Jump to content

wismommy

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

Reputation

0 Neutral
  1. wismommy
    ok this is what I got...notice at the end it cuts off?? not sure what this is all about but this is all that is there. TimeCreated : 10/6/2014 3:26:59 AM Message : Checking file system on C: The type of the file system is NTFS. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... The attribute of type 0x80 and instance tag 0x3 in file 0xb59b has allocated length of 0x388000 instead of 0x38c000. Deleting corrupt attribute record (128, "") from file record segment 46491. The attribute of type 0x80 and instance tag 0x4 in file 0xe825 has allocated length of 0xe000 instead of 0x10000. Deleting corrupt attribute record (128, "") from file record segment 59429. The attribute of type 0x80 and instance tag 0x4 in file 0x17379 has allocated length of 0x148000 instead of 0x14f000. Deleting corrupt attribute record (128, "") from file record segment 95097. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x140c for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x19d09 is already in use. Deleting corrupt attribute record (128, "") from file record segment 105737. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x13442c for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x1b1e6 is already in use. Deleting corrupt attribute record (128, "") from file record segment 111078. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x412d0 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x1c010 is already in use. Deleting corrupt attribute record (128, "") from file record segment 114704. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x47014 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x1c011 is already in use. Deleting corrupt attribute record (128, "") from file record segment 114705. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3d058 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x1c974 is already in use. Deleting corrupt attribute record (128, "") from file record segment 117108. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x39f2a for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x201f7 is already in use. Deleting corrupt attribute record (128, "") from file record segment 131575. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x41088 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x2039a is already in use. Deleting corrupt attribute record (128, "") from file record segment 131994. Attribute record of type 0x80 and instance tag 0x1 is cross linked starting at 0x63ce1 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x1 in file 0x2468a is already in use. Deleting corrupt attribute record (128, "") from file record segment 149130. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x46888 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x24d91 is already in use. Deleting corrupt attribute record (128, "") from file record segment 150929. Attribute record of type 0x80 and instance tag 0x1 is cross linked starting at 0x3a10c for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x1 in file 0x24f2f is already in use. Deleting corrupt attribute record (128, "") from file record segment 151343. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x38aa4 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x250e1 is already in use. Deleting corrupt attribute record (128, "") from file record segment 151777. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x10b5640 for possibly 0x10 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x25101 is already in use. Deleting corrupt attribute record (128, "") from file record segment 151809. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3b724 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x2879b is already in use. Deleting corrupt attribute record (128, "") from file record segment 165787. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x91a0c for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x288c3 is already in use. Deleting corrupt attribute record (128, "") from file record segment 166083. Attribute record of type 0x80 and instance tag 0x0 is cross linked starting at 0x1254536 for possibly 0xf clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x0 in file 0x28bb5 is already in use. The attribute of type 0x80 and instance tag 0x0 in file 0x28bb5 has allocated length of 0x7b16000 instead of 0xb00000. Deleted corrupt attribute list entry with type code 128 in file 166837. Unable to locate attribute with instance tag 0x0 and segment reference 0x2c0000000124dd. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 74973. Unable to locate attribute with instance tag 0x0 and segment reference 0x420000000129b2. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 76210. Unable to locate attribute with instance tag 0x0 and segment reference 0x130000000129ce. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 76238. Unable to locate attribute with instance tag 0x0 and segment reference 0x19000000013401. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 78849. Unable to locate attribute with instance tag 0x0 and segment reference 0x2c000000013917. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 80151. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x10c6f47 for possibly 0xff clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x2cf78 is already in use. Deleting corrupt attribute record (128, "") from file record segment 184184. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ba9b for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x30b7e is already in use. Deleting corrupt attribute record (128, "") from file record segment 199550. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x64f39 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x30b8d is already in use. Deleting corrupt attribute record (128, "") from file record segment 199565. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3dc66 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x3103a is already in use. Deleting corrupt attribute record (128, "") from file record segment 200762. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x98f34 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x31309 is already in use. Deleting corrupt attribute record (128, "") from file record segment 201481. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x98f35 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x31f30 is already in use. Deleting corrupt attribute record (128, "") from file record segment 204592. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x44c3c for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x35cfb is already in use. Deleting corrupt attribute record (128, "") from file record segment 220411. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x400ee for possibly 0x2 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x35f2a is already in use. Deleting corrupt attribute record (128, "") from file record segment 220970. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x39fa8 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37434 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226356. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ada9 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37461 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226401. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x47c39 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37541 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226625. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3adab for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37583 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226691. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x403ad for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37588 is already in use. Deleting corrupt attribute record (128, "") from file record segment 226696. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3dc65 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x375de is already in use. Deleting corrupt attribute record (128, "") from file record segment 226782. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x400f0 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x375ea is already in use. Deleting corrupt attribute record (128, "") from file record segment 226794. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3fc1d for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x378c1 is already in use. Deleting corrupt attribute record (128, "") from file record segment 227521. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x40e97 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x378cb is already in use. Deleting corrupt attribute record (128, "") from file record segment 227531. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x46cc0 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x378f0 is already in use. Deleting corrupt attribute record (128, "") from file record segment 227568. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x65b44 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x3790c is already in use. Deleting corrupt attribute record (128, "") from file record segment 227596. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x64345 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x3791f is already in use. Deleting corrupt attribute record (128, "") from file record segment 227615. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x64f3b for possibly 0x5 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37922 is already in use. Deleting corrupt attribute record (128, "") from file record segment 227618. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3cc9f for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37925 is already in use. Deleting corrupt attribute record (128, "") from file record segment 227621. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3ce6c for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x3793f is already in use. Deleting corrupt attribute record (128, "") from file record segment 227647. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x64528 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37dc3 is already in use. Deleting corrupt attribute record (128, "") from file record segment 228803. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3b07c for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37dcb is already in use. Deleting corrupt attribute record (128, "") from file record segment 228811. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x40ee5 for possibly 0x2 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x37f3d is already in use. Deleting corrupt attribute record (128, "") from file record segment 229181. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x403ae for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37f71 is already in use. Deleting corrupt attribute record (128, "") from file record segment 229233. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x403af for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x37f7a is already in use. Deleting corrupt attribute record (128, "") from file record segment 229242. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x3b625 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x381d0 is already in use. Deleting corrupt attribute record (128, "") from file record segment 229840. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x40e96 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x38354 is already in use. Deleting corrupt attribute record (128, "") from file record segment 230228. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x40e98 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x384dc is already in use. Deleting corrupt attribute record (128, "") from file record segment 230620. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x4211b for possibly 0x2 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x385ed is already in use. Deleting corrupt attribute record (128, "") from file record segment 230893. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x656a6 for possibly 0x1 clusters. Some clu
  2. wismommy
    I think I may have to do a clean reinstall, I have major problems. I tried running the CHKDSK and I accidently did the short one again (3 step) and every line said ".....file is corrupt" or "1383848 is an orphan"? Whatever that means! Anyway i am getting invalid directory errors, explorer.exe errors, etc. From what I have researched online it may be easier to do a clean install. However, I am doing a FULL CHKDSK right now, and will let it run overnight and see what I get in the morning. As of right now I can only email from my phone which is why I couldn't attach any files or screenshots for you at this time.
  3. wismommy
    the chkdsk gets stuck at 27% complete and just sits there???? is there something else I can try??
  4. wismommy
    still trying...
  5. wismommy
    also, is there a problem with my malwarebytes program as listed in this log: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x180 Faulting application start time: 0x01cfdce367fc1e51 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: b02bffe5-48d6-11e4-befa-b8763fca6e94 Faulting package full name: Faulting package-relative application ID:
  6. wismommy
    Checking file system on C: The type of the file system is NTFS. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 3)... The attribute of type 0x80 and instance tag 0x4 in file 0xf21 has allocated length of 0x30000 instead of 0x170000. Deleting corrupt attribute record (128, "") from file record segment 3873. The attribute of type 0x80 and instance tag 0x0 in file 0x165cb has allocated length of 0xa7610000 instead of 0xa7590000. Deleted corrupt attribute list entry with type code 128 in file 91595. Unable to locate attribute with instance tag 0x0 and segment reference 0x100000006d2df. The expected attribute type is 0x80. Deleting corrupt attribute record (128, $J) from file record segment 447199. 612864 file records processed. File verification completed. 9916 large file records processed. 0 bad file records processed. CHKDSK is verifying indexes (stage 2 of 3)... 736018 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... CHKDSK is compacting the security descriptor stream Cleaning up 2218 unused security descriptors. Inserting data attribute into file 3873. 61579 data files processed. CHKDSK is verifying Usn Journal... Creating Usn Journal $J data stream Usn Journal verification completed. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. No further action is required. 943269887 KB total disk space. 139401868 KB in 414022 files. 219344 KB in 61581 indexes. 0 KB in bad sectors. 709119 KB in use by the system. 65536 KB occupied by the log file. 802939556 KB available on disk. 4096 bytes in each allocation unit. 235817471 total allocation units on disk. 200734889 allocation units available on disk. Internal Info: 00 5a 09 00 dc 41 07 00 e4 b7 0c 00 00 00 00 00 .Z...A.......... 12 07 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 ....*........... 20 03 e9 e3 75 00 00 00 00 00 00 00 00 00 00 00 ...u........... Windows has finished checking your disk. Please wait while your computer restarts.
  7. wismommy
    I am still having issues with it running slow and some programs continue to freeze up on me like Firefox/chrome/Word....
  8. wismommy
    ComboFix 14-09-29.02 - Ann 09/28/2014 16:39:13.1.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8071.6404 [GMT -5:00] Running from: c:\users\Ann\Desktop\ComboFix.exe AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ann\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2 c:\windows\TEMP\WRusr.dll-410316984-1.tmp . . ((((((((((((((((((((((((( Files Created from 2014-08-28 to 2014-09-28 ))))))))))))))))))))))))))))))) . . 2014-09-28 21:56 . 2014-09-28 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-20 22:11 . 2014-09-20 22:11 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-09-20 22:11 . 2014-09-20 22:11 -------- d-----w- c:\programdata\RogueKiller 2014-09-19 23:51 . 2014-09-19 23:51 -------- d-----w- c:\programdata\KingsIsle Entertainment 2014-09-19 21:43 . 2014-09-19 21:48 -------- d-----w- C:\FRST 2014-09-17 01:23 . 2014-09-17 01:23 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-09-17 01:23 . 2014-07-25 17:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-09-16 02:47 . 2014-08-09 08:30 148480 ----a-w- c:\windows\system32\poqexec.exe 2014-09-16 02:47 . 2014-08-09 08:29 144896 ----a-w- c:\windows\system32\tssdisai.dll 2014-09-13 02:15 . 2014-09-13 02:15 305832 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin 2014-09-11 20:11 . 2013-05-14 13:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2014-09-11 19:23 . 2014-09-04 22:36 755712 ----a-w- c:\windows\system32\aepdu.dll 2014-09-11 19:23 . 2014-09-03 01:49 556544 ----a-w- c:\windows\system32\aeinv.dll 2014-09-11 19:23 . 2014-07-26 02:19 26218496 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2014-09-11 19:23 . 2014-07-26 01:52 25479168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2014-09-10 16:48 . 2014-09-10 16:48 -------- d-----w- c:\program files\iPod 2014-09-10 16:48 . 2014-09-10 16:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-10 16:48 . 2014-09-10 16:49 -------- d-----w- c:\program files\iTunes 2014-09-10 16:48 . 2014-09-10 16:49 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-28 16:14 . 2013-08-26 15:48 154760 ----a-w- c:\windows\SysWow64\WRusr.dll 2014-09-28 16:14 . 2013-08-26 15:48 115680 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2014-09-28 16:14 . 2013-08-26 15:48 105320 ----a-w- c:\windows\system32\WRusr.dll 2014-09-20 15:16 . 2013-08-26 16:45 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2014-09-19 21:39 . 2014-06-28 20:17 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-09-11 19:59 . 2013-08-27 10:12 101694776 ----a-w- c:\windows\system32\MRT.exe 2014-09-02 19:32 . 2014-07-13 21:54 705480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-02 19:32 . 2014-07-13 21:54 104904 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-08-28 23:21 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-08-26 12:18 . 2013-08-26 15:51 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe 2014-08-23 06:47 . 2014-08-27 19:49 4036096 ----a-w- c:\windows\system32\win32k.sys 2014-08-22 17:14 . 2014-04-08 15:19 13792 ----a-w- c:\windows\system32\drivers\semav6thermal64ro.sys 2014-08-19 01:23 . 2014-06-28 20:17 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-28 19:52 . 2014-07-28 19:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll 2014-07-28 19:52 . 2014-07-28 19:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2014-07-15 23:03 . 2014-08-13 19:16 1300992 ----a-w- c:\windows\system32\gdi32.dll 2014-07-15 22:51 . 2014-08-13 20:03 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2014-07-12 02:36 . 2014-08-13 19:16 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-06-30 22:42 . 2014-07-10 14:42 394240 ----a-w- c:\windows\system32\devinv.dll 2014-06-30 22:42 . 2014-07-10 14:42 87552 ----a-w- c:\windows\system32\aepic.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-05-17 00:28 223432 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-05-17 00:28 223432 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-05-17 00:28 223432 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyDrive"="c:\users\Ann\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-05-17 257224] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-08-27 248208] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160] "Akamai NetSession Interface"="c:\users\Ann\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920] "HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-02-06 740376] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-09-28 767600] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart 0"="c:\program files\Common Files\microsoft shared\ink\TabTip.exe" [2014-06-11 394624] "Application Restart 8DB02F5BFC3B45E39C60F87E4F10D0085A4CE723"="c:\program files\Common Files\microsoft shared\ink\TabTip.exe" [2014-06-11 394624] . c:\users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-20 195240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\ Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2013-8-26 10395072] Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2013-8-26 10395072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x] R3 iscFlash;iscFlash;c:\programdata\Sony Corporation\Sony Packaging Manager\PackagingTemp\{A84ECFAD-3DE9-4CC7-98C2-F7EBDA07401A}\TOOL_WIN\iscflashx64.sys;c:\programdata\Sony Corporation\Sony Packaging Manager\PackagingTemp\{A84ECFAD-3DE9-4CC7-98C2-F7EBDA07401A}\TOOL_WIN\iscflashx64.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NetworkSupport;NetworkSupport;c:\program files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe;c:\program files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [x] R3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] R3 SOHDms;VAIO Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] R3 WSDScan;WSD Scan Support;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x] S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x] S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-25 02:32 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2014-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-28 21:00] . 2014-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17 04:17] . 2014-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17 04:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-05-17 00:28 262344 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-05-17 00:28 262344 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-05-17 00:28 262344 ----a-w- c:\users\Ann\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-09-20 15:17 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-09-20 15:17 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-09-20 15:17 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2013-08-26 10592256] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-11 1381744] "Bluetooth"="c:\program files\WIDCOMM\Bluetooth Software\bttray.exe" [2012-12-14 526704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-14 172016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-14 399856] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-14 442352] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\m2xatij3.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/default.aspx . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-NCUpdateHelper - c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe SafeBoot-60575516.sys . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\X6va021] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2014-09-28 17:01:55 ComboFix-quarantined-files.txt 2014-09-28 22:01 . Pre-Run: 817,708,756,992 bytes free Post-Run: 822,703,656,960 bytes free . - - End Of File - - 3F8349A656569195358FA71B8E4D3C47
  9. wismommy
    Nope, this is just an ordinary laptop, I use it for school and my kids have been gaming on it. I am the admin, and I don't know anything about any policies that may be present nor do I know what you mean by that
  10. wismommy
    sorry, again it wouldn't let me paste. every time I tried my computer locked up. here is the file: TDSSKiller.3.0.0.40_23.09.2014_17.17.09_log.txt
  11. wismommy
    Hello Naat, Thank you for taking the time to help me! I have noticed lately that my laptop has been very sluggish, programs "stop responding", flash player keeps stopping, and some programs fail to open, such as Malwarebytes. My children have taken over my laptop lately and I am afraid they may have accidently downloaded a virus. Here is the log file from Rogue Killer: Well, it says that it is too long so I will have to attach it as a file. I hope that is ok? RKreport_SCN_09202014_173021.log
  12. wismommy
    Hello, I have attached the FRST.txt and Addition.txt files below because I received an error that my post was too long. Thank you in advance, and I look forward to working with you on this. FRST.txt Addition.txt
  13. wismommy
    Should I do a reinstall of the system before I follow your steps above?
  14. wismommy
    ok i ran RK in safe mode, here is the report: RogueKiller V8.8.5 [Feb 3 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode User : Ann [Admin rights] Mode : Scan -- Date : 02/04/2014 15:53:30 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : BYRUA_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [7]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] U : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{6133c873-5bc5-23fa-4cd6-bb625cf1a256}\U [-] --> FOUND [ZeroAccess][Folder] L : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{6133c873-5bc5-23fa-4cd6-bb625cf1a256}\L [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5055GSX +++++ --- User --- [MBR] cabfa7fedb674dd5b1317e04b35a68a3 [bSP] ce5d6e2a0702a1f2d7419115ce7e7b59 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8832 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 18092032 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18296832 | Size: 468005 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02042014_155330.txt >>
  15. wismommy
    ok i downloaded from their site (bleepincomputer) does it usually take a long time for it to "check processes" before it will allow me to start to scan? it has been stuck on "Search filter host.exe" for a long time. and it also says " KILLED [TermProc] down under the "status" field...please advise
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.