreams: C:\ProgramData\TEMP:1BC4E1C1
AlternateDataStreams: C:\ProgramData\TEMP:1D759F5E
AlternateDataStreams: C:\ProgramData\TEMP:1DB77A89
AlternateDataStreams: C:\ProgramData\TEMP:1EADCBDE
AlternateDataStreams: C:\ProgramData\TEMP:1EC13383
AlternateDataStreams: C:\ProgramData\TEMP:20ABE827
AlternateDataStreams: C:\ProgramData\TEMP:220E9B9E
AlternateDataStreams: C:\ProgramData\TEMP:236FF5C6
AlternateDataStreams: C:\ProgramData\TEMP:27A88EF2
AlternateDataStreams: C:\ProgramData\TEMP:29EA7E22
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2C4F33F6
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2F1D743F
AlternateDataStreams: C:\ProgramData\TEMP:2F7C40B6
AlternateDataStreams: C:\ProgramData\TEMP:2F947175
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:3480F458
AlternateDataStreams: C:\ProgramData\TEMP:35501BA4
AlternateDataStreams: C:\ProgramData\TEMP:366EFA1A
AlternateDataStreams: C:\ProgramData\TEMP:36ED5C45
AlternateDataStreams: C:\ProgramData\TEMP:38534D53
AlternateDataStreams: C:\ProgramData\TEMP:398D2775
AlternateDataStreams: C:\ProgramData\TEMP:3A133158
AlternateDataStreams: C:\ProgramData\TEMP:3A28C54D
AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E
AlternateDataStreams: C:\ProgramData\TEMP:3B71586E
AlternateDataStreams: C:\ProgramData\TEMP:3BDF57F4
AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:3F266659
AlternateDataStreams: C:\ProgramData\TEMP:406E0034
AlternateDataStreams: C:\ProgramData\TEMP:417C2BC3
AlternateDataStreams: C:\ProgramData\TEMP:454191C8
AlternateDataStreams: C:\ProgramData\TEMP:45A64DE6
AlternateDataStreams: C:\ProgramData\TEMP:4762F1D2
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:48977386
AlternateDataStreams: C:\ProgramData\TEMP:489EA5E5
AlternateDataStreams: C:\ProgramData\TEMP:494E4266
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7
AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB
AlternateDataStreams: C:\ProgramData\TEMP:4F49DA66
AlternateDataStreams: C:\ProgramData\TEMP:5008417E
AlternateDataStreams: C:\ProgramData\TEMP:506698B2
AlternateDataStreams: C:\ProgramData\TEMP:50868536
AlternateDataStreams: C:\ProgramData\TEMP:5164A01F
AlternateDataStreams: C:\ProgramData\TEMP:5520ED93
AlternateDataStreams: C:\ProgramData\TEMP:5559517D
AlternateDataStreams: C:\ProgramData\TEMP:567A1FC4
AlternateDataStreams: C:\ProgramData\TEMP:5819B64E
AlternateDataStreams: C:\ProgramData\TEMP:58447932
AlternateDataStreams: C:\ProgramData\TEMP:587F3582
AlternateDataStreams: C:\ProgramData\TEMP:58B3FE52
AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5
AlternateDataStreams: C:\ProgramData\TEMP:5AF26A5B
AlternateDataStreams: C:\ProgramData\TEMP:5C3637D2
AlternateDataStreams: C:\ProgramData\TEMP:5C42F64A
AlternateDataStreams: C:\ProgramData\TEMP:5C717402
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2
AlternateDataStreams: C:\ProgramData\TEMP:5FD6C9E1
AlternateDataStreams: C:\ProgramData\TEMP:607A99D7
AlternateDataStreams: C:\ProgramData\TEMP:641A21EA
AlternateDataStreams: C:\ProgramData\TEMP:64E05835
AlternateDataStreams: C:\ProgramData\TEMP:65484F45
AlternateDataStreams: C:\ProgramData\TEMP:669AB5E1
AlternateDataStreams: C:\ProgramData\TEMP:66C764F5
AlternateDataStreams: C:\ProgramData\TEMP:66F7E5A9
AlternateDataStreams: C:\ProgramData\TEMP:67E674B0
AlternateDataStreams: C:\ProgramData\TEMP:699EFEED
AlternateDataStreams: C:\ProgramData\TEMP:69F562A6
AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4
AlternateDataStreams: C:\ProgramData\TEMP:6C15BEAD
AlternateDataStreams: C:\ProgramData\TEMP:6F39FFF1
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5
AlternateDataStreams: C:\ProgramData\TEMP:747457CF
AlternateDataStreams: C:\ProgramData\TEMP:77B64C59
AlternateDataStreams: C:\ProgramData\TEMP:79A7F369
AlternateDataStreams: C:\ProgramData\TEMP:7C27C41C
AlternateDataStreams: C:\ProgramData\TEMP:7C8AA9A6
AlternateDataStreams: C:\ProgramData\TEMP:7E802BFF
AlternateDataStreams: C:\ProgramData\TEMP:7F4D8125
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA
AlternateDataStreams: C:\ProgramData\TEMP:865F21BF
AlternateDataStreams: C:\ProgramData\TEMP:871526BA
AlternateDataStreams: C:\ProgramData\TEMP:88C5973F
AlternateDataStreams: C:\ProgramData\TEMP:8A620099
AlternateDataStreams: C:\ProgramData\TEMP:8CEC3A68
AlternateDataStreams: C:\ProgramData\TEMP:8D565A9B
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137
AlternateDataStreams: C:\ProgramData\TEMP:8EBAFFA8
AlternateDataStreams: C:\ProgramData\TEMP:8F1B55BE
AlternateDataStreams: C:\ProgramData\TEMP:8F6B75BF
AlternateDataStreams: C:\ProgramData\TEMP:90C320E1
AlternateDataStreams: C:\ProgramData\TEMP:918A387B
AlternateDataStreams: C:\ProgramData\TEMP:9254F782
AlternateDataStreams: C:\ProgramData\TEMP:92BD9737
AlternateDataStreams: C:\ProgramData\TEMP:92CA7E75
AlternateDataStreams: C:\ProgramData\TEMP:93E63CFB
AlternateDataStreams: C:\ProgramData\TEMP:94A31742
AlternateDataStreams: C:\ProgramData\TEMP:94B25DF5
AlternateDataStreams: C:\ProgramData\TEMP:95BC5FB8
AlternateDataStreams: C:\ProgramData\TEMP:968F624D
AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
AlternateDataStreams: C:\ProgramData\TEMP:97427454
AlternateDataStreams: C:\ProgramData\TEMP:9836B5E4
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:991283D0
AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675
AlternateDataStreams: C:\ProgramData\TEMP:9FC58CBB
AlternateDataStreams: C:\ProgramData\TEMP:A015B193
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A391510C
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C
AlternateDataStreams: C:\ProgramData\TEMP:A52D07E2
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
AlternateDataStreams: C:\ProgramData\TEMP:A6F30843
AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
AlternateDataStreams: C:\ProgramData\TEMP:A9562832
AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D
AlternateDataStreams: C:\ProgramData\TEMP:AABECEFB
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AD179392
AlternateDataStreams: C:\ProgramData\TEMP:AE324BE5
AlternateDataStreams: C:\ProgramData\TEMP:AEC59117
AlternateDataStreams: C:\ProgramData\TEMP:AF2F9D4A
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:AFB89C92
AlternateDataStreams: C:\ProgramData\TEMP:AFC732F7
AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69
AlternateDataStreams: C:\ProgramData\TEMP:B2DC8D6B
AlternateDataStreams: C:\ProgramData\TEMP:B602AC45
AlternateDataStreams: C:\ProgramData\TEMP:B69CF390
AlternateDataStreams: C:\ProgramData\TEMP:B6D84F71
AlternateDataStreams: C:\ProgramData\TEMP:B74BD6BF
AlternateDataStreams: C:\ProgramData\TEMP:B7957D59
AlternateDataStreams: C:\ProgramData\TEMP:B7B127A5
AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4
AlternateDataStreams: C:\ProgramData\TEMP:BBC9C1EB
AlternateDataStreams: C:\ProgramData\TEMP:BD50071F
AlternateDataStreams: C:\ProgramData\TEMP:BD84F7D6
AlternateDataStreams: C:\ProgramData\TEMP:BECA50FF
AlternateDataStreams: C:\ProgramData\TEMP:BF1E0621
AlternateDataStreams: C:\ProgramData\TEMP:BF6C4AAC
AlternateDataStreams: C:\ProgramData\TEMP:C0D23A2F
AlternateDataStreams: C:\ProgramData\TEMP:C1D3D9A3
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C2A47725
AlternateDataStreams: C:\ProgramData\TEMP:C3899C0B
AlternateDataStreams: C:\ProgramData\TEMP:C3E7F2E9
AlternateDataStreams: C:\ProgramData\TEMP:C55217E2
AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1
AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C
AlternateDataStreams: C:\ProgramData\TEMP:C89D1773
AlternateDataStreams: C:\ProgramData\TEMP:CB5AA1E6
AlternateDataStreams: C:\ProgramData\TEMP:CB8C8B5D
AlternateDataStreams: C:\ProgramData\TEMP:CCD8056E
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D276CDF4
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D4F5419A
AlternateDataStreams: C:\ProgramData\TEMP:D8F64D5A
AlternateDataStreams: C:\ProgramData\TEMP:DBD787A7
AlternateDataStreams: C:\ProgramData\TEMP:DC8E5CD4
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:DFDBC05C
AlternateDataStreams: C:\ProgramData\TEMP:E03D9F40
AlternateDataStreams: C:\ProgramData\TEMP:E1520A02
AlternateDataStreams: C:\ProgramData\TEMP:E4272706
AlternateDataStreams: C:\ProgramData\TEMP:E4996D81
AlternateDataStreams: C:\ProgramData\TEMP:E4FD113F
AlternateDataStreams: C:\ProgramData\TEMP:E517FE76
AlternateDataStreams: C:\ProgramData\TEMP:E5496666
AlternateDataStreams: C:\ProgramData\TEMP:E5AF754F
AlternateDataStreams: C:\ProgramData\TEMP:E732B44B
AlternateDataStreams: C:\ProgramData\TEMP:E8074E20
AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
AlternateDataStreams: C:\ProgramData\TEMP:E8B61305
AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047
AlternateDataStreams: C:\ProgramData\TEMP:EDB03249
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C
AlternateDataStreams: C:\ProgramData\TEMP:EF0BD3A1
AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33
AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
AlternateDataStreams: C:\ProgramData\TEMP:F49868C8
AlternateDataStreams: C:\ProgramData\TEMP:F4BF61E8
AlternateDataStreams: C:\ProgramData\TEMP:F5082CD2
AlternateDataStreams: C:\ProgramData\TEMP:F816645E
AlternateDataStreams: C:\ProgramData\TEMP:F83E8359
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096
AlternateDataStreams: C:\ProgramData\TEMP:FD4C7AD3
AlternateDataStreams: C:\ProgramData\TEMP:FF717A18
 
end
*****************
 
C:\ProgramData\TEMP => ":012BC84F" ADS removed successfully.
C:\ProgramData\TEMP => ":02F30776" ADS removed successfully.
C:\ProgramData\TEMP => ":02FFE068" ADS removed successfully.
C:\ProgramData\TEMP => ":04BC9A2C" ADS removed successfully.
C:\ProgramData\TEMP => ":076F9EF8" ADS removed successfully.
C:\ProgramData\TEMP => ":08767DE0" ADS removed successfully.
C:\ProgramData\TEMP => ":087CB364" ADS removed successfully.
C:\ProgramData\TEMP => ":099BA123" ADS removed successfully.
C:\ProgramData\TEMP => ":09AEED56" ADS removed successfully.
C:\ProgramData\TEMP => ":0AC0213C" ADS removed successfully.
C:\ProgramData\TEMP => ":0AD90625" ADS removed successfully.
C:\ProgramData\TEMP => ":0B9DC6BB" ADS removed successfully.
C:\ProgramData\TEMP => ":0BBF232A" ADS removed successfully.
C:\ProgramData\TEMP => ":0C9E06A2" ADS removed successfully.
C:\ProgramData\TEMP => ":0E10B960" ADS removed successfully.
C:\ProgramData\TEMP => ":104A1C3E" ADS removed successfully.
C:\ProgramData\TEMP => ":10DB9BB7" ADS removed successfully.
C:\ProgramData\TEMP => ":11C7FAE3" ADS removed successfully.
C:\ProgramData\TEMP => ":120E44A4" ADS removed successfully.
C:\ProgramData\TEMP => ":128B55C8" ADS removed successfully.
C:\ProgramData\TEMP => ":12D136AA" ADS removed successfully.
C:\ProgramData\TEMP => ":1309637A" ADS removed successfully.
C:\ProgramData\TEMP => ":1322DDBD" ADS removed successfully.
C:\ProgramData\TEMP => ":14A1BBE3" ADS removed successfully.
C:\ProgramData\TEMP => ":15734396" ADS removed successfully.
C:\ProgramData\TEMP => ":18B241CC" ADS removed successfully.
C:\ProgramData\TEMP => ":18DEBC51" ADS removed successfully.
C:\ProgramData\TEMP => ":1999DD0A" ADS removed successfully.
C:\ProgramData\TEMP => ":19F8EB29" ADS removed successfully.
C:\ProgramData\TEMP => ":1A259A13" ADS removed successfully.
C:\ProgramData\TEMP => ":1BC4E1C1" ADS removed successfully.
C:\ProgramData\TEMP => ":1D759F5E" ADS removed successfully.
C:\ProgramData\TEMP => ":1DB77A89" ADS removed successfully.
C:\ProgramData\TEMP => ":1EADCBDE" ADS removed successfully.
C:\ProgramData\TEMP => ":1EC13383" ADS removed successfully.
C:\ProgramData\TEMP => ":20ABE827" ADS removed successfully.
C:\ProgramData\TEMP => ":220E9B9E" ADS removed successfully.
C:\ProgramData\TEMP => ":236FF5C6" ADS removed successfully.
C:\ProgramData\TEMP => ":27A88EF2" ADS removed successfully.
C:\ProgramData\TEMP => ":29EA7E22" ADS removed successfully.
C:\ProgramData\TEMP => ":2AE74FF9" ADS removed successfully.
C:\ProgramData\TEMP => ":2C4F33F6" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":2F1D743F" ADS removed successfully.
C:\ProgramData\TEMP => ":2F7C40B6" ADS removed successfully.
C:\ProgramData\TEMP => ":2F947175" ADS removed successfully.
C:\ProgramData\TEMP => ":32AE8659" ADS removed successfully.
C:\ProgramData\TEMP => ":3480F458" ADS removed successfully.
C:\ProgramData\TEMP => ":35501BA4" ADS removed successfully.
C:\ProgramData\TEMP => ":366EFA1A" ADS removed successfully.
C:\ProgramData\TEMP => ":36ED5C45" ADS removed successfully.
C:\ProgramData\TEMP => ":38534D53" ADS removed successfully.
C:\ProgramData\TEMP => ":398D2775" ADS removed successfully.
C:\ProgramData\TEMP => ":3A133158" ADS removed successfully.
C:\ProgramData\TEMP => ":3A28C54D" ADS removed successfully.
C:\ProgramData\TEMP => ":3ADE134E" ADS removed successfully.
C:\ProgramData\TEMP => ":3B71586E" ADS removed successfully.
C:\ProgramData\TEMP => ":3BDF57F4" ADS removed successfully.
C:\ProgramData\TEMP => ":3D887DCC" ADS removed successfully.
C:\ProgramData\TEMP => ":3E8A3E87" ADS removed successfully.
C:\ProgramData\TEMP => ":3EC5BC08" ADS removed successfully.
C:\ProgramData\TEMP => ":3F266659" ADS removed successfully.
C:\ProgramData\TEMP => ":406E0034" ADS removed successfully.
C:\ProgramData\TEMP => ":417C2BC3" ADS removed successfully.
C:\ProgramData\TEMP => ":454191C8" ADS removed successfully.
C:\ProgramData\TEMP => ":45A64DE6" ADS removed successfully.
C:\ProgramData\TEMP => ":4762F1D2" ADS removed successfully.
C:\ProgramData\TEMP => ":48862C37" ADS removed successfully.
C:\ProgramData\TEMP => ":48977386" ADS removed successfully.
C:\ProgramData\TEMP => ":489EA5E5" ADS removed successfully.
C:\ProgramData\TEMP => ":494E4266" ADS removed successfully.
C:\ProgramData\TEMP => ":4C3B92C7" ADS removed successfully.
C:\ProgramData\TEMP => ":4C9782FB" ADS removed successfully.
C:\ProgramData\TEMP => ":4F49DA66" ADS removed successfully.
C:\ProgramData\TEMP => ":5008417E" ADS removed successfully.
C:\ProgramData\TEMP => ":506698B2" ADS removed successfully.
C:\ProgramData\TEMP => ":50868536" ADS removed successfully.
C:\ProgramData\TEMP => ":5164A01F" ADS removed successfully.
C:\ProgramData\TEMP => ":5520ED93" ADS removed successfully.
C:\ProgramData\TEMP => ":5559517D" ADS removed successfully.
C:\ProgramData\TEMP => ":567A1FC4" ADS removed successfully.
C:\ProgramData\TEMP => ":5819B64E" ADS removed successfully.
C:\ProgramData\TEMP => ":58447932" ADS removed successfully.
C:\ProgramData\TEMP => ":587F3582" ADS removed successfully.
C:\ProgramData\TEMP => ":58B3FE52" ADS removed successfully.
C:\ProgramData\TEMP => ":5A9F1AE5" ADS removed successfully.
C:\ProgramData\TEMP => ":5AF26A5B" ADS removed successfully.
C:\ProgramData\TEMP => ":5C3637D2" ADS removed successfully.
C:\ProgramData\TEMP => ":5C42F64A" ADS removed successfully.
C:\ProgramData\TEMP => ":5C717402" ADS removed successfully.
C:\ProgramData\TEMP => ":5E73E1C2" ADS removed successfully.
C:\ProgramData\TEMP => ":5FD6C9E1" ADS removed successfully.
C:\ProgramData\TEMP => ":607A99D7" ADS removed successfully.
C:\ProgramData\TEMP => ":641A21EA" ADS removed successfully.
C:\ProgramData\TEMP => ":64E05835" ADS removed successfully.
C:\ProgramData\TEMP => ":65484F45" ADS removed successfully.
C:\ProgramData\TEMP => ":669AB5E1" ADS removed successfully.
C:\ProgramData\TEMP => ":66C764F5" ADS removed successfully.
C:\ProgramData\TEMP => ":66F7E5A9" ADS removed successfully.
C:\ProgramData\TEMP => ":67E674B0" ADS removed successfully.
C:\ProgramData\TEMP => ":699EFEED" ADS removed successfully.
C:\ProgramData\TEMP => ":69F562A6" ADS removed successfully.
C:\ProgramData\TEMP => ":6A6D4AF4" ADS removed successfully.
C:\ProgramData\TEMP => ":6C15BEAD" ADS removed successfully.
C:\ProgramData\TEMP => ":6F39FFF1" ADS removed successfully.
C:\ProgramData\TEMP => ":6FF14C72" ADS removed successfully.
C:\ProgramData\TEMP => ":70E897B5" ADS removed successfully.
C:\ProgramData\TEMP => ":747457CF" ADS removed successfully.
C:\ProgramData\TEMP => ":77B64C59" ADS removed successfully.
C:\ProgramData\TEMP => ":79A7F369" ADS removed successfully.
C:\ProgramData\TEMP => ":7C27C41C" ADS removed successfully.
C:\ProgramData\TEMP => ":7C8AA9A6" ADS removed successfully.
C:\ProgramData\TEMP => ":7E802BFF" ADS removed successfully.
C:\ProgramData\TEMP => ":7F4D8125" ADS removed successfully.
C:\ProgramData\TEMP => ":7FA0D639" ADS removed successfully.
C:\ProgramData\TEMP => ":80FA23CA" ADS removed successfully.
C:\ProgramData\TEMP => ":865F21BF" ADS removed successfully.
C:\ProgramData\TEMP => ":871526BA" ADS removed successfully.
C:\ProgramData\TEMP => ":88C5973F" ADS removed successfully.
C:\ProgramData\TEMP => ":8A620099" ADS removed successfully.
C:\ProgramData\TEMP => ":8CEC3A68" ADS removed successfully.
C:\ProgramData\TEMP => ":8D565A9B" ADS removed successfully.
C:\ProgramData\TEMP => ":8DF68137" ADS removed successfully.
C:\ProgramData\TEMP => ":8EBAFFA8" ADS removed successfully.
C:\ProgramData\TEMP => ":8F1B55BE" ADS removed successfully.
C:\ProgramData\TEMP => ":8F6B75BF" ADS removed successfully.
C:\ProgramData\TEMP => ":90C320E1" ADS removed successfully.
C:\ProgramData\TEMP => ":918A387B" ADS removed successfully.
C:\ProgramData\TEMP => ":9254F782" ADS removed successfully.
C:\ProgramData\TEMP => ":92BD9737" ADS removed successfully.
C:\ProgramData\TEMP => ":92CA7E75" ADS removed successfully.
C:\ProgramData\TEMP => ":93E63CFB" ADS removed successfully.
C:\ProgramData\TEMP => ":94A31742" ADS removed successfully.
C:\ProgramData\TEMP => ":94B25DF5" ADS removed successfully.
C:\ProgramData\TEMP => ":95BC5FB8" ADS removed successfully.
C:\ProgramData\TEMP => ":968F624D" ADS removed successfully.
C:\ProgramData\TEMP => ":9725F1BC" ADS removed successfully.
C:\ProgramData\TEMP => ":97427454" ADS removed successfully.
C:\ProgramData\TEMP => ":9836B5E4" ADS removed successfully.
C:\ProgramData\TEMP => ":98DFF516" ADS removed successfully.
C:\ProgramData\TEMP => ":991283D0" ADS removed successfully.
C:\ProgramData\TEMP => ":9BB8C675" ADS removed successfully.
C:\ProgramData\TEMP => ":9FC58CBB" ADS removed successfully.
C:\ProgramData\TEMP => ":A015B193" ADS removed successfully.
C:\ProgramData\TEMP => ":A1FD5369" ADS removed successfully.
C:\ProgramData\TEMP => ":A391510C" ADS removed successfully.
C:\ProgramData\TEMP => ":A3B8F70C" ADS removed successfully.
C:\ProgramData\TEMP => ":A52D07E2" ADS removed successfully.
C:\ProgramData\TEMP => ":A6E01F67" ADS removed successfully.
C:\ProgramData\TEMP => ":A6F30843" ADS removed successfully.
C:\ProgramData\TEMP => ":A7C40691" ADS removed successfully.
C:\ProgramData\TEMP => ":A9562832" ADS removed successfully.
C:\ProgramData\TEMP => ":A9F13D2D" ADS removed successfully.
C:\ProgramData\TEMP => ":AABECEFB" ADS removed successfully.
C:\ProgramData\TEMP => ":AB0A5A80" ADS removed successfully.
C:\ProgramData\TEMP => ":AD179392" ADS removed successfully.
C:\ProgramData\TEMP => ":AE324BE5" ADS removed successfully.
C:\ProgramData\TEMP => ":AEC59117" ADS removed successfully.
C:\ProgramData\TEMP => ":AF2F9D4A" ADS removed successfully.
C:\ProgramData\TEMP => ":AFB24B00" ADS removed successfully.
C:\ProgramData\TEMP => ":AFB89C92" ADS removed successfully.
C:\ProgramData\TEMP => ":AFC732F7" ADS removed successfully.
C:\ProgramData\TEMP => ":B2CCDB69" ADS removed successfully.
C:\ProgramData\TEMP => ":B2DC8D6B" ADS removed successfully.
C:\ProgramData\TEMP => ":B602AC45" ADS removed successfully.
C:\ProgramData\TEMP => ":B69CF390" ADS removed successfully.
C:\ProgramData\TEMP => ":B6D84F71" ADS removed successfully.
C:\ProgramData\TEMP => ":B74BD6BF" ADS removed successfully.
C:\ProgramData\TEMP => ":B7957D59" ADS removed successfully.
C:\ProgramData\TEMP => ":B7B127A5" ADS removed successfully.
C:\ProgramData\TEMP => ":BB0F4AA4" ADS removed successfully.
C:\ProgramData\TEMP => ":BBC9C1EB" ADS removed successfully.
C:\ProgramData\TEMP => ":BD50071F" ADS removed successfully.
C:\ProgramData\TEMP => ":BD84F7D6" ADS removed successfully.
C:\ProgramData\TEMP => ":BECA50FF" ADS removed successfully.
C:\ProgramData\TEMP => ":BF1E0621" ADS removed successfully.
C:\ProgramData\TEMP => ":BF6C4AAC" ADS removed successfully.
C:\ProgramData\TEMP => ":C0D23A2F" ADS removed successfully.
C:\ProgramData\TEMP => ":C1D3D9A3" ADS removed successfully.
C:\ProgramData\TEMP => ":C22674B6" ADS removed successfully.
C:\ProgramData\TEMP => ":C2A47725" ADS removed successfully.
C:\ProgramData\TEMP => ":C3899C0B" ADS removed successfully.
C:\ProgramData\TEMP => ":C3E7F2E9" ADS removed successfully.
C:\ProgramData\TEMP => ":C55217E2" ADS removed successfully.
C:\ProgramData\TEMP => ":C669F3E1" ADS removed successfully.
C:\ProgramData\TEMP => ":C7D35E8C" ADS removed successfully.
C:\ProgramData\TEMP => ":C89D1773" ADS removed successfully.
C:\ProgramData\TEMP => ":CB5AA1E6" ADS removed successfully.
C:\ProgramData\TEMP => ":CB8C8B5D" ADS removed successfully.
C:\ProgramData\TEMP => ":CCD8056E" ADS removed successfully.
C:\ProgramData\TEMP => ":D086B88D" ADS removed successfully.
C:\ProgramData\TEMP => ":D1FE35E7" ADS removed successfully.
C:\ProgramData\TEMP => ":D276CDF4" ADS removed successfully.
C:\ProgramData\TEMP => ":D4DD372D" ADS removed successfully.
C:\ProgramData\TEMP => ":D4F5419A" ADS removed successfully.
C:\ProgramData\TEMP => ":D8F64D5A" ADS removed successfully.
C:\ProgramData\TEMP => ":DBD787A7" ADS removed successfully.
C:\ProgramData\TEMP => ":DC8E5CD4" ADS removed successfully.
C:\ProgramData\TEMP => ":DE875C30" ADS removed successfully.
C:\ProgramData\TEMP => ":DF7A2D3E" ADS removed successfully.
C:\ProgramData\TEMP => ":DFDBC05C" ADS removed successfully.
C:\ProgramData\TEMP => ":E03D9F40" ADS removed successfully.
C:\ProgramData\TEMP => ":E1520A02" ADS removed successfully.
C:\ProgramData\TEMP => ":E4272706" ADS removed successfully.
C:\ProgramData\TEMP => ":E4996D81" ADS removed successfully.
C:\ProgramData\TEMP => ":E4FD113F" ADS removed successfully.
C:\ProgramData\TEMP => ":E517FE76" ADS removed successfully.
C:\ProgramData\TEMP => ":E5496666" ADS removed successfully.
C:\ProgramData\TEMP => ":E5AF754F" ADS removed successfully.
C:\ProgramData\TEMP => ":E732B44B" ADS removed successfully.
C:\ProgramData\TEMP => ":E8074E20" ADS removed successfully.
C:\ProgramData\TEMP => ":E8AEB2BF" ADS removed successfully.
C:\ProgramData\TEMP => ":E8B61305" ADS removed successfully.
C:\ProgramData\TEMP => ":EA2D3047" ADS removed successfully.
C:\ProgramData\TEMP => ":EDB03249" ADS removed successfully.
C:\ProgramData\TEMP => ":EDF12A30" ADS removed successfully.
C:\ProgramData\TEMP => ":EE445D7C" ADS removed successfully.
C:\ProgramData\TEMP => ":EF0BD3A1" ADS removed successfully.
C:\ProgramData\TEMP => ":EF0F3F33" ADS removed successfully.
C:\ProgramData\TEMP => ":F176B6C6" ADS removed successfully.
C:\ProgramData\TEMP => ":F2E92DCD" ADS removed successfully.
C:\ProgramData\TEMP => ":F3A185AE" ADS removed successfully.
C:\ProgramData\TEMP => ":F49868C8" ADS removed successfully.
C:\ProgramData\TEMP => ":F4BF61E8" ADS removed successfully.
C:\ProgramData\TEMP => ":F5082CD2" ADS removed successfully.
C:\ProgramData\TEMP => ":F816645E" ADS removed successfully.
C:\ProgramData\TEMP => ":F83E8359" ADS removed successfully.
C:\ProgramData\TEMP => ":F9E10A82" ADS removed successfully.
C:\ProgramData\TEMP => ":FBA79096" ADS removed successfully.
C:\ProgramData\TEMP => ":FD4C7AD3" ADS removed successfully.
C:\ProgramData\TEMP => ":FF717A18" ADS removed successfully.
 
==== End of Fixlog ====


#13 GlowingGlitter

GlowingGlitter
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 29 July 2014 - 12:49 AM

I ran malware it said no threats were found.

 

please forgive my ignorance, I read the article you referenced but I'm still not sure what I'm looking for.

 

Thank You for all your help!



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 29 July 2014 - 08:17 AM


In the bottom of the article you will find a link to this page.

http://www.c-sharpcorner.com/UploadFile/6cde20/disable-schedule-task-in-windows-8/

Is there anything listed that refers to this task?
Task: {D71988F3-19A6-4C20-95C9-C2CAE4394F55} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1747744730-1917151460-2537227103-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Mind you it may not be the cause of your problem with OneDrive.
You may have to reinstall SkyDrive.

#15 GlowingGlitter

GlowingGlitter
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 29 July 2014 - 05:04 PM

I just restarted comp & I didn't get that msg again, everything seems to be working so I'm not gonna worry about it right now.

 

The original problem is still a problem though. I have taken screen shots of some of the popups I get if that might help. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users