-
funny...
I ran minitool box. Then, Frst just automatically updated creating a new version. It doesn't run on my computer. I tried to open the old version, but it automatically starts updating.
-
Could you post the log from Minitoolbox
FRST will run on Win 8 or 8.1, just close it out , then right click on it and select RUN AS ADMINISTRATOR, if the tool is out of date let it update and then it will run just fine
-
minitoolbox
That is what I did.
Here is the log
MiniToolBox by Farbar Version: 21-07-2014
Ran by kristen (administrator) on 23-09-2014 at 12:04:28
Running from "C:\Users\kristen\Downloads"
Microsoft Windows 8 Pro (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
**** End of log ****
-
weird
I redownloaded frst. Windows says it is blocking it from opening because it is not normally downloaded and can be dangerous.
-
got it open after a fresh download
I got it open, but windows popped back up saying windows smartscreen wasn't available to determine if it was a safe program. I chose to run it anyway. It didn't update this time at all.
Here are the results.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2014
Ran by kristen (administrator) on BOB on 23-09-2014 12:40:27
Running from C:\Users\kristen\Downloads
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Marvell Semiconductors, Inc.) C:\Windows\System32\mvbtrcsvcx64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20523_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x00E9CD2EA7D6CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
Tcpip\Parameters: [DhcpNameServer] 172.26.38.1 172.26.38.2
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Marvell AVASTAR Bluetooth Radio Adapter; C:\Windows\system32\mvbtrcsvcx64.exe [97792 2012-12-07] (Marvell Semiconductors, Inc.)
R2 Marvell Bluetooth Radio Control Service; C:\Windows\system32\mvbtrcsvcx64.exe [97792 2012-12-07] (Marvell Semiconductors, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
U3 mvbtradio; C:\Windows\system32\mvbtrcsvcx64.exe [97792 2012-12-07] (Marvell Semiconductors, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-06] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 kbfilter; C:\Windows\System32\drivers\SurfaceTouchCover.sys [29256 2012-12-11] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mwlu97w8; C:\Windows\system32\DRIVERS\mwlu97w8x64.sys [1518080 2012-12-07] (Marvell Semiconductors, Inc.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [35400 2012-12-11] (Microsoft Corporation)
S3 TrackpadSettingsDriver; C:\Windows\System32\drivers\TrackpadSettingsDriver.sys [36952 2012-12-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 12:40 - 2014-09-23 12:40 - 00007084 _____ () C:\Users\kristen\Downloads\FRST.txt
2014-09-23 12:36 - 2014-09-23 12:38 - 02106368 _____ (Farbar) C:\Users\kristen\Downloads\FRST64.exe
2014-09-23 12:04 - 2014-09-23 12:04 - 00000512 _____ () C:\Users\kristen\Desktop\Result.txt
2014-09-23 12:03 - 2014-09-23 12:03 - 00401920 _____ (Farbar) C:\Users\kristen\Downloads\MiniToolBox.exe
2014-09-23 11:27 - 2014-09-23 11:27 - 00012288 _____ () C:\Users\kristen\Desktop\Addition.txt
2014-09-23 11:13 - 2014-09-23 11:13 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-23 11:13 - 2014-09-23 11:13 - 00001382 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-23 11:13 - 2014-09-23 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-23 11:13 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-09-23 11:03 - 2014-09-23 11:03 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-09-23 10:37 - 2014-09-23 12:39 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 10:37 - 2014-09-23 10:37 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 10:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-23 10:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-23 10:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-23 10:32 - 2014-09-23 10:32 - 00000626 _____ () C:\Users\kristen\Desktop\JRT.txt
2014-09-23 10:31 - 2014-09-23 10:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-23 10:29 - 2014-09-23 10:29 - 00000711 _____ () C:\Users\kristen\Desktop\AdwCleaner[S0].txt
2014-09-23 10:24 - 2014-09-23 10:25 - 00000000 ____D () C:\AdwCleaner
2014-09-23 10:16 - 2014-09-23 10:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kristen\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 10:13 - 2014-09-23 10:14 - 01024790 _____ (Thisisu) C:\Users\kristen\Downloads\JRT.exe
2014-09-23 10:12 - 2014-09-23 10:12 - 01373475 _____ () C:\Users\kristen\Downloads\AdwCleaner.exe
2014-09-23 09:40 - 2014-09-23 09:40 - 00000000 ____D () C:\sources
2014-09-23 09:34 - 2014-09-23 11:27 - 00032985 _____ () C:\Users\kristen\Desktop\FRST.txt
2014-09-22 17:21 - 2014-09-22 17:21 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Macromedia
2014-09-22 17:17 - 2014-09-22 17:17 - 00001935 _____ () C:\Users\kristen\Desktop\aswMBR.txt
2014-09-22 17:17 - 2014-09-22 17:17 - 00000512 _____ () C:\Users\kristen\Desktop\MBR.dat
2014-09-22 14:40 - 2014-09-23 12:40 - 00000000 ____D () C:\FRST
2014-09-22 14:16 - 2014-09-22 14:16 - 00087775 _____ () C:\Users\kristen\Downloads\winupcompat.diagcab
2014-09-22 14:01 - 2014-09-23 11:09 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-645165838-755138145-599745578-1001
2014-09-22 11:56 - 2014-09-22 11:56 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-22 11:56 - 2014-09-22 11:28 - 00000000 ____D () C:\Windows.old
2014-09-22 11:52 - 2014-09-22 11:08 - 00000000 ___HD () C:\$SysReset
2014-09-22 11:16 - 2014-09-23 11:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-22 11:16 - 2014-09-22 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-09-22 11:04 - 2014-09-23 11:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-22 11:02 - 2014-09-22 11:03 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Users\kristen\AppData\Local\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files\iTunes
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files\iPod
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-22 11:02 - 2014-05-19 19:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-22 11:02 - 2014-05-19 16:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-22 11:02 - 2014-05-19 16:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-22 11:02 - 2014-05-14 15:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-09-22 11:02 - 2014-05-14 15:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-09-22 11:02 - 2014-05-14 15:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-09-22 11:02 - 2014-05-14 15:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-09-22 11:02 - 2013-08-15 22:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-22 11:02 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-22 11:02 - 2013-08-15 15:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-22 11:02 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-09-22 11:01 - 2014-09-22 11:01 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Users\kristen\AppData\Local\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\WINDOWS\CSC
2014-09-22 10:58 - 2014-09-22 10:58 - 00008368 _____ () C:\Users\kristen\Desktop\Removed Apps.html
2014-09-22 10:58 - 2014-09-22 10:58 - 00001433 _____ () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 10:58 - 2014-09-22 10:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-09-22 10:58 - 2014-09-22 10:58 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Adobe
2014-09-22 10:57 - 2014-09-23 11:19 - 01329116 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-22 10:57 - 2014-09-22 10:58 - 00000000 ____D () C:\Users\kristen
2014-09-22 10:57 - 2014-09-22 10:57 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00001225 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00000020 ___SH () C:\Users\kristen\ntuser.ini
2014-09-22 10:57 - 2014-09-22 10:57 - 00000000 ____D () C:\Users\kristen\AppData\Local\VirtualStore
2014-09-22 10:57 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-22 10:57 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 10:57 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-22 10:57 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-21 18:21 - 2014-09-21 18:21 - 00438509 _____ () C:\Users\kristen\Documents\cd506 day2.aup
2014-09-21 18:21 - 2014-09-21 18:21 - 00000000 ____D () C:\Users\kristen\Documents\cd506 day2_data
2014-09-20 08:40 - 2014-09-20 08:42 - 112794960 _____ (Apple Inc.) C:\Users\kristen\Downloads\iTunes64Setup.exe
2014-09-20 05:52 - 2014-09-20 05:52 - 01193595 _____ () C:\Users\kristen\Downloads\God_and_History_Selected_Chapters.pptx
2014-09-20 05:52 - 2014-09-20 05:52 - 01153024 _____ () C:\Users\kristen\Downloads\Relationship_between_faith_and_history.ppt
2014-09-20 05:52 - 2014-09-20 05:52 - 01022976 _____ () C:\Users\kristen\Downloads\PowerPoint.Omniscience (1).ppt
2014-09-20 05:52 - 2014-09-20 05:52 - 00162816 _____ () C:\Users\kristen\Downloads\Who_s_Afraid_of_Postmodernism.Smith.ppt
2014-09-19 12:24 - 2014-09-19 12:24 - 00000000 ____D () C:\Users\kristen\Documents\OneNote Notebooks
2014-09-19 12:22 - 2014-09-21 18:21 - 00903376 _____ () C:\Users\kristen\Documents\cd605 wk1.aup
2014-09-19 12:22 - 2014-09-19 12:39 - 00000000 ____D () C:\Users\kristen\Documents\cd605 wk1_data
2014-09-19 12:13 - 2014-09-19 12:13 - 22180353 _____ (Audacity Team ) C:\Users\kristen\Downloads\audacity-win-2.0.5.exe
2014-09-17 22:17 - 2014-09-17 22:17 - 00000000 ____D () C:\Users\kristen\Desktop\Adobe Acrobat XI Pro
2014-09-17 22:11 - 2014-09-17 22:11 - 02603176 _____ () C:\Users\kristen\Downloads\AdobeDownloadAssistant.exe
2014-09-17 15:18 - 2014-09-17 15:18 - 00000000 ___RD () C:\Users\kristen\SkyDrive
2014-09-17 14:05 - 2014-09-17 14:05 - 01144832 _____ () C:\Users\kristen\Downloads\Wk 2a -selfcare Lay ministry- with NOTES 510 .ppt
2014-09-17 14:05 - 2014-09-17 14:05 - 00145408 _____ () C:\Users\kristen\Downloads\Wk 2 a boundaries misconduct-EXL.ppt
2014-09-17 14:05 - 2014-09-17 14:05 - 00051200 _____ () C:\Users\kristen\Downloads\Week 2c Alternative to Burnout - Faris.ppt
2014-09-17 14:04 - 2014-09-17 14:04 - 00389632 _____ () C:\Users\kristen\Downloads\Wk 3b- pastoral identity .ppt
2014-09-17 13:58 - 2014-09-17 13:58 - 01022976 _____ () C:\Users\kristen\Downloads\PowerPoint.Omniscience.ppt
2014-09-17 08:52 - 2014-09-17 08:52 - 00000000 ____D () C:\RegBackup
2014-09-17 08:51 - 2014-09-17 08:52 - 04057608 _____ () C:\Users\kristen\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-17 08:06 - 2014-09-17 09:04 - 00001240 _____ () C:\Users\kristen\Documents\computer state.txt
2014-09-17 07:24 - 2014-09-17 07:24 - 00854417 _____ () C:\Users\kristen\Downloads\SecurityCheck.exe
2014-09-17 05:50 - 2014-09-17 05:51 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\kristen\Downloads\spybot2-license.exe
2014-09-17 04:32 - 2014-09-17 04:36 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\kristen\Downloads\spybot-2.4.exe
2014-09-17 04:13 - 2014-09-22 10:58 - 00000000 ____D () C:\Users\kristen\AppData\Local\Packages
2014-09-16 20:38 - 2014-09-16 20:38 - 00000000 _____ () C:\Recovery.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 12:40 - 2014-09-23 12:40 - 00007084 _____ () C:\Users\kristen\Downloads\FRST.txt
2014-09-23 12:40 - 2014-09-22 14:40 - 00000000 ____D () C:\FRST
2014-09-23 12:39 - 2014-09-23 10:37 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 12:38 - 2014-09-23 12:36 - 02106368 _____ (Farbar) C:\Users\kristen\Downloads\FRST64.exe
2014-09-23 12:04 - 2014-09-23 12:04 - 00000512 _____ () C:\Users\kristen\Desktop\Result.txt
2014-09-23 12:03 - 2014-09-23 12:03 - 00401920 _____ (Farbar) C:\Users\kristen\Downloads\MiniToolBox.exe
2014-09-23 12:01 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-23 12:00 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-23 11:27 - 2014-09-23 11:27 - 00012288 _____ () C:\Users\kristen\Desktop\Addition.txt
2014-09-23 11:27 - 2014-09-23 09:34 - 00032985 _____ () C:\Users\kristen\Desktop\FRST.txt
2014-09-23 11:23 - 2014-09-22 11:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-23 11:19 - 2014-09-22 10:57 - 01329116 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-23 11:13 - 2014-09-23 11:13 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-23 11:13 - 2014-09-23 11:13 - 00001382 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-23 11:13 - 2014-09-23 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-23 11:13 - 2014-09-22 11:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-23 11:09 - 2014-09-22 14:01 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-645165838-755138145-599745578-1001
2014-09-23 11:08 - 2012-07-26 00:28 - 00803370 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-23 11:04 - 2013-01-10 19:34 - 00006354 _____ () C:\WINDOWS\PFRO.log
2014-09-23 11:04 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-09-23 11:04 - 2012-07-26 00:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-23 11:03 - 2014-09-23 11:03 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-09-23 11:03 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-23 10:37 - 2014-09-23 10:37 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 10:32 - 2014-09-23 10:32 - 00000626 _____ () C:\Users\kristen\Desktop\JRT.txt
2014-09-23 10:31 - 2014-09-23 10:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-23 10:29 - 2014-09-23 10:29 - 00000711 _____ () C:\Users\kristen\Desktop\AdwCleaner[S0].txt
2014-09-23 10:25 - 2014-09-23 10:24 - 00000000 ____D () C:\AdwCleaner
2014-09-23 10:25 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-23 10:19 - 2014-09-23 10:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kristen\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 10:14 - 2014-09-23 10:13 - 01024790 _____ (Thisisu) C:\Users\kristen\Downloads\JRT.exe
2014-09-23 10:12 - 2014-09-23 10:12 - 01373475 _____ () C:\Users\kristen\Downloads\AdwCleaner.exe
2014-09-23 09:41 - 2013-01-10 19:34 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-23 09:40 - 2014-09-23 09:40 - 00000000 ____D () C:\sources
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-23 09:40 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-09-22 17:21 - 2014-09-22 17:21 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Macromedia
2014-09-22 17:17 - 2014-09-22 17:17 - 00001935 _____ () C:\Users\kristen\Desktop\aswMBR.txt
2014-09-22 17:17 - 2014-09-22 17:17 - 00000512 _____ () C:\Users\kristen\Desktop\MBR.dat
2014-09-22 14:16 - 2014-09-22 14:16 - 00087775 _____ () C:\Users\kristen\Downloads\winupcompat.diagcab
2014-09-22 13:51 - 2012-07-26 00:21 - 00030361 _____ () C:\WINDOWS\setupact.log
2014-09-22 11:56 - 2014-09-22 11:56 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-22 11:56 - 2012-07-26 01:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-09-22 11:28 - 2014-09-22 11:56 - 00000000 ____D () C:\Windows.old
2014-09-22 11:16 - 2014-09-22 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-09-22 11:08 - 2014-09-22 11:52 - 00000000 ___HD () C:\$SysReset
2014-09-22 11:03 - 2014-09-22 11:02 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Users\kristen\AppData\Local\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files\iTunes
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files\iPod
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-22 11:01 - 2014-09-22 11:01 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Users\kristen\AppData\Local\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-22 11:01 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\WINDOWS\CSC
2014-09-22 10:58 - 2014-09-22 10:58 - 00008368 _____ () C:\Users\kristen\Desktop\Removed Apps.html
2014-09-22 10:58 - 2014-09-22 10:58 - 00001433 _____ () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 10:58 - 2014-09-22 10:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-09-22 10:58 - 2014-09-22 10:58 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Adobe
2014-09-22 10:58 - 2014-09-22 10:57 - 00000000 ____D () C:\Users\kristen
2014-09-22 10:58 - 2014-09-17 04:13 - 00000000 ____D () C:\Users\kristen\AppData\Local\Packages
2014-09-22 10:57 - 2014-09-22 10:57 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00001225 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00000020 ___SH () C:\Users\kristen\ntuser.ini
2014-09-22 10:57 - 2014-09-22 10:57 - 00000000 ____D () C:\Users\kristen\AppData\Local\VirtualStore
2014-09-22 10:57 - 2013-01-10 19:32 - 00000000 ____D () C:\WINDOWS\Panther
2014-09-22 10:57 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-22 10:57 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-09-22 10:57 - 2012-07-25 22:37 - 00000000 __RHD () C:\Users\Default
2014-09-22 10:57 - 2012-07-25 22:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-22 10:22 - 2012-07-25 22:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-21 18:21 - 2014-09-21 18:21 - 00438509 _____ () C:\Users\kristen\Documents\cd506 day2.aup
2014-09-21 18:21 - 2014-09-21 18:21 - 00000000 ____D () C:\Users\kristen\Documents\cd506 day2_data
2014-09-21 18:21 - 2014-09-19 12:22 - 00903376 _____ () C:\Users\kristen\Documents\cd605 wk1.aup
2014-09-20 08:42 - 2014-09-20 08:40 - 112794960 _____ (Apple Inc.) C:\Users\kristen\Downloads\iTunes64Setup.exe
2014-09-20 05:52 - 2014-09-20 05:52 - 01193595 _____ () C:\Users\kristen\Downloads\God_and_History_Selected_Chapters.pptx
2014-09-20 05:52 - 2014-09-20 05:52 - 01153024 _____ () C:\Users\kristen\Downloads\Relationship_between_faith_and_history.ppt
2014-09-20 05:52 - 2014-09-20 05:52 - 01022976 _____ () C:\Users\kristen\Downloads\PowerPoint.Omniscience (1).ppt
2014-09-20 05:52 - 2014-09-20 05:52 - 00162816 _____ () C:\Users\kristen\Downloads\Who_s_Afraid_of_Postmodernism.Smith.ppt
2014-09-19 12:39 - 2014-09-19 12:22 - 00000000 ____D () C:\Users\kristen\Documents\cd605 wk1_data
2014-09-19 12:24 - 2014-09-19 12:24 - 00000000 ____D () C:\Users\kristen\Documents\OneNote Notebooks
2014-09-19 12:13 - 2014-09-19 12:13 - 22180353 _____ (Audacity Team ) C:\Users\kristen\Downloads\audacity-win-2.0.5.exe
2014-09-17 22:17 - 2014-09-17 22:17 - 00000000 ____D () C:\Users\kristen\Desktop\Adobe Acrobat XI Pro
2014-09-17 22:11 - 2014-09-17 22:11 - 02603176 _____ () C:\Users\kristen\Downloads\AdobeDownloadAssistant.exe
2014-09-17 15:18 - 2014-09-17 15:18 - 00000000 ___RD () C:\Users\kristen\SkyDrive
2014-09-17 14:05 - 2014-09-17 14:05 - 01144832 _____ () C:\Users\kristen\Downloads\Wk 2a -selfcare Lay ministry- with NOTES 510 .ppt
2014-09-17 14:05 - 2014-09-17 14:05 - 00145408 _____ () C:\Users\kristen\Downloads\Wk 2 a boundaries misconduct-EXL.ppt
2014-09-17 14:05 - 2014-09-17 14:05 - 00051200 _____ () C:\Users\kristen\Downloads\Week 2c Alternative to Burnout - Faris.ppt
2014-09-17 14:04 - 2014-09-17 14:04 - 00389632 _____ () C:\Users\kristen\Downloads\Wk 3b- pastoral identity .ppt
2014-09-17 13:58 - 2014-09-17 13:58 - 01022976 _____ () C:\Users\kristen\Downloads\PowerPoint.Omniscience.ppt
2014-09-17 09:04 - 2014-09-17 08:06 - 00001240 _____ () C:\Users\kristen\Documents\computer state.txt
2014-09-17 08:52 - 2014-09-17 08:52 - 00000000 ____D () C:\RegBackup
2014-09-17 08:52 - 2014-09-17 08:51 - 04057608 _____ () C:\Users\kristen\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-17 07:24 - 2014-09-17 07:24 - 00854417 _____ () C:\Users\kristen\Downloads\SecurityCheck.exe
2014-09-17 05:51 - 2014-09-17 05:50 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\kristen\Downloads\spybot2-license.exe
2014-09-17 04:36 - 2014-09-17 04:32 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\kristen\Downloads\spybot-2.4.exe
2014-09-16 20:38 - 2014-09-16 20:38 - 00000000 _____ () C:\Recovery.txt
Some content of TEMP:
====================
C:\Users\kristen\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-01-10 19:34
==================== End Of Log ============================
By the way, what is a creator owner in the permissions in the registry? Could someone be using it to make changes to the system?
-
got it open after a fresh download
I got it open, but windows popped back up saying windows smartscreen wasn't available to determine if it was a safe program. I chose to run it anyway. It didn't update this time at all.
Here are the results.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2014
Ran by kristen (administrator) on BOB on 23-09-2014 12:40:27
Running from C:\Users\kristen\Downloads
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Marvell Semiconductors, Inc.) C:\Windows\System32\mvbtrcsvcx64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20523_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x00E9CD2EA7D6CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
Tcpip\Parameters: [DhcpNameServer] 172.26.38.1 172.26.38.2
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Marvell AVASTAR Bluetooth Radio Adapter; C:\Windows\system32\mvbtrcsvcx64.exe [97792 2012-12-07] (Marvell Semiconductors, Inc.)
R2 Marvell Bluetooth Radio Control Service; C:\Windows\system32\mvbtrcsvcx64.exe [97792 2012-12-07] (Marvell Semiconductors, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
U3 mvbtradio; C:\Windows\system32\mvbtrcsvcx64.exe [97792 2012-12-07] (Marvell Semiconductors, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-06] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 kbfilter; C:\Windows\System32\drivers\SurfaceTouchCover.sys [29256 2012-12-11] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mwlu97w8; C:\Windows\system32\DRIVERS\mwlu97w8x64.sys [1518080 2012-12-07] (Marvell Semiconductors, Inc.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [35400 2012-12-11] (Microsoft Corporation)
S3 TrackpadSettingsDriver; C:\Windows\System32\drivers\TrackpadSettingsDriver.sys [36952 2012-12-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 12:40 - 2014-09-23 12:40 - 00007084 _____ () C:\Users\kristen\Downloads\FRST.txt
2014-09-23 12:36 - 2014-09-23 12:38 - 02106368 _____ (Farbar) C:\Users\kristen\Downloads\FRST64.exe
2014-09-23 12:04 - 2014-09-23 12:04 - 00000512 _____ () C:\Users\kristen\Desktop\Result.txt
2014-09-23 12:03 - 2014-09-23 12:03 - 00401920 _____ (Farbar) C:\Users\kristen\Downloads\MiniToolBox.exe
2014-09-23 11:27 - 2014-09-23 11:27 - 00012288 _____ () C:\Users\kristen\Desktop\Addition.txt
2014-09-23 11:13 - 2014-09-23 11:13 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-23 11:13 - 2014-09-23 11:13 - 00001382 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-23 11:13 - 2014-09-23 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-23 11:13 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-09-23 11:03 - 2014-09-23 11:03 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-09-23 10:37 - 2014-09-23 12:39 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 10:37 - 2014-09-23 10:37 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 10:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-23 10:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-23 10:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-23 10:32 - 2014-09-23 10:32 - 00000626 _____ () C:\Users\kristen\Desktop\JRT.txt
2014-09-23 10:31 - 2014-09-23 10:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-23 10:29 - 2014-09-23 10:29 - 00000711 _____ () C:\Users\kristen\Desktop\AdwCleaner[S0].txt
2014-09-23 10:24 - 2014-09-23 10:25 - 00000000 ____D () C:\AdwCleaner
2014-09-23 10:16 - 2014-09-23 10:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kristen\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 10:13 - 2014-09-23 10:14 - 01024790 _____ (Thisisu) C:\Users\kristen\Downloads\JRT.exe
2014-09-23 10:12 - 2014-09-23 10:12 - 01373475 _____ () C:\Users\kristen\Downloads\AdwCleaner.exe
2014-09-23 09:40 - 2014-09-23 09:40 - 00000000 ____D () C:\sources
2014-09-23 09:34 - 2014-09-23 11:27 - 00032985 _____ () C:\Users\kristen\Desktop\FRST.txt
2014-09-22 17:21 - 2014-09-22 17:21 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Macromedia
2014-09-22 17:17 - 2014-09-22 17:17 - 00001935 _____ () C:\Users\kristen\Desktop\aswMBR.txt
2014-09-22 17:17 - 2014-09-22 17:17 - 00000512 _____ () C:\Users\kristen\Desktop\MBR.dat
2014-09-22 14:40 - 2014-09-23 12:40 - 00000000 ____D () C:\FRST
2014-09-22 14:16 - 2014-09-22 14:16 - 00087775 _____ () C:\Users\kristen\Downloads\winupcompat.diagcab
2014-09-22 14:01 - 2014-09-23 11:09 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-645165838-755138145-599745578-1001
2014-09-22 11:56 - 2014-09-22 11:56 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-22 11:56 - 2014-09-22 11:28 - 00000000 ____D () C:\Windows.old
2014-09-22 11:52 - 2014-09-22 11:08 - 00000000 ___HD () C:\$SysReset
2014-09-22 11:16 - 2014-09-23 11:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-22 11:16 - 2014-09-22 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-09-22 11:04 - 2014-09-23 11:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-22 11:02 - 2014-09-22 11:03 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Users\kristen\AppData\Local\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files\iTunes
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files\iPod
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-22 11:02 - 2014-05-19 19:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-22 11:02 - 2014-05-19 16:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-22 11:02 - 2014-05-19 16:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-22 11:02 - 2014-05-19 16:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-22 11:02 - 2014-05-14 15:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-09-22 11:02 - 2014-05-14 15:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-09-22 11:02 - 2014-05-14 15:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-09-22 11:02 - 2014-05-14 15:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-09-22 11:02 - 2013-08-15 22:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-22 11:02 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-22 11:02 - 2013-08-15 15:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-22 11:02 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-09-22 11:01 - 2014-09-22 11:01 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Users\kristen\AppData\Local\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\WINDOWS\CSC
2014-09-22 10:58 - 2014-09-22 10:58 - 00008368 _____ () C:\Users\kristen\Desktop\Removed Apps.html
2014-09-22 10:58 - 2014-09-22 10:58 - 00001433 _____ () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 10:58 - 2014-09-22 10:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-09-22 10:58 - 2014-09-22 10:58 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Adobe
2014-09-22 10:57 - 2014-09-23 11:19 - 01329116 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-22 10:57 - 2014-09-22 10:58 - 00000000 ____D () C:\Users\kristen
2014-09-22 10:57 - 2014-09-22 10:57 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00001225 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00000020 ___SH () C:\Users\kristen\ntuser.ini
2014-09-22 10:57 - 2014-09-22 10:57 - 00000000 ____D () C:\Users\kristen\AppData\Local\VirtualStore
2014-09-22 10:57 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-22 10:57 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 10:57 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-22 10:57 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-21 18:21 - 2014-09-21 18:21 - 00438509 _____ () C:\Users\kristen\Documents\cd506 day2.aup
2014-09-21 18:21 - 2014-09-21 18:21 - 00000000 ____D () C:\Users\kristen\Documents\cd506 day2_data
2014-09-20 08:40 - 2014-09-20 08:42 - 112794960 _____ (Apple Inc.) C:\Users\kristen\Downloads\iTunes64Setup.exe
2014-09-20 05:52 - 2014-09-20 05:52 - 01193595 _____ () C:\Users\kristen\Downloads\God_and_History_Selected_Chapters.pptx
2014-09-20 05:52 - 2014-09-20 05:52 - 01153024 _____ () C:\Users\kristen\Downloads\Relationship_between_faith_and_history.ppt
2014-09-20 05:52 - 2014-09-20 05:52 - 01022976 _____ () C:\Users\kristen\Downloads\PowerPoint.Omniscience (1).ppt
2014-09-20 05:52 - 2014-09-20 05:52 - 00162816 _____ () C:\Users\kristen\Downloads\Who_s_Afraid_of_Postmodernism.Smith.ppt
2014-09-19 12:24 - 2014-09-19 12:24 - 00000000 ____D () C:\Users\kristen\Documents\OneNote Notebooks
2014-09-19 12:22 - 2014-09-21 18:21 - 00903376 _____ () C:\Users\kristen\Documents\cd605 wk1.aup
2014-09-19 12:22 - 2014-09-19 12:39 - 00000000 ____D () C:\Users\kristen\Documents\cd605 wk1_data
2014-09-19 12:13 - 2014-09-19 12:13 - 22180353 _____ (Audacity Team ) C:\Users\kristen\Downloads\audacity-win-2.0.5.exe
2014-09-17 22:17 - 2014-09-17 22:17 - 00000000 ____D () C:\Users\kristen\Desktop\Adobe Acrobat XI Pro
2014-09-17 22:11 - 2014-09-17 22:11 - 02603176 _____ () C:\Users\kristen\Downloads\AdobeDownloadAssistant.exe
2014-09-17 15:18 - 2014-09-17 15:18 - 00000000 ___RD () C:\Users\kristen\SkyDrive
2014-09-17 14:05 - 2014-09-17 14:05 - 01144832 _____ () C:\Users\kristen\Downloads\Wk 2a -selfcare Lay ministry- with NOTES 510 .ppt
2014-09-17 14:05 - 2014-09-17 14:05 - 00145408 _____ () C:\Users\kristen\Downloads\Wk 2 a boundaries misconduct-EXL.ppt
2014-09-17 14:05 - 2014-09-17 14:05 - 00051200 _____ () C:\Users\kristen\Downloads\Week 2c Alternative to Burnout - Faris.ppt
2014-09-17 14:04 - 2014-09-17 14:04 - 00389632 _____ () C:\Users\kristen\Downloads\Wk 3b- pastoral identity .ppt
2014-09-17 13:58 - 2014-09-17 13:58 - 01022976 _____ () C:\Users\kristen\Downloads\PowerPoint.Omniscience.ppt
2014-09-17 08:52 - 2014-09-17 08:52 - 00000000 ____D () C:\RegBackup
2014-09-17 08:51 - 2014-09-17 08:52 - 04057608 _____ () C:\Users\kristen\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-17 08:06 - 2014-09-17 09:04 - 00001240 _____ () C:\Users\kristen\Documents\computer state.txt
2014-09-17 07:24 - 2014-09-17 07:24 - 00854417 _____ () C:\Users\kristen\Downloads\SecurityCheck.exe
2014-09-17 05:50 - 2014-09-17 05:51 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\kristen\Downloads\spybot2-license.exe
2014-09-17 04:32 - 2014-09-17 04:36 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\kristen\Downloads\spybot-2.4.exe
2014-09-17 04:13 - 2014-09-22 10:58 - 00000000 ____D () C:\Users\kristen\AppData\Local\Packages
2014-09-16 20:38 - 2014-09-16 20:38 - 00000000 _____ () C:\Recovery.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 12:40 - 2014-09-23 12:40 - 00007084 _____ () C:\Users\kristen\Downloads\FRST.txt
2014-09-23 12:40 - 2014-09-22 14:40 - 00000000 ____D () C:\FRST
2014-09-23 12:39 - 2014-09-23 10:37 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 12:38 - 2014-09-23 12:36 - 02106368 _____ (Farbar) C:\Users\kristen\Downloads\FRST64.exe
2014-09-23 12:04 - 2014-09-23 12:04 - 00000512 _____ () C:\Users\kristen\Desktop\Result.txt
2014-09-23 12:03 - 2014-09-23 12:03 - 00401920 _____ (Farbar) C:\Users\kristen\Downloads\MiniToolBox.exe
2014-09-23 12:01 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-23 12:00 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-23 11:27 - 2014-09-23 11:27 - 00012288 _____ () C:\Users\kristen\Desktop\Addition.txt
2014-09-23 11:27 - 2014-09-23 09:34 - 00032985 _____ () C:\Users\kristen\Desktop\FRST.txt
2014-09-23 11:23 - 2014-09-22 11:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-23 11:19 - 2014-09-22 10:57 - 01329116 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-23 11:13 - 2014-09-23 11:13 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-23 11:13 - 2014-09-23 11:13 - 00001382 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-23 11:13 - 2014-09-23 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-23 11:13 - 2014-09-22 11:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-23 11:09 - 2014-09-22 14:01 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-645165838-755138145-599745578-1001
2014-09-23 11:08 - 2012-07-26 00:28 - 00803370 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-23 11:04 - 2013-01-10 19:34 - 00006354 _____ () C:\WINDOWS\PFRO.log
2014-09-23 11:04 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-09-23 11:04 - 2012-07-26 00:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-23 11:03 - 2014-09-23 11:03 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-09-23 11:03 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-23 10:37 - 2014-09-23 10:37 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 10:37 - 2014-09-23 10:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 10:32 - 2014-09-23 10:32 - 00000626 _____ () C:\Users\kristen\Desktop\JRT.txt
2014-09-23 10:31 - 2014-09-23 10:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-23 10:29 - 2014-09-23 10:29 - 00000711 _____ () C:\Users\kristen\Desktop\AdwCleaner[S0].txt
2014-09-23 10:25 - 2014-09-23 10:24 - 00000000 ____D () C:\AdwCleaner
2014-09-23 10:25 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-23 10:19 - 2014-09-23 10:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kristen\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 10:14 - 2014-09-23 10:13 - 01024790 _____ (Thisisu) C:\Users\kristen\Downloads\JRT.exe
2014-09-23 10:12 - 2014-09-23 10:12 - 01373475 _____ () C:\Users\kristen\Downloads\AdwCleaner.exe
2014-09-23 09:41 - 2013-01-10 19:34 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-23 09:40 - 2014-09-23 09:40 - 00000000 ____D () C:\sources
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-23 09:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-23 09:40 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2014-09-23 09:40 - 2012-07-26 00:49 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-23 09:40 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-09-22 17:21 - 2014-09-22 17:21 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Macromedia
2014-09-22 17:17 - 2014-09-22 17:17 - 00001935 _____ () C:\Users\kristen\Desktop\aswMBR.txt
2014-09-22 17:17 - 2014-09-22 17:17 - 00000512 _____ () C:\Users\kristen\Desktop\MBR.dat
2014-09-22 14:16 - 2014-09-22 14:16 - 00087775 _____ () C:\Users\kristen\Downloads\winupcompat.diagcab
2014-09-22 13:51 - 2012-07-26 00:21 - 00030361 _____ () C:\WINDOWS\setupact.log
2014-09-22 11:56 - 2014-09-22 11:56 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-22 11:56 - 2012-07-26 01:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-09-22 11:28 - 2014-09-22 11:56 - 00000000 ____D () C:\Windows.old
2014-09-22 11:16 - 2014-09-22 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-09-22 11:08 - 2014-09-22 11:52 - 00000000 ___HD () C:\$SysReset
2014-09-22 11:03 - 2014-09-22 11:02 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Users\kristen\AppData\Local\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files\iTunes
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files\iPod
2014-09-22 11:02 - 2014-09-22 11:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-22 11:01 - 2014-09-22 11:01 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Users\kristen\AppData\Local\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-22 11:01 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-09-22 10:59 - 2014-09-22 10:59 - 00000000 ____D () C:\WINDOWS\CSC
2014-09-22 10:58 - 2014-09-22 10:58 - 00008368 _____ () C:\Users\kristen\Desktop\Removed Apps.html
2014-09-22 10:58 - 2014-09-22 10:58 - 00001433 _____ () C:\Users\kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 10:58 - 2014-09-22 10:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-09-22 10:58 - 2014-09-22 10:58 - 00000000 ____D () C:\Users\kristen\AppData\Roaming\Adobe
2014-09-22 10:58 - 2014-09-22 10:57 - 00000000 ____D () C:\Users\kristen
2014-09-22 10:58 - 2014-09-17 04:13 - 00000000 ____D () C:\Users\kristen\AppData\Local\Packages
2014-09-22 10:57 - 2014-09-22 10:57 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00001225 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-09-22 10:57 - 2014-09-22 10:57 - 00000020 ___SH () C:\Users\kristen\ntuser.ini
2014-09-22 10:57 - 2014-09-22 10:57 - 00000000 ____D () C:\Users\kristen\AppData\Local\VirtualStore
2014-09-22 10:57 - 2013-01-10 19:32 - 00000000 ____D () C:\WINDOWS\Panther
2014-09-22 10:57 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-22 10:57 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-09-22 10:57 - 2012-07-25 22:37 - 00000000 __RHD () C:\Users\Default
2014-09-22 10:57 - 2012-07-25 22:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-22 10:22 - 2012-07-25 22:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-21 18:21 - 2014-09-21 18:21 - 00438509 _____ () C:\Users\kristen\Documents\cd506 day2.aup
2014-09-21 18:21 - 2014-09-21 18:21 - 00000000 ____D () C:\Users\kristen\Documents\cd506 day2_data
2014-09-21 18:21 - 2014-09-19 12:22 - 00903376 _____ () C:\Users\kristen\Documents\cd605 wk1.aup
2014-09-20 08:42 - 2014-09-20 08:40 - 112794960 _____ (Apple Inc.) C:\Users\kristen\Downloads\iTunes64Setup.exe
2014-09-20 05:52 - 2014-09-20 05:52 - 01193595 _____ () C:\Users\kristen\Downloads\God_and_History_Selected_Chapters.pptx
2014-09-20 05:52 - 2014-09-20 05:52 - 01153024 _____ () C:\Users\kristen\Downloads\Relationship_between_faith_and_history.ppt
2014-09-20 05:52 - 2014-09-20 05:52 - 01022976 _____ () C:\Users\kristen\Downloads\PowerPoint.Omniscience (1).ppt
2014-09-20 05:52 - 2014-09-20 05:52 - 00162816 _____ () C:\Users\kristen\Downloads\Who_s_Afraid_of_Postmodernism.Smith.ppt
2014-09-19 12:39 - 2014-09-19 12:22 - 00000000 ____D () C:\Users\kristen\Documents\cd605 wk1_data
2014-09-19 12:24 - 2014-09-19 12:24 - 00000000 ____D () C:\Users\kristen\Documents\OneNote Notebooks
2014-09-19 12:13 - 2014-09-19 12:13 - 22180353 _____ (Audacity Team ) C:\Users\kristen\Downloads\audacity-win-2.0.5.exe
2014-09-17 22:17 - 2014-09-17 22:17 - 00000000 ____D () C:\Users\kristen\Desktop\Adobe Acrobat XI Pro
2014-09-17 22:11 - 2014-09-17 22:11 - 02603176 _____ () C:\Users\kristen\Downloads\AdobeDownloadAssistant.exe
2014-09-17 15:18 - 2014-09-17 15:18 - 00000000 ___RD () C:\Users\kristen\SkyDrive
2014-09-17 14:05 - 2014-09-17 14:05 - 01144832 _____ () C:\Users\kristen\Downloads\Wk 2a -selfcare Lay ministry- with NOTES 510 .ppt
2014-09-17 14:05 - 2014-09-17 14:05 - 00145408 _____ () C:\Users\kristen\Downloads\Wk 2 a boundaries misconduct-EXL.ppt
2014-09-17 14:05 - 2014-09-17 14:05 - 00051200 _____ () C:\Users\kristen\Downloads\Week 2c Alternative to Burnout - Faris.ppt
2014-09-17 14:04 - 2014-09-17 14:04 - 00389632 _____ () C:\Users\kristen\Downloads\Wk 3b- pastoral identity .ppt
2014-09-17 13:58 - 2014-09-17 13:58 - 01022976 _____ () C:\Users\kristen\Downloads\PowerPoint.Omniscience.ppt
2014-09-17 09:04 - 2014-09-17 08:06 - 00001240 _____ () C:\Users\kristen\Documents\computer state.txt
2014-09-17 08:52 - 2014-09-17 08:52 - 00000000 ____D () C:\RegBackup
2014-09-17 08:52 - 2014-09-17 08:51 - 04057608 _____ () C:\Users\kristen\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-17 07:24 - 2014-09-17 07:24 - 00854417 _____ () C:\Users\kristen\Downloads\SecurityCheck.exe
2014-09-17 05:51 - 2014-09-17 05:50 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\kristen\Downloads\spybot2-license.exe
2014-09-17 04:36 - 2014-09-17 04:32 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\kristen\Downloads\spybot-2.4.exe
2014-09-16 20:38 - 2014-09-16 20:38 - 00000000 _____ () C:\Recovery.txt
Some content of TEMP:
====================
C:\Users\kristen\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-01-10 19:34
==================== End Of Log ============================
By the way, what is a creator owner in the permissions in the registry? Could someone be using it to make changes to the system?
I have had proxy server problems since I wrote how I was accessing the internet here. Weird.
-
Your new log looks fine
As far as Creator/Owner, it means you have full control to modify the registry
CREATOR/OWNER Full Control
Administrators Full Control
System Full Control
Still feel your having problems ?
-
well...
I did everything you told me to. I also ran spybot again after redownloading it. The definitions took a couple of times before they would update. When I did get it updated, it found some things...even after we ran all the other programs. I downloaded a firewall, since windows firewall had let this in. Then after working for awhile, the system crashed and restarted itself. I tried to screenshot the screen, but apparently it didn't take. I did let it send a report to Windows.
So, I guess we will wait and see what happens? Hopefully, it is fixed.
-
Spybot may have found some cookies and temp files. What Firewall did you install
FYI
With Windows 7 or 8, if your system is behind a hardware router, the Windows 7/8/8.1 firewall does a good job. No need a 3rd party firewall
-
Its not gone.
I downloaded Online Armour and Cryptoprevention.
I think I have it narrowed down. Activity is minimal or hardly noticeable as long as I don't have my keyboard connected. I have a Windows Surface with a touch cover. I have been using my virtual keyboard to try and run the antimalware/antiviral software. As soon as I connect my keyboard, there seems to be an ever increasing amount of activity. Today in fact, I had airplane mode on and the wifi off, thinking it may be my router. Even tethering, I could see the arrow being controlled, opening other programs, trying to change the settings changes I had just made. As soon as I disconnected the keyboard, the problems became minimal. Suggestions? Spybot has been picking up registry changes and keylogging things for awhile, including the most recent scans.
Could the user S-1-5-21-645165838-755138145-599745578-1001 that has been noted as owner of programs and listed in changes made on the system be part of a remote access keylogging thing? I am watching my computer being changed and manipulated, and I am the only person here.
Here was the spybot scan from 9-23 after ww ran the software to clean the system. When I look at the definitions, I notice that there are many that do not have the Safer-Networking as their author and are listed as blank. There are two or three that have a person's name listed.
Search results from Spybot - Search & Destroy
9/23/2014 2:33:58 PM
Scan took 00:22:41.
14 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\kristen\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WC2ATB3P\images-na.ssl-images-amazon.com\mercury.sol
Properties.size=69
Properties.md5=4E1C747345DEBB6F630D0BA502EB7C0D
Properties.filedate=1411504507
Properties.filedatetext=2014-09-23 13:35:07
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-645165838-755138145-599745578-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cookie: [SBI $49804B54] Browser: Cookie (28) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (579) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (145) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-09-22 sd2-installer.exe (2.4.40.0)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-09-10 spybotsd2-translation-nlx.exe
2014-09-23 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-09-03 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-09-17 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-09-17 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-08-27 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2014-09-17 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules