Jump to content

jbcollins72

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jbcollins72
    ok, I changed the bios to USB HDD and it still won't boot it.
  2. jbcollins72
    even after I set the BIOS to FDD I got a message that the flash drive was blocked by my current security settings. the F12 boot menu only show the HDD option. What now?
  3. jbcollins72
    Sorry, I haven't gotten back to you. I'm in Afghanistan and had to go to work. I tried what you listed above and I guess I didn't do something right because I'm still locked out. Itold the computer to boot from the CD drive and it acts like it wants to but then stops and reverts back to normal HDD boot.????????? I also tried creating another profile through the C: prompt and when I signed in I had normal access, well I ran malwarebytes and it found 93 threats. I deleted them and restarted the comp. Didn't work, I still don't have normal function. Here is that report: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.12.13 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16798 norton :: SLINGER [administrator] Protection: Enabled 3/13/2014 8:57:12 AM mbam-log-2014-03-13 (08-57-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 288353 Time elapsed: 5 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 22 C:\Program Files (x86)\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\Main (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\Main\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\SEARCHPROTECT\STG (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. Files Detected: 69 C:\$Recycle.Bin\S-1-5-21-934364362-906362943-3399077200-1001\$R9TBX3O.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\SEARCHPROTECT\STG\Init_3CAF.tmp (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTION\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTION\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTION\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTION\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTIONDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTIONDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTIONDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTIONDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\UNINSTALL\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\UNINSTALL\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\UNINSTALL\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\UNINSTALL\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. (end)
  4. jbcollins72
    ok
  5. jbcollins72
    BTW, is it safe to transfer files to an external HD?
  6. jbcollins72
    I'm still locked out of my account, I ran Malwarebytes and got the following but the other report is not on the desktop anymore. How can I get it for you? Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.12.13 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16798 jb_co_000 :: SLINGER [administrator] Protection: Enabled 3/12/2014 7:06:37 PM mbam-log-2014-03-12 (19-06-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | Heuristics/Extra | P2P Objects scanned: 15985 Time elapsed: 4 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. jbcollins72
    ok thanks. I'll get back to you
  8. jbcollins72
    EVERYTHING is disabled, running in safe mode and can do very little. Here are the results of the scan. And thanks. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014 01 Ran by jb_co_000 (administrator) on SLINGER on 12-03-2014 18:01:55 Running from C:\Users\TEMP.SLINGER.002\Desktop Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE (Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2876304 2013-01-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor) HKLM\...\Run: [lxdxmon.exe] - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424 2010-02-04] () HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.) HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation) HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-08] (Dritek System Inc.) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-934364362-906362943-3399077200-1001\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-10-24] (Acer Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x82F350492F3ECF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM - DefaultScope {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = SearchScopes: HKCU - {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://8.27.217.28:5090/codebase/DVM_IPCam2.ocx Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.155.0.1 10.121.0.20 208.67.222.222 ==================== Services (Whitelisted) ================= S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation) S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated) S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) S2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-01-17] (ELAN Microelectronics Corp.) S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies) S2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated) S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) S2 lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [29184 2009-10-16] (Lexmark International, Inc.) S2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( ) S2 lxdx_device; C:\Windows\SysWOW64\lxdxcoms.exe [589824 2009-10-16] ( ) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR) S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259728 2013-01-05] (NTI Corporation) S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-08] (Dritek System INC.) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation) R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation) S2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit) S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated) S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X] ==================== Drivers (Whitelisted) ==================== S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare) S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140304.011\BHDrvx64.sys [1526488 2014-01-14] (Symantec Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation) S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies) S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140309.011\IDSvia64.sys [521944 2014-01-15] (Symantec Corporation) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-03-05] (Intel Corporation) S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140311.001\ENG64.SYS [126040 2013-12-27] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140311.001\EX64.SYS [2099288 2013-12-27] (Symantec Corporation) S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-07-25] (CACE Technologies, Inc.) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-08] (Dritek System Inc.) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [74752 2013-04-03] (Identive) R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-03-12] (Symantec Corporation) S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation) S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [34352 2012-11-03] (Symantec Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SymELAM.sys [23448 2012-11-03] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-05-30] (Symantec Corporation) S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation) S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation) S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [154904 2013-05-30] (Symantec Corporation) R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [92544 2012-11-03] (Symantec Corporation) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-12 18:01 - 2014-03-12 18:02 - 00014647 _____ () C:\Users\TEMP.SLINGER.002\Desktop\FRST.txt 2014-03-12 18:01 - 2014-03-12 18:01 - 00000000 ____D () C:\FRST 2014-03-12 18:00 - 2014-03-12 18:00 - 02157056 _____ (Farbar) C:\Users\TEMP.SLINGER.002\Desktop\FRST64.exe 2014-03-12 17:57 - 2014-03-12 17:57 - 00022101 _____ () C:\Users\TEMP.SLINGER.002\Desktop\dds.txt 2014-03-12 17:57 - 2014-03-12 17:57 - 00015374 _____ () C:\Users\TEMP.SLINGER.002\Desktop\attach.txt 2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-12 17:55 - 2014-03-12 17:55 - 00688992 ____R (Swearware) C:\Users\TEMP.SLINGER.002\Desktop\dds.scr 2014-03-12 15:14 - 2014-03-12 17:55 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\NPE 2014-03-12 15:14 - 2014-03-12 15:14 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS 2014-03-12 15:14 - 2014-03-12 15:14 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat 2014-03-12 15:13 - 2014-03-12 15:14 - 03053496 ____N (Symantec Corporation) C:\Users\TEMP.SLINGER.002\Desktop\NPE.exe 2014-03-12 15:07 - 2014-03-12 15:07 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\clear.fi 2014-03-12 10:19 - 2014-03-12 10:20 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\TeamViewer 2014-03-12 09:03 - 2014-03-12 09:03 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-12 09:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-12 08:56 - 2014-03-12 09:02 - 00002538 _____ () C:\Users\TEMP.SLINGER.002\Desktop\Rkill.txt 2014-03-12 08:56 - 2014-03-12 08:56 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\TEMP.SLINGER.002\Desktop\rkill64.com 2014-03-12 08:51 - 2014-03-12 08:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\TEMP.SLINGER.002\Desktop\rkill.com 2014-03-12 08:36 - 2014-03-12 08:51 - 103962904 _____ (Microsoft Corporation) C:\Users\TEMP.SLINGER.002\Desktop\msert.exe 2014-03-12 07:59 - 2014-03-12 08:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEMP.SLINGER.002\Desktop\mbam-consumer.exe 2014-03-12 07:36 - 2014-03-12 07:36 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Malwarebytes 2014-03-12 07:16 - 2014-03-12 07:16 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Macromedia 2014-03-12 07:10 - 2014-03-12 07:10 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Adobe 2014-03-12 07:07 - 2014-03-12 10:22 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\IObit 2014-03-12 07:07 - 2014-03-12 10:08 - 00000000 ____D () C:\Users\TEMP.SLINGER.002 2014-03-12 07:07 - 2014-03-12 07:07 - 00000020 ___SH () C:\Users\TEMP.SLINGER.002\ntuser.ini 2014-03-12 07:07 - 2013-08-19 03:19 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 07:07 - 2013-06-20 09:28 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-03-12 07:07 - 2013-06-01 20:23 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\Microsoft Help 2014-03-12 07:07 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-12 07:07 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-12 07:02 - 2014-03-12 07:05 - 00000000 ____D () C:\Users\TEMP.SLINGER.001 2014-03-12 07:02 - 2014-03-12 07:02 - 00000000 ____D () C:\Users\TEMP.SLINGER.001\AppData\Local\Symantec 2014-03-12 05:42 - 2014-03-12 05:45 - 00000000 ____D () C:\Users\TEMP.SLINGER.000 2014-03-12 05:42 - 2014-03-12 05:42 - 00000000 ____D () C:\Users\TEMP.SLINGER.000\AppData\Local\Symantec 2014-03-12 05:12 - 2014-03-12 05:22 - 00000000 ____D () C:\Users\TEMP.SLINGER 2014-03-12 05:12 - 2014-03-12 05:12 - 00000000 ____D () C:\Users\TEMP.SLINGER\AppData\Local\Symantec 2014-03-11 17:16 - 2014-03-12 09:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-11 17:16 - 2014-03-11 17:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-11 16:08 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Symantec 2014-03-11 15:51 - 2014-03-11 15:51 - 00005000 _____ () C:\Windows\PFRO.log 2014-03-11 15:51 - 2014-03-11 15:51 - 00000000 _____ () C:\asc_rdflag 2014-03-11 15:16 - 2014-03-11 15:16 - 02995484 _____ () C:\Users\jb_co_000\Desktop\SLINGER__2014_03_11__14_55_18_TSF.sdbz 2014-03-11 14:53 - 2014-03-11 14:55 - 05671080 _____ (Symantec Corporation) C:\Users\jb_co_000\Downloads\SymHelp.exe 2014-03-09 20:18 - 2014-03-09 20:18 - 00083125 _____ () C:\Users\jb_co_000\Downloads\The Dance of Death 4-0 Beta - Ultimate Edition-10906-4-0.7z 2014-03-09 20:17 - 2014-03-09 20:17 - 00002452 _____ () C:\Users\jb_co_000\Downloads\0 Dragonborn-Dawnguard Compatibility Patch-60-.rar 2014-03-09 20:15 - 2014-03-09 20:21 - 43448187 _____ () C:\Users\jb_co_000\Downloads\Enhanced Blood Textures 3_5d-60-3-5d.rar 2014-03-06 17:47 - 2014-03-06 17:47 - 00002727 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-06 17:47 - 2014-03-06 17:47 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Skype 2014-03-06 15:31 - 2014-03-12 08:57 - 00000000 ____D () C:\Program Files\7-Zip 2014-03-06 11:28 - 2014-03-10 08:02 - 00065024 ___SH () C:\Users\jb_co_000\Desktop\Thumbs.db 2014-03-05 06:18 - 2014-03-05 06:18 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll 2014-03-05 06:18 - 2014-03-05 06:18 - 00584272 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys 2014-03-05 06:18 - 2014-03-05 06:18 - 00458960 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys 2014-03-05 06:18 - 2014-03-05 06:18 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys 2014-03-05 06:18 - 2014-03-05 06:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2014-03-05 06:18 - 2014-03-05 06:18 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-03-05 06:17 - 2014-03-05 06:18 - 00000000 ____D () C:\DrvInstall 2014-03-05 06:12 - 2014-03-12 07:02 - 00000308 _____ () C:\Windows\Tasks\Driver Booster Update.job 2014-03-05 06:12 - 2014-03-05 06:12 - 00003222 _____ () C:\Windows\System32\Tasks\Driver Booster Scan 2014-03-05 06:12 - 2014-03-05 06:12 - 00002570 _____ () C:\Windows\System32\Tasks\Driver Booster Update 2014-03-05 06:00 - 2014-03-12 07:04 - 00168111 _____ () C:\MyXML.xml 2014-03-05 06:00 - 2014-03-05 06:00 - 00003168 _____ () C:\Windows\System32\Tasks\StartMenuAutoupdate 2014-03-05 05:50 - 2014-03-05 05:50 - 00002410 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-03-05 05:50 - 2014-03-05 05:50 - 00002374 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_jb_co_000 2014-03-05 05:50 - 2014-03-05 05:50 - 00000302 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job 2014-03-05 05:50 - 2014-03-05 05:50 - 00000266 _____ () C:\Windows\Tasks\ASC7_SkipUac_jb_co_000.job 2014-03-02 11:55 - 2014-03-02 11:55 - 00001060 _____ () C:\Users\jb_co_000\Desktop\Downloads.lnk 2014-03-02 11:55 - 2014-03-02 11:55 - 00000660 _____ () C:\Users\jb_co_000\Desktop\Games.lnk 2014-02-26 17:23 - 2014-02-26 17:23 - 00000000 _____ () C:\Users\jb_co_000\Downloads\2932_WSG_ProtectingYourDatawithWindows8BitLocker_External.docx.kbtwykk.partial 2014-02-25 18:19 - 2014-03-09 06:29 - 00000000 ____D () C:\Users\jb_co_000\Documents\Skyrim Stuff 2014-02-24 10:53 - 2014-02-25 18:17 - 00000000 ____D () C:\Users\jb_co_000\Documents\Streaming Video Recorder 2014-02-24 10:52 - 2014-02-24 10:52 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\Apowersoft 2014-02-24 10:52 - 2014-02-24 10:52 - 00000000 ____D () C:\Program Files (x86)\Apowersoft 2014-02-24 10:52 - 2013-06-02 05:56 - 00031920 _____ (Wondershare) C:\Windows\system32\Drivers\Apowersoft_AudioDevice.sys 2014-02-24 10:52 - 2013-06-01 21:07 - 00443568 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftScreenCapturing.dll 2014-02-24 10:52 - 2013-06-01 21:07 - 00271536 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftScreenCapturingFilter.dll 2014-02-24 10:52 - 2013-06-01 21:07 - 00181424 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftVideoMixerFilter.dll 2014-02-22 04:00 - 2014-02-17 17:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-22 04:00 - 2014-02-17 17:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-19 19:13 - 2014-03-04 18:07 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-02-19 17:14 - 2014-02-19 17:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit 2014-02-19 17:14 - 2014-02-19 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit 2014-02-19 14:13 - 2014-03-05 06:20 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\backburner 2014-02-18 19:57 - 2014-03-12 08:57 - 00000000 ____D () C:\Users\jb_co_000\Desktop\SHORTCUTS 2014-02-18 19:56 - 2014-03-08 15:25 - 00000000 ____D () C:\Users\jb_co_000\Desktop\Game Stuff 2014-02-18 19:28 - 2014-02-18 19:28 - 00000904 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk 2014-02-15 22:48 - 2014-02-15 22:48 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-02-15 22:48 - 2014-02-15 22:48 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-02-13 15:21 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\jb_co_000\Downloads\CINEBENCH_R15 2014-02-13 15:21 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\MAXON 2014-02-11 15:36 - 2014-02-01 04:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-11 15:36 - 2014-02-01 04:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-11 15:36 - 2014-02-01 04:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-11 15:36 - 2014-02-01 04:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-02-11 15:36 - 2014-02-01 04:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-11 15:36 - 2014-02-01 04:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-11 15:36 - 2014-02-01 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-11 15:36 - 2014-02-01 02:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-11 15:36 - 2014-02-01 02:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-11 15:36 - 2014-02-01 02:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-11 15:36 - 2014-02-01 02:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-11 15:36 - 2014-02-01 02:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-11 15:36 - 2014-02-01 00:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-02-11 15:31 - 2013-12-04 18:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-11 15:31 - 2013-12-04 18:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-11 15:30 - 2013-12-08 19:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-11 15:30 - 2013-12-08 18:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-11 15:30 - 2013-12-04 18:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-11 15:30 - 2013-12-04 18:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-11 15:30 - 2013-11-01 00:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-02-11 15:25 - 2014-01-12 18:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-11 15:25 - 2014-01-12 18:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-11 15:25 - 2013-11-19 19:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-11 15:25 - 2013-11-19 18:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll ==================== One Month Modified Files and Folders ======= 2014-03-12 18:02 - 2014-03-12 18:01 - 00014647 _____ () C:\Users\TEMP.SLINGER.002\Desktop\FRST.txt 2014-03-12 18:01 - 2014-03-12 18:01 - 00000000 ____D () C:\FRST 2014-03-12 18:00 - 2014-03-12 18:00 - 02157056 _____ (Farbar) C:\Users\TEMP.SLINGER.002\Desktop\FRST64.exe 2014-03-12 17:57 - 2014-03-12 17:57 - 00022101 _____ () C:\Users\TEMP.SLINGER.002\Desktop\dds.txt 2014-03-12 17:57 - 2014-03-12 17:57 - 00015374 _____ () C:\Users\TEMP.SLINGER.002\Desktop\attach.txt 2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-12 17:55 - 2014-03-12 17:55 - 00688992 ____R (Swearware) C:\Users\TEMP.SLINGER.002\Desktop\dds.scr 2014-03-12 17:55 - 2014-03-12 15:14 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\NPE 2014-03-12 15:14 - 2014-03-12 15:14 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS 2014-03-12 15:14 - 2014-03-12 15:14 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat 2014-03-12 15:14 - 2014-03-12 15:13 - 03053496 ____N (Symantec Corporation) C:\Users\TEMP.SLINGER.002\Desktop\NPE.exe 2014-03-12 15:14 - 2013-03-08 21:57 - 00000000 ____D () C:\ProgramData\Norton 2014-03-12 15:07 - 2014-03-12 15:07 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\clear.fi 2014-03-12 10:22 - 2014-03-12 07:07 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\IObit 2014-03-12 10:20 - 2014-03-12 10:19 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\TeamViewer 2014-03-12 10:08 - 2014-03-12 07:07 - 00000000 ____D () C:\Users\TEMP.SLINGER.002 2014-03-12 09:03 - 2014-03-12 09:03 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-12 09:03 - 2014-03-11 17:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-12 09:02 - 2014-03-12 08:56 - 00002538 _____ () C:\Users\TEMP.SLINGER.002\Desktop\Rkill.txt 2014-03-12 08:57 - 2014-03-06 15:31 - 00000000 ____D () C:\Program Files\7-Zip 2014-03-12 08:57 - 2014-02-18 19:57 - 00000000 ____D () C:\Users\jb_co_000\Desktop\SHORTCUTS 2014-03-12 08:57 - 2014-02-07 16:41 - 00000000 ____D () C:\BOSS 2014-03-12 08:57 - 2014-01-06 13:56 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\Skype 2014-03-12 08:57 - 2014-01-06 13:55 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-12 08:57 - 2014-01-06 13:55 - 00000000 ____D () C:\ProgramData\Skype 2014-03-12 08:57 - 2013-12-23 15:05 - 00000000 ___RD () C:\Windows\BrowserChoice 2014-03-12 08:57 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-03-12 08:57 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore 2014-03-12 08:57 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru 2014-03-12 08:56 - 2014-03-12 08:56 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\TEMP.SLINGER.002\Desktop\rkill64.com 2014-03-12 08:51 - 2014-03-12 08:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\TEMP.SLINGER.002\Desktop\rkill.com 2014-03-12 08:51 - 2014-03-12 08:36 - 103962904 _____ (Microsoft Corporation) C:\Users\TEMP.SLINGER.002\Desktop\msert.exe 2014-03-12 08:00 - 2014-03-12 07:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEMP.SLINGER.002\Desktop\mbam-consumer.exe 2014-03-12 07:36 - 2014-03-12 07:36 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Malwarebytes 2014-03-12 07:16 - 2014-03-12 07:16 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Macromedia 2014-03-12 07:11 - 2012-07-26 02:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-12 07:10 - 2014-03-12 07:10 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Adobe 2014-03-12 07:07 - 2014-03-12 07:07 - 00000020 ___SH () C:\Users\TEMP.SLINGER.002\ntuser.ini 2014-03-12 07:05 - 2014-03-12 07:02 - 00000000 ____D () C:\Users\TEMP.SLINGER.001 2014-03-12 07:05 - 2013-05-30 16:08 - 01836177 _____ () C:\Windows\WindowsUpdate.log 2014-03-12 07:04 - 2014-03-05 06:00 - 00168111 _____ () C:\MyXML.xml 2014-03-12 07:03 - 2013-12-22 15:44 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-12 07:02 - 2014-03-12 07:02 - 00000000 ____D () C:\Users\TEMP.SLINGER.001\AppData\Local\Symantec 2014-03-12 07:02 - 2014-03-05 06:12 - 00000308 _____ () C:\Windows\Tasks\Driver Booster Update.job 2014-03-12 07:01 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-12 05:45 - 2014-03-12 05:42 - 00000000 ____D () C:\Users\TEMP.SLINGER.000 2014-03-12 05:42 - 2014-03-12 05:42 - 00000000 ____D () C:\Users\TEMP.SLINGER.000\AppData\Local\Symantec 2014-03-12 05:23 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-03-12 05:22 - 2014-03-12 05:12 - 00000000 ____D () C:\Users\TEMP.SLINGER 2014-03-12 05:12 - 2014-03-12 05:12 - 00000000 ____D () C:\Users\TEMP.SLINGER\AppData\Local\Symantec 2014-03-11 17:16 - 2014-03-11 17:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-11 17:00 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-03-11 16:08 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Symantec 2014-03-11 15:51 - 2014-03-11 15:51 - 00005000 _____ () C:\Windows\PFRO.log 2014-03-11 15:51 - 2014-03-11 15:51 - 00000000 _____ () C:\asc_rdflag 2014-03-11 15:51 - 2013-12-29 00:03 - 87539712 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-03-11 15:51 - 2013-12-29 00:03 - 00720896 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-03-11 15:51 - 2013-12-29 00:03 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2014-03-11 15:51 - 2013-12-29 00:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-03-11 15:51 - 2013-05-30 19:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-11 15:51 - 2013-05-30 16:08 - 00000000 ____D () C:\Users\jb_co_000 2014-03-11 15:49 - 2013-05-30 16:16 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-934364362-906362943-3399077200-1001 2014-03-11 15:23 - 2013-06-01 19:33 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\CrashDumps 2014-03-11 15:16 - 2014-03-11 15:16 - 02995484 _____ () C:\Users\jb_co_000\Desktop\SLINGER__2014_03_11__14_55_18_TSF.sdbz 2014-03-11 14:59 - 2013-12-22 15:44 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-11 14:55 - 2014-03-11 14:53 - 05671080 _____ (Symantec Corporation) C:\Users\jb_co_000\Downloads\SymHelp.exe 2014-03-11 14:52 - 2013-05-30 19:51 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-10 08:02 - 2014-03-06 11:28 - 00065024 ___SH () C:\Users\jb_co_000\Desktop\Thumbs.db 2014-03-10 03:53 - 2013-12-28 14:02 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Skyrim 2014-03-09 21:32 - 2014-01-15 16:05 - 00000000 ____D () C:\Users\jb_co_000\Documents\Nexus Mod Manager 2014-03-09 20:21 - 2014-03-09 20:15 - 43448187 _____ () C:\Users\jb_co_000\Downloads\Enhanced Blood Textures 3_5d-60-3-5d.rar 2014-03-09 20:18 - 2014-03-09 20:18 - 00083125 _____ () C:\Users\jb_co_000\Downloads\The Dance of Death 4-0 Beta - Ultimate Edition-10906-4-0.7z 2014-03-09 20:17 - 2014-03-09 20:17 - 00002452 _____ () C:\Users\jb_co_000\Downloads\0 Dragonborn-Dawnguard Compatibility Patch-60-.rar 2014-03-09 08:03 - 2013-11-17 09:59 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-09 06:29 - 2014-02-25 18:19 - 00000000 ____D () C:\Users\jb_co_000\Documents\Skyrim Stuff 2014-03-09 06:13 - 2013-05-30 16:45 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Deployment 2014-03-08 15:25 - 2014-02-18 19:56 - 00000000 ____D () C:\Users\jb_co_000\Desktop\Game Stuff 2014-03-08 01:34 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-03-07 14:42 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-06 17:47 - 2014-03-06 17:47 - 00002727 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-06 17:47 - 2014-03-06 17:47 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Skype 2014-03-05 06:20 - 2014-02-19 14:13 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\backburner 2014-03-05 06:20 - 2013-05-30 16:47 - 00000000 ____D () C:\Users\jb_co_000\Documents\PcSetup 2014-03-05 06:20 - 2013-03-08 22:01 - 00000000 ____D () C:\ProgramData\install_clap 2014-03-05 06:20 - 2013-03-08 21:56 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-03-05 06:20 - 2013-03-08 21:31 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-03-05 06:19 - 2013-11-28 10:52 - 00000000 ____D () C:\Users\jb_co_000\Documents\Lease 2014-03-05 06:19 - 2013-11-28 10:51 - 00000000 ____D () C:\Users\jb_co_000\Documents\Audi 2014-03-05 06:19 - 2013-11-28 10:50 - 00000000 ____D () C:\Users\jb_co_000\Documents\CH 13 2014-03-05 06:19 - 2013-08-22 07:12 - 00000000 ____D () C:\Users\jb_co_000\Documents\Workout 2014-03-05 06:19 - 2013-08-15 22:38 - 00000000 ____D () C:\Users\jb_co_000\Documents\159 2014-03-05 06:19 - 2013-07-30 20:46 - 00000000 ____D () C:\Users\jb_co_000\Documents\PCS 2013 2014-03-05 06:19 - 2013-05-30 16:47 - 00000000 ____D () C:\Users\jb_co_000\Documents\My Records Jan 08 2014-03-05 06:19 - 2013-05-30 16:47 - 00000000 ____D () C:\Users\jb_co_000\Documents\My Records AUG 09 2014-03-05 06:19 - 2013-05-30 16:47 - 00000000 ____D () C:\Users\jb_co_000\Documents\My records 2014-03-05 06:19 - 2013-05-30 16:25 - 00000000 ____D () C:\Users\jb_co_000\Documents\MCCC 2014-03-05 06:19 - 2013-05-30 16:25 - 00000000 ____D () C:\Users\jb_co_000\Documents\Kathy 2014-03-05 06:19 - 2013-05-30 16:22 - 00000000 ____D () C:\Users\jb_co_000\Documents\CGSOC 2014-03-05 06:19 - 2013-05-30 16:22 - 00000000 ____D () C:\Users\jb_co_000\Documents\BlackOut Tactical 2014-03-05 06:19 - 2013-05-30 16:12 - 00000000 ____D () C:\ProgramData\lx_Cats 2014-03-05 06:19 - 2013-03-08 21:27 - 00000000 ____D () C:\Dolby PCEE4 2014-03-05 06:18 - 2014-03-05 06:18 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll 2014-03-05 06:18 - 2014-03-05 06:18 - 00584272 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys 2014-03-05 06:18 - 2014-03-05 06:18 - 00458960 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys 2014-03-05 06:18 - 2014-03-05 06:18 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys 2014-03-05 06:18 - 2014-03-05 06:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2014-03-05 06:18 - 2014-03-05 06:18 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-03-05 06:18 - 2014-03-05 06:17 - 00000000 ____D () C:\DrvInstall 2014-03-05 06:12 - 2014-03-05 06:12 - 00003222 _____ () C:\Windows\System32\Tasks\Driver Booster Scan 2014-03-05 06:12 - 2014-03-05 06:12 - 00002570 _____ () C:\Windows\System32\Tasks\Driver Booster Update 2014-03-05 06:12 - 2013-09-27 20:54 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\IObit 2014-03-05 06:12 - 2013-09-27 20:54 - 00000000 ____D () C:\ProgramData\IObit 2014-03-05 06:12 - 2013-09-27 20:54 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-03-05 06:00 - 2014-03-05 06:00 - 00003168 _____ () C:\Windows\System32\Tasks\StartMenuAutoupdate 2014-03-05 05:50 - 2014-03-05 05:50 - 00002410 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-03-05 05:50 - 2014-03-05 05:50 - 00002374 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_jb_co_000 2014-03-05 05:50 - 2014-03-05 05:50 - 00000302 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job 2014-03-05 05:50 - 2014-03-05 05:50 - 00000266 _____ () C:\Windows\Tasks\ASC7_SkipUac_jb_co_000.job 2014-03-04 18:07 - 2014-02-19 19:13 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-02 14:05 - 2013-06-01 20:20 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-02 11:55 - 2014-03-02 11:55 - 00001060 _____ () C:\Users\jb_co_000\Desktop\Downloads.lnk 2014-03-02 11:55 - 2014-03-02 11:55 - 00000660 _____ () C:\Users\jb_co_000\Desktop\Games.lnk 2014-02-26 17:23 - 2014-02-26 17:23 - 00000000 _____ () C:\Users\jb_co_000\Downloads\2932_WSG_ProtectingYourDatawithWindows8BitLocker_External.docx.kbtwykk.partial 2014-02-25 18:19 - 2013-05-30 16:51 - 00000000 ____D () C:\Users\jb_co_000\Documents\Bluetooth Folder 2014-02-25 18:17 - 2014-02-24 10:53 - 00000000 ____D () C:\Users\jb_co_000\Documents\Streaming Video Recorder 2014-02-24 10:52 - 2014-02-24 10:52 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\Apowersoft 2014-02-24 10:52 - 2014-02-24 10:52 - 00000000 ____D () C:\Program Files (x86)\Apowersoft 2014-02-20 17:55 - 2013-12-28 13:54 - 00000000 ____D () C:\Users\jb_co_000\Documents\My Games 2014-02-19 19:12 - 2014-01-15 17:02 - 00000000 ____D () C:\Games 2014-02-19 17:14 - 2014-02-19 17:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit 2014-02-19 17:14 - 2014-02-19 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit 2014-02-18 19:28 - 2014-02-18 19:28 - 00000904 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk 2014-02-18 19:28 - 2014-02-07 17:55 - 00000000 ____D () C:\Program Files\Nexus Mod Manager 2014-02-17 17:03 - 2014-02-22 04:00 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-17 17:03 - 2014-02-22 04:00 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-17 14:41 - 2013-09-28 02:20 - 00027456 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe 2014-02-17 04:51 - 2013-08-18 18:02 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\vlc 2014-02-16 20:37 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache 2014-02-16 20:31 - 2013-07-22 14:50 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-16 03:18 - 2013-05-30 16:08 - 00000000 ___RD () C:\Users\jb_co_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-16 03:18 - 2013-05-30 16:08 - 00000000 ___RD () C:\Users\jb_co_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-16 03:14 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData 2014-02-15 22:48 - 2014-02-15 22:48 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-02-15 22:48 - 2014-02-15 22:48 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-02-15 03:54 - 2013-12-22 15:44 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-15 03:54 - 2013-12-22 15:44 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-13 15:21 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\jb_co_000\Downloads\CINEBENCH_R15 2014-02-13 15:21 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\MAXON 2014-02-10 12:29 - 2013-05-30 16:45 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Apps\2.0 Some content of TEMP: ==================== C:\Users\jb_co_000\AppData\Local\Temp\SkypeSetup.exe C:\Users\TEMP.SLINGER.002\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-08 04:00 ==================== End Of Log ============================ And the second file: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2014 01 Ran by jb_co_000 at 2014-03-12 18:02:25 Running from C:\Users\TEMP.SLINGER.002\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0077 - NTI Corporation) Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated) Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3002 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.2.0 - IObit) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.) Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk) Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version: - Autodesk) Autodesk MatchMover 2013 64-bit (HKLM\...\{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}) (Version: 14.00.0000 - Autodesk) Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk) Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden Backup Manager v4 (x32 Version: 4.0.0.0077 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated) Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.) Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.2 - IObit) Easy Phone Sync (HKLM-x32\...\{A33EB00C-AE4D-46DC-83DA-1FBFE2D1E71C}) (Version: 64 - Media Mushroom Limited) ETDWare PS/2-X64 11.6.19.204_WHQL (HKLM\...\Elantech) (Version: 11.6.19.204 - ELAN Microelectronic Corp.) ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies) Game Assistant (HKLM-x32\...\GameAssistant_is1) (Version: Beta 1.1 - VTools) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden HID Monitor (HKLM-x32\...\{1C8D89D8-6B60-4034-9934-3AE90101CB22}) (Version: 1.1.3 - Acer Incorporated) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.8.2434 - IObit) IPcamera (HKLM-x32\...\{584607EC-B6DE-4F33-A380-E525167CDDCE}) (Version: 1.2.9 - Foscam) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.) Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version: - Lexmark International, Inc.) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated) Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) ManageMyMobile (HKLM-x32\...\ManageMyMobile_is1) (Version: 1.0 - IObit) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.24.exe - NETGEAR Inc.) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.3 - Black Tree Gaming) NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version: - ) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.30 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28130 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated) Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SteamVR (HKLM-x32\...\Steam App 250820) (Version: - ) Streaming Video Recorder V4.6.8 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.6.8 - Apowersoft) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) Symantec Endpoint Protection (HKLM\...\{C2103AF2-E66C-446B-9791-9207840EC821}) (Version: 12.1.2015.2015 - Symantec Corporation) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) The Walking Dead (HKLM-x32\...\The Walking Dead) (Version: 1.0.0.15 - Telltale Games) TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 20-02-2014 00:13:30 Installed Steam 27-02-2014 09:22:08 Scheduled Checkpoint 05-03-2014 11:16:53 Driver Booster : Bluetooth USB Module 06-03-2014 20:30:23 Installed 7-Zip 9.20 (x64 edition) ==================== Hosts content: ========================== 2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {122642E5-8DFF-4358-B9B0-9FA25D816871} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] () Task: {19CCAE54-70A1-4C56-BB05-49D318A9B6EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.) Task: {1AA068F7-F0C9-44E5-87BD-D6D54B9F2666} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1F44A1B6-88F9-4E24-ACFF-A9706217984A} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] () Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2ADC03A3-C6E5-489A-A7BF-D63F884D1853} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.) Task: {3DE3068C-DA0A-416A-94A6-D5C32539BC5A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] () Task: {4B7C2693-3AE2-46FE-80A9-9F6B11A2795E} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit) Task: {4F4BCD84-0D20-4A04-9767-360857752A16} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit) Task: {56DD59E1-3928-4999-871D-FC73A5A27ABB} - System32\Tasks\ASC7_SkipUac_jb_co_000 => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-02-14] (IObit) Task: {5FFD5723-3FB7-439A-A850-6057AB2F5017} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink) Task: {645646D5-1128-4F32-9E3F-ADE62394C7AF} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] () Task: {77AB42A0-DB09-4558-A05D-DB48C0396008} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.) Task: {7F4350DE-5CC7-4C86-A6FD-661384871F11} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated) Task: {9074AB62-E4EE-4B81-A30C-B363BA8BC948} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.) Task: {909FDB85-925E-4A3C-BF3E-15BD58C73D30} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2013-11-25] () Task: {94B0B10D-090B-435A-A30A-6D152D3DF957} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated) Task: {9F4A7C67-8310-4A26-8584-47DD3699136D} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-01-07] (IObit) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {A95EE518-7A89-4DD6-80AA-FE2CA0E3303D} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe Task: {AA708C68-3A69-4311-8B66-D1E0FAC0C696} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-02-11] (IObit) Task: {B175D08B-AB7B-4FBF-8AC8-3BBCEED83439} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-02-13] (IObit) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {E4C31161-D1AA-4348-A808-0D222561CCAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F3A186E2-9390-4BCF-A748-7FD6C87F1541} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ASC7_SkipUac_jb_co_000.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410.SYS => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" MSCONFIG\startupreg: APSDaemon => "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" MSCONFIG\startupreg: BtPreLoad => "c:\program files (x86)\qualcomm atheros\bluetooth suite\btpreload.exe" MSCONFIG\startupreg: iTunesHelper => "c:\program files (x86)\itunes\ituneshelper.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2014 07:07:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (03/12/2014 07:07:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER) Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (03/12/2014 07:07:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER) Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. DETAIL - The configuration registry database is corrupt. Error: (03/12/2014 07:07:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. DETAIL - The configuration registry database is corrupt. for C:\Users\jb_co_000\ntuser.dat Error: (03/12/2014 07:05:01 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows cannot delete the profile directory C:\Users\TEMP.SLINGER.001. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty. Error: (03/12/2014 07:03:22 AM) (Source: System Restore) (User: ) Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Installed 7-Zip 9.20 (x64 edition)). Error: (03/12/2014 07:02:23 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (03/12/2014 07:02:23 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER) Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (03/12/2014 07:02:23 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER) Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. DETAIL - The configuration registry database is corrupt. Error: (03/12/2014 07:02:23 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY) Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. DETAIL - The configuration registry database is corrupt. for C:\Users\jb_co_000\ntuser.dat System errors: ============= Error: (03/12/2014 06:01:35 PM) (Source: DCOM) (User: SLINGER) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/12/2014 06:00:29 PM) (Source: DCOM) (User: SLINGER) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/12/2014 05:59:54 PM) (Source: DCOM) (User: SLINGER) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/12/2014 05:58:00 PM) (Source: DCOM) (User: SLINGER) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/12/2014 05:57:23 PM) (Source: DCOM) (User: SLINGER) Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (03/12/2014 05:57:23 PM) (Source: DCOM) (User: SLINGER) Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (03/12/2014 05:57:23 PM) (Source: DCOM) (User: SLINGER) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/12/2014 05:56:59 PM) (Source: DCOM) (User: SLINGER) Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (03/12/2014 05:56:59 PM) (Source: DCOM) (User: SLINGER) Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (03/12/2014 05:56:57 PM) (Source: DCOM) (User: SLINGER) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 5955.27 MB Available physical RAM: 4184.74 MB Total Pagefile: 11331.27 MB Available Pagefile: 9807.47 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.95 GB) (Free:159.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 9A864B2E) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 19 GB) (Disk ID: 0DA3A100) Partition: GPT Partition Type. ==================== End Of Log ============================
  9. jbcollins72
    I'm at my wits end, I contracted the FBI Moneypak virus the other day and can't get rid of it. I have Symantec and ran a scan, no luck. Malwarebytes didn't pick up anything either. I can only run in safe mode. I have Windows 8. Please help. BTW can I safely backup my files to an external hard drive? JB
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.