Jump to content

jebarr

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks again for all the help and information. She was eternally grateful!
  2. ok thanks for all the help Kevin. I have attached the delfix log and a final MWbytes log. I guess its good to go. There is still a lot of corrupted files done by the howdecrypt ransomware that I guess is lost. I used Anti-CryptorBitV2 to fix as many files as possible but it doesn't seem to be able to fix certain kinds such as .png and video files. DelFix.txt mwblog.txt
  3. checkup.txt: Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 17 Java 6 Update 3 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (28.0) Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  4. eset scan: C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application C:\Program Files (x86)\Conduit\Community Alerts\Alert0.dll Win32/Toolbar.Conduit.Y potentially unwanted application C:\Program Files (x86)\Conduit\CT3286042\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Program Files (x86)\Conduit\CT3298566\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Program Files (x86)\Web Layers\bin\utilWebLayers.exe a variant of Win32/BrowseFox.G potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.22.5.510_0\TBHostSupport\TBHostSupport.dll a variant of Win32/Toolbar.Conduit.AA potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\inject.js Win32/AdWare.BetterSurf.A application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1\inject.js Win32/AdWare.BetterSurf.A application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\101_cortica_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\105_corticas_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\107_coupish_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\108_icm_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\116_ads_only_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\117_coupons_intext_ads_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\119_similar_web_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\120_luck_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\123_intext_adv_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\125_arcadi2_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\126_revizer_ws_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\127_revizer_p_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\128_superfish_pricora_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\129_widdit_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\135_arcadi3_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\138_getdeal_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\141_corticas_ru_m.js.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\142_intext_fa_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\155_ibario_pops_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\159_cortica_rollover_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\171_arcadi2_sourceID_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\175_coolmirage_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\178_revizer_ws_dynamic_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\179_revizer_p_dynamic_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\92_superfish_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam\1.25.16_0\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.0.588_0\TBHostSupport\TBHostSupport.dll a variant of Win32/Toolbar.Conduit.AA potentially unwanted application C:\Users\5star\AppData\Local\Temp\scoped_dir_8436_26595\CRX_INSTALL\inject.js Win32/AdWare.BetterSurf.A application C:\Users\5star\AppData\Local\Temp\scoped_dir_8436_7272\CRX_INSTALL\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Users\5star\AppData\Local\Torch\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.21.1.7_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Users\5star\AppData\Local\Torch\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\inject.js Win32/AdWare.BetterSurf.A application C:\Users\5star\AppData\Local\Torch\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.21.1.7_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Users\5star\AppData\Local\Torch\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.21.1.7_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application C:\Windows\Installer\MSI25FE.tmp a variant of Win64/Adware.Adpeak.B application C:\Windows\System32\ARFC\wrtc.exe a variant of Win32/Toolbar.Perion.G potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\InternetHelper3.1\hk64tbInte.dll Win64/Toolbar.Conduit.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\InternetHelper3.1\hktbInte.dll Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\InternetHelper3.1\ldrtbInte.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\InternetHelper3.1\tbInte.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\KeyBar_1.8\hk64tbKeyB.dll Win64/Toolbar.Conduit.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\KeyBar_1.8\hktbKeyB.dll Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\KeyBar_1.8\ldrtbKeyB.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\KeyBar_1.8\tbKeyB.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\KeyBar_1.8\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\MixiDJ_V30\hk64tbMixi.dll Win64/Toolbar.Conduit.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\MixiDJ_V30\hktbMixi.dll Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\MixiDJ_V30\ldrtbMixi.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\MixiDJ_V30\tbMixi.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\SweetPacks\hk64tbSwee.dll Win64/Toolbar.Conduit.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\SweetPacks\hktbSwee.dll Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\SweetPacks\ldrtbSwee.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\SweetPacks\tbSwee.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhit.dll Win64/Toolbar.Conduit.A potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhit.dll Win32/Toolbar.Conduit.W potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhit.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhit.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\ARFC\wrtc.exe a variant of Win32/Toolbar.Perion.G potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\InternetHelper3.1\hk64tbInte.dll Win64/Toolbar.Conduit.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\InternetHelper3.1\hktbInte.dll Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\InternetHelper3.1\ldrtbInte.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\InternetHelper3.1\tbInte.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\KeyBar_1.8\hk64tbKeyB.dll Win64/Toolbar.Conduit.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\KeyBar_1.8\hktbKeyB.dll Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\KeyBar_1.8\ldrtbKeyB.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\KeyBar_1.8\tbKeyB.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\KeyBar_1.8\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MixiDJ_V30\hk64tbMixi.dll Win64/Toolbar.Conduit.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MixiDJ_V30\hktbMixi.dll Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MixiDJ_V30\ldrtbMixi.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MixiDJ_V30\tbMixi.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetPacks\hk64tbSwee.dll Win64/Toolbar.Conduit.B potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetPacks\hktbSwee.dll Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetPacks\ldrtbSwee.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetPacks\tbSwee.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hk64tbWhit.dll Win64/Toolbar.Conduit.A potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\hktbWhit.dll Win32/Toolbar.Conduit.W potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\ldrtbWhit.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_New\tbWhit.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
  5. After running Malwarebytes, it said no detections found and did not say to reboot. I am attaching the mbamlog. mbamlog.txt
  6. Ok thanks and here is the fixlog.txt. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by 5star at 2014-04-11 10:16:30 Run:1 Running from C:\Users\5star\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKU\S-1-5-21-18831766-3109027239-72897839-1000\...\Run: [Google Update*] - [X] <===== ATTENTION (ZeroAccess rootkit hidden path) HKU\S-1-5-21-18831766-3109027239-72897839-1000\...\MountPoints2: {19efeb1f-7f57-11e2-96a7-00266cba5d49} - E:\.\amvtransform.exe HKU\S-1-5-21-18831766-3109027239-72897839-1000\...\Winlogon: [shell] ,explorer.exe <==== ATTENTION IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0CF11829-B9CA-4F7C-9F6C-A3CAA344D7C1} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...edir=843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20121031213642161&tb_oid=31-10-2012&tb_mrud=31-10-2012 SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {0CF11829-B9CA-4F7C-9F6C-A3CAA344D7C1} URL = http://search.condui...rchSource=45&q={searchTerms} SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...edir=843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20121031213642161&tb_oid=31-10-2012&tb_mrud=31-10-2012 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.tb.ask...3002&searchfor={searchTerms} SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKCU - {C9C28784-B173-48B7-9FDC-71234D559ADE} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN24731336142351114&UM=2 Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{f1c3759c-1ed8-dd3d-3546-c5e45760822a}\ \...\???\{f1c3759c-1ed8-dd3d-3546-c5e45760822a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) C:\Users\5star\AppData\Local\Google\Desktop\Install C:\Program Files (x86)\Google\Desktop\Install C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini C:\Users\5star\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\5star\AppData\Local\Temp\OLMAPI32.DLL C:\Users\5star\AppData\Local\Temp\tbInt2.dll C:\Users\5star\AppData\Local\Temp\tbWhi0.dll DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client Task: {05C6137D-B63A-43C6-A6AF-FB359AE677C9} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GC\Runner.exe <==== ATTENTION Task: {AC0A7B25-84D4-4374-B3A3-DFF4DE55970C} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:D346F792 End ***************** HKU\S-1-5-21-18831766-3109027239-72897839-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. HKU\S-1-5-21-18831766-3109027239-72897839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19efeb1f-7f57-11e2-96a7-00266cba5d49} => Key deleted successfully. HKCR\CLSID\{19efeb1f-7f57-11e2-96a7-00266cba5d49} => Key not found. HKU\S-1-5-21-18831766-3109027239-72897839-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CF11829-B9CA-4F7C-9F6C-A3CAA344D7C1} => Key deleted successfully. HKCR\CLSID\{0CF11829-B9CA-4F7C-9F6C-A3CAA344D7C1} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key deleted successfully. HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{25BDD90A-BAB7-41CE-A211-36A4F6A02790} => Key deleted successfully. HKCR\CLSID\{25BDD90A-BAB7-41CE-A211-36A4F6A02790} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3351718C-02F4-4A0E-91B0-0E287155ED2C} => Key deleted successfully. HKCR\CLSID\{3351718C-02F4-4A0E-91B0-0E287155ED2C} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33E1E8E2-807C-48B6-A7F2-9136E6E07638} => Key deleted successfully. HKCR\CLSID\{33E1E8E2-807C-48B6-A7F2-9136E6E07638} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key deleted successfully. HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b} => Key deleted successfully. HKCR\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key deleted successfully. HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9C28784-B173-48B7-9FDC-71234D559ADE} => Key deleted successfully. HKCR\CLSID\{C9C28784-B173-48B7-9FDC-71234D559ADE} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Value deleted successfully. HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Key not found. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll *etadpug => Service deleted successfully. C:\Users\5star\AppData\Local\Google\Desktop\Install => Moved successfully. C:\Program Files (x86)\Google\Desktop\Install => Moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully. C:\Users\5star\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully. C:\Users\5star\AppData\Local\Temp\OLMAPI32.DLL => Moved successfully. C:\Users\5star\AppData\Local\Temp\tbInt2.dll => Moved successfully. C:\Users\5star\AppData\Local\Temp\tbWhi0.dll => Moved successfully. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started. "C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05C6137D-B63A-43C6-A6AF-FB359AE677C9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05C6137D-B63A-43C6-A6AF-FB359AE677C9} => Key deleted successfully. C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC0A7B25-84D4-4374-B3A3-DFF4DE55970C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC0A7B25-84D4-4374-B3A3-DFF4DE55970C} => Key deleted successfully. C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups => Key deleted successfully. C:\windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully. C:\ProgramData\TEMP => ":D346F792" ADS removed successfully. ==== End of Fixlog ====
  7. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated) Ran by 5star (administrator) on 5STAR-PC on 10-04-2014 20:54:38 Running from C:\Users\5star\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\windows\system32\semaphore-Threads.exe () C:\windows\system32\idle-Threads.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [X] HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-18831766-3109027239-72897839-1000\...\Run: [Google Update*] - [X] <===== ATTENTION (ZeroAccess rootkit hidden path) HKU\S-1-5-21-18831766-3109027239-72897839-1000\...\MountPoints2: {19efeb1f-7f57-11e2-96a7-00266cba5d49} - E:\.\amvtransform.exe HKU\S-1-5-21-18831766-3109027239-72897839-1000\...\Winlogon: [shell] ,explorer.exe <==== ATTENTION IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-362&v=n9854-155&t=4 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66043 URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File SearchScopes: HKLM - DefaultScope {3351718C-02F4-4A0E-91B0-0E287155ED2C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {3351718C-02F4-4A0E-91B0-0E287155ED2C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=n9854-155&apn_uid=5343033891164315&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0CF11829-B9CA-4F7C-9F6C-A3CAA344D7C1} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20121031213642161&tb_oid=31-10-2012&tb_mrud=31-10-2012 SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=n9854-155&apn_uid=5343033891164315&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM-x32 - {ED2BE323-C9CD-44FE-9F92-6F3FD380A586} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKCU - DefaultScope {ED2BE323-C9CD-44FE-9F92-6F3FD380A586} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS468 SearchScopes: HKCU - {0CF11829-B9CA-4F7C-9F6C-A3CAA344D7C1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN24793676811016516&UM=2 SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=66043 SearchScopes: HKCU - {25BDD90A-BAB7-41CE-A211-36A4F6A02790} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN14357639331888918&UM=2 SearchScopes: HKCU - {3351718C-02F4-4A0E-91B0-0E287155ED2C} URL = SearchScopes: HKCU - {33E1E8E2-807C-48B6-A7F2-9136E6E07638} URL = http://search.conduit.com/Results.aspx?ctid=CT3304764&SearchSource=45&q={searchTerms} SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20121031213642161&tb_oid=31-10-2012&tb_mrud=31-10-2012 SearchScopes: HKCU - {7ECD9771-ADED-43EC-96ED-B88543FBCA9F} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=n9854-155&apn_uid=5343033891164315&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YJ^xdm093^S06321^us&si=1579&ptb=8C7590E3-7F18-43B8-90E4-C266B90DF2D3&psa=&ind=2013081602&st=sb&n=77fd3002&searchfor={searchTerms} SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKCU - {C9C28784-B173-48B7-9FDC-71234D559ADE} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN24731336142351114&UM=2 SearchScopes: HKCU - {ED2BE323-C9CD-44FE-9F92-6F3FD380A586} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS468 SearchScopes: HKCU - {F31C4E24-7FC4-4DFF-ACCF-89C1F4267C6A} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20131043,19669,0,GC29,7635 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.250.1 FireFox: ======== FF ProfilePath: C:\Users\5star\AppData\Roaming\Mozilla\Firefox\Profiles\fqye8sa8.default-1397161487666 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-09] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplusv1.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-09] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (BetterSurf Plus V1) - C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajadlheagenmmedmhaoafgkdenfilcme [2014-03-29] CHR Extension: (SweetPacks) - C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-10-25] CHR Extension: (BetterSurf) - C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-14] CHR Extension: (LyricsParty-16) - C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghaibkaafjfmcnfiokfdnijnkpeggam [2013-10-25] CHR Extension: (Norton Identity Protection) - C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-10-30] CHR Extension: (InternetHelper3.1) - C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-09-02] CHR Extension: (Google Wallet) - C:\Users\5star\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07] CHR HKCU\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\5star\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-20] CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\5star\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-17] CHR HKCU\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\5star\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx [2013-10-17] CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\5star\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-27] CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\5star\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-10-24] CHR HKLM-x32\...\Chrome\Extension: [ajadlheagenmmedmhaoafgkdenfilcme] - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ch\BetterSurfPlusV1.crx [2013-10-24] CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\5star\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-20] CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-10-20] CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\5star\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\5star\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\5star\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-27] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\Extensions\Chrome.crx [2013-10-30] CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\5star\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-10-24] ==================== Services (Whitelisted) ================= S2 .Net Crypt; C:\Windows\System32\mutex-Threads.exe [9536624 2013-12-03] () R2 .Net Main; C:\Windows\System32\idle-Threads.exe [9358960 2014-03-31] () S2 .Net Security; C:\Windows\System32\latch-Threads.exe [9541232 2013-12-03] () R2 .Net Semaphore; C:\Windows\System32\semaphore-Threads.exe [480368 2013-12-03] () R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] () R2 MSSQL$SOSHOME309; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] () R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation) S2 SupportDockService.exe; C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-09-04] (iYogi Technical Services) S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{f1c3759c-1ed8-dd3d-3546-c5e45760822a}\ \...\???\{f1c3759c-1ed8-dd3d-3546-c5e45760822a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R0 scssifilter; C:\Windows\System32\Drivers\scssifilter64.sys [18928 2013-12-03] (Microsoft Corporation) R0 usbmp3; C:\Windows\System32\Drivers\usbmp364.sys [18928 2013-12-03] () R0 usbvox; C:\Windows\System32\Drivers\usbvox64.sys [20464 2013-12-03] () R0 usbwav; C:\Windows\System32\Drivers\usbwav64.sys [15856 2013-12-03] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-10 20:54 - 2014-04-10 20:54 - 00020893 _____ () C:\Users\5star\Downloads\FRST.txt 2014-04-10 20:54 - 2014-04-10 20:54 - 00000000 ____D () C:\FRST 2014-04-10 20:53 - 2014-04-10 20:53 - 02157056 _____ (Farbar) C:\Users\5star\Downloads\FRST64.exe 2014-04-10 20:28 - 2014-04-10 20:28 - 01402880 _____ () C:\Users\5star\Downloads\HijackThis.msi 2014-04-10 20:20 - 2014-04-10 20:20 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk 2014-04-10 20:19 - 2014-04-10 20:20 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-04-10 15:16 - 2014-04-10 15:37 - 220860416 _____ () C:\Users\5star\Downloads\LibreOffice_4.2.3_Win_x86.msi 2014-04-09 06:11 - 2014-04-09 06:11 - 00421200 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp100.dll 2014-04-09 05:48 - 2014-03-13 01:33 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-04-09 05:48 - 2014-03-13 01:33 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-04-09 05:48 - 2014-03-13 01:33 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-04-09 05:48 - 2014-03-13 01:32 - 19273728 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-04-09 05:48 - 2014-03-13 01:32 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-04-09 05:48 - 2014-03-13 01:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-04-09 05:48 - 2014-03-13 01:32 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-04-09 05:48 - 2014-03-13 01:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-04-09 05:48 - 2014-03-13 01:32 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-04-09 05:48 - 2014-03-13 01:31 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-04-09 05:48 - 2014-03-13 01:31 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-04-09 05:48 - 2014-03-13 01:31 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-04-09 05:48 - 2014-03-13 01:31 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2014-04-09 05:48 - 2014-03-13 01:31 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-04-09 05:48 - 2014-03-13 01:31 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-04-09 05:48 - 2014-03-13 00:10 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-04-09 05:48 - 2014-03-13 00:10 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-04-09 05:48 - 2014-03-13 00:09 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-04-09 05:48 - 2014-03-12 23:57 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-04-09 05:48 - 2014-03-12 23:47 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-09 05:48 - 2014-03-12 22:59 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2014-04-09 05:48 - 2014-03-12 22:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-09 05:45 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-04-09 05:45 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2014-04-09 05:45 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2014-04-09 05:45 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2014-04-09 05:45 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2014-04-09 05:45 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2014-04-09 05:45 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-04-09 05:45 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2014-04-09 05:45 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2014-04-09 05:45 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2014-04-09 05:45 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2014-04-09 05:45 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys 2014-04-09 05:45 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys 2014-04-09 05:45 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys 2014-04-09 05:45 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll 2014-04-09 05:45 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll 2014-04-09 05:45 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys 2014-04-07 21:32 - 2014-04-07 21:32 - 03973120 _____ (iText Group NV) C:\Users\5star\Desktop\itextsharp.dll 2014-04-07 21:22 - 2014-04-07 21:23 - 00005656 _____ () C:\Users\5star\Documents\Mamma Mi1.odt 2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Users\5star\AppData\Local\{C5D620CB-1BDC-4F39-8E2F-88A82F51D706} 2014-04-03 03:17 - 2013-12-21 04:39 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-04-03 03:17 - 2013-12-21 02:56 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-04-02 16:29 - 2014-04-02 16:33 - 00000000 ____D () C:\Users\5star\Desktop\2012-11-21 Johnathan & Ariel's wedding-copy 2014-04-02 16:18 - 2014-04-02 16:26 - 00000000 ____D () C:\Users\5star\Desktop\2011-2012 pix copy 2014-04-02 16:15 - 2014-04-02 16:15 - 00000000 ____D () C:\Users\5star\Desktop\Ariel's Pix - Copy 2014-04-02 16:06 - 2014-04-02 16:06 - 00462336 _____ (Dino Chiesa) C:\Users\5star\Desktop\Ionic.Zip.dll 2014-04-02 15:59 - 2014-04-02 15:59 - 00096368 __RSH () C:\windows\system32\bcdboots.exe 2014-04-02 12:13 - 2014-04-02 12:13 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-04-02 12:13 - 2014-04-02 12:13 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-04-02 10:50 - 2014-04-02 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-02 10:09 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-04-02 10:09 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2014-04-02 10:09 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll 2014-04-02 10:09 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2014-04-02 10:09 - 2013-12-31 18:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls 2014-04-02 10:09 - 2013-12-31 18:04 - 00420008 _____ () C:\windows\system32\locale.nls 2014-04-02 10:09 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-04-02 10:09 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-04-02 10:09 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2014-04-02 10:09 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2014-04-02 10:08 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-04-02 10:08 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-04-02 10:08 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-04-02 10:08 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-04-02 10:08 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-04-02 10:08 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-04-02 10:08 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2014-04-02 10:08 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2014-04-02 10:08 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2014-04-02 10:08 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2014-04-02 10:08 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2014-04-02 10:08 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2014-04-02 10:08 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2014-04-02 10:08 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2014-04-02 10:08 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2014-04-02 10:08 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll 2014-04-02 10:08 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll 2014-04-02 10:08 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll 2014-04-02 10:08 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll 2014-04-02 10:08 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll 2014-04-02 10:08 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe 2014-04-02 10:08 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe 2014-04-02 10:08 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe 2014-04-02 10:08 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-02 10:08 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-04-02 10:08 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-04-02 10:08 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-04-02 10:08 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-04-02 10:08 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-04-02 10:08 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-04-02 10:08 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-04-02 10:08 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-04-02 10:08 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll 2014-04-02 10:08 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2014-03-31 18:14 - 2014-03-31 18:14 - 09358960 ___RH () C:\windows\system32\idle-Threads.exe 2014-03-31 18:14 - 2014-03-31 18:14 - 08007680 ____R ( ) C:\windows\system32\Microsoft.mshtml.dll 2014-03-31 18:14 - 2014-03-31 18:14 - 00126976 ____R ( ) C:\windows\system32\Interop.SHDocVw.dll 2014-03-31 17:30 - 2014-04-10 20:01 - 00000000 ____D () C:\Users\5star\Desktop\olivia2 2014-03-31 17:22 - 2014-03-13 21:03 - 11216896 _____ (Microsoft) C:\Users\5star\Desktop\Anti-CryptorBitV2.exe 2014-03-31 00:30 - 2014-03-31 01:41 - 00031715 _____ () C:\Users\5star\Desktop\avgrep.txt 2014-03-30 15:16 - 2014-03-30 15:16 - 00000000 ____D () C:\ProgramData\Microsoft Corporation 2014-03-30 14:13 - 2014-04-10 16:24 - 00002252 _____ () C:\windows\setupact.log 2014-03-30 14:13 - 2014-03-30 14:13 - 00000000 _____ () C:\windows\setuperr.log 2014-03-29 13:44 - 2014-03-29 14:32 - 00026104 _____ () C:\windows\system32\avgrep.txt 2014-03-29 13:24 - 2014-03-29 13:24 - 00000000 ____D () C:\Users\5star\AppData\Roaming\AVG2014 2014-03-29 13:21 - 2014-04-02 12:13 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-03-29 13:21 - 2014-03-29 13:21 - 00000000 ____D () C:\Users\5star\AppData\Roaming\TuneUp Software 2014-03-29 13:07 - 2014-03-29 13:31 - 00000000 ____D () C:\ProgramData\AVG2014 2014-03-29 13:07 - 2014-03-29 13:07 - 00000000 ___HD () C:\$AVG 2014-03-29 12:53 - 2014-03-29 13:44 - 00000000 ____D () C:\Users\5star\AppData\Local\Avg2014 2014-03-29 03:21 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2014-03-29 03:21 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2014-03-29 03:21 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL 2014-03-29 03:21 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll 2014-03-29 03:10 - 2014-03-31 20:13 - 00000000 ____D () C:\windows\system32\mutantW 2014-03-29 02:06 - 2014-03-29 01:03 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\5star\Desktop\mbam-setup-2.0.0.1000.exe 2014-03-29 02:05 - 2014-04-10 15:34 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-29 02:04 - 2014-04-10 15:34 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-29 02:03 - 2014-04-10 15:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-03-29 02:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-03-29 02:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-03-29 02:03 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-03-29 02:03 - 2014-03-29 02:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-29 01:40 - 2014-03-30 23:48 - 00009216 ___SH () C:\Users\5star\Thumbs.db 2014-03-29 01:20 - 2014-03-29 01:20 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-03-29 00:46 - 2014-03-29 00:42 - 157461928 _____ (AVG Technologies) C:\Users\5star\Desktop\avg_free_x64_all_2014_4354a7223.exe 2014-03-29 00:36 - 2014-04-10 18:03 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-29 00:36 - 2014-03-29 00:36 - 00000000 ____D () C:\Users\5star\AppData\Local\MFAData 2014-03-29 00:24 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE 2014-03-29 00:15 - 2014-03-29 00:24 - 00008502 _____ () C:\windows\IE11_main.log ==================== One Month Modified Files and Folders ======= 2014-04-10 20:54 - 2014-04-10 20:54 - 00020893 _____ () C:\Users\5star\Downloads\FRST.txt 2014-04-10 20:54 - 2014-04-10 20:54 - 00000000 ____D () C:\FRST 2014-04-10 20:53 - 2014-04-10 20:53 - 02157056 _____ (Farbar) C:\Users\5star\Downloads\FRST64.exe 2014-04-10 20:51 - 2012-03-29 14:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-04-10 20:31 - 2011-12-21 12:57 - 03883425 __RSH () C:\windows\system32\masteraclini.enu 2014-04-10 20:31 - 2011-12-21 12:57 - 00000106 ____R () C:\windows\system32\masteraclbini.enu 2014-04-10 20:29 - 2011-05-05 12:36 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-10 20:28 - 2014-04-10 20:28 - 01402880 _____ () C:\Users\5star\Downloads\HijackThis.msi 2014-04-10 20:22 - 2011-12-21 14:02 - 00000000 ____D () C:\Users\5star\AppData\Roaming\LibreOffice 2014-04-10 20:20 - 2014-04-10 20:20 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk 2014-04-10 20:20 - 2014-04-10 20:19 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-04-10 20:11 - 2011-12-21 13:01 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 3.4 2014-04-10 20:09 - 2010-11-21 02:16 - 00000000 ____D () C:\windows\ShellNew 2014-04-10 20:05 - 2013-08-06 00:19 - 00000000 ____D () C:\Users\5star\Desktop\Debbie's Resume Info 2014-04-10 20:05 - 2013-06-19 21:50 - 00000000 ____D () C:\Users\5star\Desktop\Court 2014-04-10 20:04 - 2013-12-06 01:16 - 00000000 ____D () C:\Users\5star\Desktop\ED 240 - Infant Toddler 2014-04-10 20:04 - 2013-11-04 20:27 - 00000000 ____D () C:\Users\5star\Desktop\ED 209 - Bilingual Ed 2014-04-10 20:03 - 2013-08-06 00:35 - 00000000 ____D () C:\Users\5star\Desktop\Kids' Schools 2014-04-10 20:03 - 2013-06-19 21:35 - 00000000 ____D () C:\Users\5star\Desktop\Millikin 2014-04-10 20:03 - 2011-05-05 12:06 - 01790834 _____ () C:\windows\WindowsUpdate.log 2014-04-10 20:01 - 2014-03-31 17:30 - 00000000 ____D () C:\Users\5star\Desktop\olivia2 2014-04-10 20:01 - 2013-11-04 22:23 - 00012962 _____ () C:\Users\5star\Desktop\Semester 2 Decatur.xlsx 2014-04-10 20:01 - 2013-08-06 00:33 - 00000000 ____D () C:\Users\5star\Desktop\Olivia 2014-04-10 19:56 - 2012-02-10 19:02 - 00000000 ____D () C:\Users\5star\AppData\Local\CrashDumps 2014-04-10 19:29 - 2011-05-05 12:36 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-10 18:03 - 2014-03-29 00:36 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-10 16:33 - 2009-07-14 00:13 - 00847106 _____ () C:\windows\system32\PerfStringBackup.INI 2014-04-10 16:32 - 2011-12-21 12:56 - 00065752 _____ () C:\Users\5star\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-10 16:31 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-10 16:31 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-10 16:30 - 2012-03-19 19:18 - 00000000 ____D () C:\Users\5star\AppData\Roaming\SoftGrid Client 2014-04-10 16:28 - 2013-11-04 22:21 - 00012960 _____ () C:\Users\5star\Downloads\Semester 2 Decatur.xlsx 2014-04-10 16:28 - 2013-10-22 16:13 - 00072264 _____ () C:\Users\5star\Downloads\A Forgotten Legacy.pptx 2014-04-10 16:24 - 2014-03-30 14:13 - 00002252 _____ () C:\windows\setupact.log 2014-04-10 16:24 - 2010-11-20 22:47 - 01247390 _____ () C:\windows\PFRO.log 2014-04-10 16:24 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-04-10 16:23 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\Performance 2014-04-10 15:37 - 2014-04-10 15:16 - 220860416 _____ () C:\Users\5star\Downloads\LibreOffice_4.2.3_Win_x86.msi 2014-04-10 15:34 - 2014-03-29 02:05 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-10 15:34 - 2014-03-29 02:04 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-10 15:34 - 2014-03-29 02:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-10 03:58 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache 2014-04-10 03:20 - 2013-10-30 19:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-09 21:37 - 2013-08-02 15:07 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-09 06:11 - 2014-04-09 06:11 - 00421200 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp100.dll 2014-04-07 21:36 - 2012-03-21 23:24 - 00005657 _____ () C:\Users\5star\Documents\Mamma Mia.odt 2014-04-07 21:32 - 2014-04-07 21:32 - 03973120 _____ (iText Group NV) C:\Users\5star\Desktop\itextsharp.dll 2014-04-07 21:23 - 2014-04-07 21:22 - 00005656 _____ () C:\Users\5star\Documents\Mamma Mi1.odt 2014-04-07 21:21 - 2013-12-08 07:15 - 00009216 ___SH () C:\Users\5star\Desktop\Thumbs.db 2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Users\5star\AppData\Local\{C5D620CB-1BDC-4F39-8E2F-88A82F51D706} 2014-04-03 09:51 - 2014-03-29 02:03 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-03-29 02:03 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-03-29 02:03 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-04-03 03:48 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-03 03:48 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-03 03:48 - 2009-07-13 23:45 - 00301112 _____ () C:\windows\system32\FNTCACHE.DAT 2014-04-03 03:30 - 2011-12-21 13:00 - 00841322 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2014-04-02 19:24 - 2011-05-05 12:36 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-02 19:24 - 2011-05-05 12:36 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-02 16:33 - 2014-04-02 16:29 - 00000000 ____D () C:\Users\5star\Desktop\2012-11-21 Johnathan & Ariel's wedding-copy 2014-04-02 16:26 - 2014-04-02 16:18 - 00000000 ____D () C:\Users\5star\Desktop\2011-2012 pix copy 2014-04-02 16:15 - 2014-04-02 16:15 - 00000000 ____D () C:\Users\5star\Desktop\Ariel's Pix - Copy 2014-04-02 16:06 - 2014-04-02 16:06 - 00462336 _____ (Dino Chiesa) C:\Users\5star\Desktop\Ionic.Zip.dll 2014-04-02 15:59 - 2014-04-02 15:59 - 00096368 __RSH () C:\windows\system32\bcdboots.exe 2014-04-02 15:52 - 2013-11-26 15:51 - 00000000 ____D () C:\Program Files\Level Quality Watcher 2014-04-02 15:52 - 2013-10-25 14:09 - 00000000 ____D () C:\windows\SysWOW64\WNLT 2014-04-02 15:52 - 2013-10-25 00:53 - 00000000 ____D () C:\ProgramData\Conduit 2014-04-02 15:52 - 2013-08-30 16:13 - 00000000 ____D () C:\Users\5star\AppData\Local\SwvUpdater 2014-04-02 12:13 - 2014-04-02 12:13 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-04-02 12:13 - 2014-04-02 12:13 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-04-02 12:13 - 2014-03-29 13:21 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-02 10:51 - 2012-03-29 14:59 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-04-02 10:51 - 2012-03-29 14:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-02 10:51 - 2012-03-29 14:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-04-02 10:50 - 2014-04-02 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-31 20:13 - 2014-03-29 03:10 - 00000000 ____D () C:\windows\system32\mutantW 2014-03-31 18:14 - 2014-03-31 18:14 - 09358960 ___RH () C:\windows\system32\idle-Threads.exe 2014-03-31 18:14 - 2014-03-31 18:14 - 08007680 ____R ( ) C:\windows\system32\Microsoft.mshtml.dll 2014-03-31 18:14 - 2014-03-31 18:14 - 00126976 ____R ( ) C:\windows\system32\Interop.SHDocVw.dll 2014-03-31 17:43 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF 2014-03-31 17:08 - 2013-11-04 19:24 - 00000000 ____D () C:\Users\5star\AppData\Local\Torch 2014-03-31 17:03 - 2013-10-26 00:13 - 00000412 _____ () C:\windows\Tasks\PC Optimizer Pro64 startups.job 2014-03-31 16:59 - 2013-10-26 00:13 - 00002840 _____ () C:\windows\System32\Tasks\PC Optimizer Pro64 startups 2014-03-31 16:59 - 2012-06-24 14:46 - 00003964 _____ () C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan 2014-03-31 16:57 - 2013-08-30 16:14 - 00004518 _____ () C:\windows\System32\Tasks\GC_Scheduler 2014-03-31 13:08 - 2013-12-03 14:57 - 01891952 ____H () C:\windows\system32\wLins.exe 2014-03-31 13:08 - 2013-12-03 14:57 - 01891952 ____H () C:\windows\system32\wLin.exe 2014-03-31 01:41 - 2014-03-31 00:30 - 00031715 _____ () C:\Users\5star\Desktop\avgrep.txt 2014-03-30 23:48 - 2014-03-29 01:40 - 00009216 ___SH () C:\Users\5star\Thumbs.db 2014-03-30 15:16 - 2014-03-30 15:16 - 00000000 ____D () C:\ProgramData\Microsoft Corporation 2014-03-30 14:29 - 2013-10-22 15:32 - 00000000 __SHD () C:\Users\5star\AppData\Roaming\cgadagrr 2014-03-30 14:26 - 2013-12-12 23:11 - 00000000 ____D () C:\ProgramData\vqlv 2014-03-30 14:25 - 2013-11-02 21:30 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar 2014-03-30 14:13 - 2014-03-30 14:13 - 00000000 _____ () C:\windows\setuperr.log 2014-03-30 14:12 - 2013-12-14 13:28 - 00000000 ____D () C:\ProgramData\qrpfv 2014-03-29 21:32 - 2013-10-30 08:38 - 00000000 ____D () C:\found.000 2014-03-29 18:04 - 2013-10-25 23:40 - 00000000 ____D () C:\Users\5star\AppData\Local\WordOv 2014-03-29 18:02 - 2013-08-30 16:15 - 00000000 ____D () C:\Users\5star\AppData\Local\Conduit 2014-03-29 17:54 - 2013-08-30 16:19 - 00000000 ____D () C:\Users\5star\AppData\Local\DownloadTerms 2014-03-29 14:32 - 2014-03-29 13:44 - 00026104 _____ () C:\windows\system32\avgrep.txt 2014-03-29 13:44 - 2014-03-29 12:53 - 00000000 ____D () C:\Users\5star\AppData\Local\Avg2014 2014-03-29 13:43 - 2013-12-12 23:11 - 00000000 ____D () C:\ProgramData\xhxu 2014-03-29 13:43 - 2013-12-07 13:07 - 00000000 ____D () C:\ProgramData\bibydvx 2014-03-29 13:41 - 2013-12-08 07:31 - 00000000 ____D () C:\ProgramData\meal 2014-03-29 13:41 - 2013-12-08 07:31 - 00000000 ____D () C:\ProgramData\ducenhr 2014-03-29 13:31 - 2014-03-29 13:07 - 00000000 ____D () C:\ProgramData\AVG2014 2014-03-29 13:24 - 2014-03-29 13:24 - 00000000 ____D () C:\Users\5star\AppData\Roaming\AVG2014 2014-03-29 13:21 - 2014-03-29 13:21 - 00000000 ____D () C:\Users\5star\AppData\Roaming\TuneUp Software 2014-03-29 13:07 - 2014-03-29 13:07 - 00000000 ___HD () C:\$AVG 2014-03-29 11:32 - 2013-12-08 07:31 - 00000000 ____D () C:\ProgramData\yfag 2014-03-29 03:43 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2014-03-29 02:03 - 2014-03-29 02:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-29 01:52 - 2013-10-30 16:09 - 00000000 ____D () C:\windows\pss 2014-03-29 01:40 - 2011-12-21 12:52 - 00000000 ____D () C:\Users\5star 2014-03-29 01:20 - 2014-03-29 01:20 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-03-29 01:18 - 2013-08-06 00:21 - 00000000 ____D () C:\Users\5star\Desktop\Ariel's Pix 2014-03-29 01:16 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-03-29 01:03 - 2014-03-29 02:06 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\5star\Desktop\mbam-setup-2.0.0.1000.exe 2014-03-29 00:42 - 2014-03-29 00:46 - 157461928 _____ (AVG Technologies) C:\Users\5star\Desktop\avg_free_x64_all_2014_4354a7223.exe 2014-03-29 00:36 - 2014-03-29 00:36 - 00000000 ____D () C:\Users\5star\AppData\Local\MFAData 2014-03-29 00:24 - 2014-03-29 00:15 - 00008502 _____ () C:\windows\IE11_main.log 2014-03-13 21:03 - 2014-03-31 17:22 - 11216896 _____ (Microsoft) C:\Users\5star\Desktop\Anti-CryptorBitV2.exe 2014-03-13 01:33 - 2014-04-09 05:48 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-13 01:33 - 2014-04-09 05:48 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-13 01:33 - 2014-04-09 05:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-13 01:32 - 2014-04-09 05:48 - 19273728 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-13 01:32 - 2014-04-09 05:48 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-13 01:32 - 2014-04-09 05:48 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-03-13 01:32 - 2014-04-09 05:48 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-13 01:32 - 2014-04-09 05:48 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-03-13 01:32 - 2014-04-09 05:48 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-03-13 01:31 - 2014-04-09 05:48 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-13 01:31 - 2014-04-09 05:48 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-13 01:31 - 2014-04-09 05:48 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-03-13 01:31 - 2014-04-09 05:48 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2014-03-13 01:31 - 2014-04-09 05:48 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-03-13 01:31 - 2014-04-09 05:48 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-03-13 00:10 - 2014-04-09 05:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-13 00:10 - 2014-04-09 05:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-03-13 00:09 - 2014-04-09 05:48 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-03-12 23:57 - 2014-04-09 05:48 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-03-12 23:47 - 2014-04-09 05:48 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-03-12 22:59 - 2014-04-09 05:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2014-03-12 22:51 - 2014-04-09 05:48 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe ZeroAccess: C:\Users\5star\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini Some content of TEMP: ==================== C:\Users\5star\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\5star\AppData\Local\Temp\OLMAPI32.DLL C:\Users\5star\AppData\Local\Temp\tbInt2.dll C:\Users\5star\AppData\Local\Temp\tbWhi0.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client LastRegBack: 2014-04-10 03:51 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by 5star at 2014-04-10 20:55:36 Running from C:\Users\5star\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated) Algebrator 5.1 rc1 (HKLM-x32\...\Algebrator_is1) (Version: - Softmath Inc) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.5.0.341 - Amazon Services LLC) Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies) AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.128.0.66 - Conexant) D1600 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden DJ_SF_06_D1600_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (HKLM\...\{2CD0168D-FBBC-4667-8810-105CB6EC6348}) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) iYogi Support Dock (HKLM-x32\...\iYogi Support Dock) (Version: 5.7.4 - iYogi) Java 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.) Java 6 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel) LibreOffice 4.2.3.3 (HKLM-x32\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation) Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (SOSHOME309) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.0.0.128 - Symantec Corporation) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.) SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Switched-On Schoolhouse 2012 - Home Edition (HKLM-x32\...\{8147B3F9-BB2D-40B0-A7FD-0A95AC393ECB}) (Version: 7.1.0.19 - Alpha Omega Publications) Switched-On Schoolhouse 2012 - Home Edition Database (HKLM-x32\...\{5292208F-0A8C-4786-AE22-4F3368098486}) (Version: 7.1.0.19 - Alpha Omega Publications) Switched-On Schoolhouse 2012 - Home Edition Tutorials (HKLM-x32\...\{83FC4AD2-86A7-42DC-9CEF-30A74D98EAB3}) (Version: 7.1.0.19 - Alpha Omega Publications) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) SySaver (HKCU\...\SySaver) (Version: 2 - SySaver) Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.10 - TOSHIBA Corporation) TOSHIBA Web Camera Application (x32 Version: 2.0.0.10 - TOSHIBA Corporation) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden ==================== Restore Points ========================= 03-04-2014 08:00:26 Windows Update 10-04-2014 08:00:21 Windows Update 10-04-2014 21:35:14 Installed LibreOffice 4.2.3.3 11-04-2014 00:59:49 Removed LibreOffice 3.4 11-04-2014 01:18:19 Installed LibreOffice 4.2.3.3 ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05C6137D-B63A-43C6-A6AF-FB359AE677C9} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GC\Runner.exe <==== ATTENTION Task: {4385FD2E-74A2-4D4A-99B4-DE645E22ABAE} - \BackgroundContainer Startup Task No Task File Task: {4E69BD7E-C241-4161-90EB-41B2E5823E17} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {79C6CB50-0039-4955-90F2-32A34D2E9046} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2012-07-04] () Task: {96185734-D40C-44AC-9E66-CB0F7C504F75} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {AC0A7B25-84D4-4374-B3A3-DFF4DE55970C} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION Task: {ACB501A9-6F34-4AD0-BC08-6AB4D1A14331} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02] (Adobe Systems Incorporated) Task: {B0B3DA20-576A-4337-9FE0-93E7A8F89137} - System32\Tasks\{8B393312-50B6-42A3-8F06-3BAF3E5DEEDB} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.) Task: {B99B9847-58E1-4CF4-ADE6-F28CBCEB5696} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05] (Google Inc.) Task: {BB971894-71DC-4CE0-862D-83ED40191A9A} - System32\Tasks\{124F15C9-8850-43B9-9B2A-25D4424DF877} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.) Task: {CBA60794-2DBB-455A-973E-EB5ED5ADA29B} - System32\Tasks\{364C86C5-36B4-4BB3-936E-E7C14F240C71} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.) Task: {CC6C9E3A-29BE-40F3-81B3-DDC99EC89CD0} - System32\Tasks\{C87A6142-7590-4ED0-ADED-C3C25B48C785} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.) Task: {E8E71DB3-D35F-44EE-B7E2-54F641CBBC35} - System32\Tasks\{5E6D91AC-902E-43E5-88E6-604D313470BE} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.) Task: {F36371A5-3185-44B1-B9E7-F41B174C40D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05] (Google Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe 2012-05-07 17:11 - 2013-12-03 14:55 - 00480368 ___SH () C:\windows\system32\semaphore-Threads.exe 2014-03-31 18:14 - 2014-03-31 18:14 - 09358960 ___RH () C:\windows\system32\idle-Threads.exe 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-02 10:50 - 2014-04-02 10:50 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:D346F792 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\.Net Main => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\.Net Main => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\5star\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BackgroundContainer => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\5star\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun MSCONFIG\startupreg: ConduitFloatingPlugin_fdkednngfjmpnljkolbapdednncafhen => "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298566\plugins\TBVerifier.dll",RunConduitFloatingPlugin fdkednngfjmpnljkolbapdednncafhen MSCONFIG\startupreg: ConduitFloatingPlugin_gpaiibklhaneknloaoccoidbaffjjlnb => "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3286042\plugins\TBVerifier.dll",RunConduitFloatingPlugin gpaiibklhaneknloaoccoidbaffjjlnb MSCONFIG\startupreg: GoogleChromeAutoLaunch_F2D566F579FF4A01EAEA5BAE643BDCA8 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: iLivid => "C:\Users\5star\AppData\Local\iLivid\iLivid.exe" -autorun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey MSCONFIG\startupreg: OtShot => C:\Program Files (x86)\OtShot\otshot.exe -minimize MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: SpeedItupFree => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" MSCONFIG\startupreg: Sysinternals => C:\Users\5star\AppData\Roaming\cgadagrr\sgujshwc.exe MSCONFIG\startupreg: TBHostSupport => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\5star\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: Updater => C:\ProgramData\Updater\updater.exe MSCONFIG\startupreg: VideoDownloadConverter Home Page Guard 64 bit => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe" MSCONFIG\startupreg: VideoDownloadConverter Search Scope Monitor => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h MSCONFIG\startupreg: VideoDownloadConverter_4z Browser Plugin Loader => C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/10/2014 07:56:51 PM) (Source: Application Error) (User: ) Description: Faulting application name: soffice.bin, version: 3.4.103.500, time stamp: 0x4e05435d Faulting module name: sofficeapp.dll, version: 3.4.103.500, time stamp: 0x4ef21f92 Exception code: 0xc0000005 Fault offset: 0x00013b5f Faulting process id: 0xd44 Faulting application start time: 0xsoffice.bin0 Faulting application path: soffice.bin1 Faulting module path: soffice.bin2 Report Id: soffice.bin3 Error: (04/10/2014 04:25:43 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2014 03:10:36 PM) (Source: Application Error) (User: ) Description: Faulting application name: soffice.bin, version: 3.4.103.500, time stamp: 0x4e05435d Faulting module name: sofficeapp.dll, version: 3.4.103.500, time stamp: 0x4ef21f92 Exception code: 0xc0000005 Fault offset: 0x00013b5f Faulting process id: 0x12ac Faulting application start time: 0xsoffice.bin0 Faulting application path: soffice.bin1 Faulting module path: soffice.bin2 Report Id: soffice.bin3 Error: (04/10/2014 03:09:17 PM) (Source: Application Error) (User: ) Description: Faulting application name: soffice.bin, version: 3.4.103.500, time stamp: 0x4e05435d Faulting module name: sofficeapp.dll, version: 3.4.103.500, time stamp: 0x4ef21f92 Exception code: 0xc0000005 Fault offset: 0x00013b5f Faulting process id: 0x1148 Faulting application start time: 0xsoffice.bin0 Faulting application path: soffice.bin1 Faulting module path: soffice.bin2 Report Id: soffice.bin3 Error: (04/10/2014 03:08:32 PM) (Source: Application Error) (User: ) Description: Faulting application name: soffice.bin, version: 3.4.103.500, time stamp: 0x4e05435d Faulting module name: sofficeapp.dll, version: 3.4.103.500, time stamp: 0x4ef21f92 Exception code: 0xc0000005 Fault offset: 0x00013b5f Faulting process id: 0x1100 Faulting application start time: 0xsoffice.bin0 Faulting application path: soffice.bin1 Faulting module path: soffice.bin2 Report Id: soffice.bin3 Error: (04/10/2014 03:07:59 PM) (Source: Application Error) (User: ) Description: Faulting application name: soffice.bin, version: 3.4.103.500, time stamp: 0x4e05435d Faulting module name: sofficeapp.dll, version: 3.4.103.500, time stamp: 0x4ef21f92 Exception code: 0xc0000005 Fault offset: 0x00013b5f Faulting process id: 0x1330 Faulting application start time: 0xsoffice.bin0 Faulting application path: soffice.bin1 Faulting module path: soffice.bin2 Report Id: soffice.bin3 Error: (04/10/2014 03:06:33 PM) (Source: Application Error) (User: ) Description: Faulting application name: soffice.bin, version: 3.4.103.500, time stamp: 0x4e05435d Faulting module name: sofficeapp.dll, version: 3.4.103.500, time stamp: 0x4ef21f92 Exception code: 0xc0000005 Fault offset: 0x00013b5f Faulting process id: 0x83c Faulting application start time: 0xsoffice.bin0 Faulting application path: soffice.bin1 Faulting module path: soffice.bin2 Report Id: soffice.bin3 Error: (04/10/2014 03:22:07 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/07/2014 09:33:20 PM) (Source: Application Error) (User: ) Description: Faulting application name: soffice.bin, version: 3.4.103.500, time stamp: 0x4e05435d Faulting module name: sofficeapp.dll, version: 3.4.103.500, time stamp: 0x4ef21f92 Exception code: 0xc0000005 Fault offset: 0x00013b5f Faulting process id: 0xd98 Faulting application start time: 0xsoffice.bin0 Faulting application path: soffice.bin1 Faulting module path: soffice.bin2 Report Id: soffice.bin3 Error: (04/07/2014 09:32:20 PM) (Source: Application Error) (User: ) Description: Faulting application name: soffice.bin, version: 3.4.103.500, time stamp: 0x4e05435d Faulting module name: sofficeapp.dll, version: 3.4.103.500, time stamp: 0x4ef21f92 Exception code: 0xc0000005 Fault offset: 0x00013b5f Faulting process id: 0xd94 Faulting application start time: 0xsoffice.bin0 Faulting application path: soffice.bin1 Faulting module path: soffice.bin2 Report Id: soffice.bin3 System errors: ============= Error: (04/10/2014 08:21:22 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft.NET Framework Kernel x2.0c service failed to start due to the following error: %%1053 Error: (04/10/2014 08:21:22 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft.NET Framework Kernel x2.0c service to connect. Error: (04/10/2014 08:20:01 PM) (Source: Service Control Manager) (User: ) Description: The CNG Key Isolation Service x2.0c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/10/2014 08:19:52 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft.NET Framework Kernel x2.0c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/10/2014 04:24:24 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%5 Error: (04/10/2014 03:21:01 AM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%5 Error: (04/07/2014 09:38:38 PM) (Source: DCOM) (User: ) Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} Error: (04/07/2014 05:48:15 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s). Error: (04/07/2014 02:31:02 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/07/2014 01:54:01 PM) (Source: Service Control Manager) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (04/10/2014 07:56:51 PM) (Source: Application Error)(User: ) Description: soffice.bin3.4.103.5004e05435dsofficeapp.dll3.4.103.5004ef21f92c000000500013b5fd4401cf5520eb4d3dc5C:\Program Files (x86)\LibreOffice 3.4\program\soffice.binC:\Program Files (x86)\LibreOffice 3.4\program\sofficeapp.dll2a9596b4-c114-11e3-9263-00266cba5d49 Error: (04/10/2014 04:25:43 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2014 03:10:36 PM) (Source: Application Error)(User: ) Description: soffice.bin3.4.103.5004e05435dsofficeapp.dll3.4.103.5004ef21f92c000000500013b5f12ac01cf54f8ef162547C:\Program Files (x86)\LibreOffice 3.4\program\soffice.binC:\Program Files (x86)\LibreOffice 3.4\program\sofficeapp.dll2d64324e-c0ec-11e3-9b19-00266cba5d49 Error: (04/10/2014 03:09:17 PM) (Source: Application Error)(User: ) Description: soffice.bin3.4.103.5004e05435dsofficeapp.dll3.4.103.5004ef21f92c000000500013b5f114801cf54f8c027ea6dC:\Program Files (x86)\LibreOffice 3.4\program\soffice.binC:\Program Files (x86)\LibreOffice 3.4\program\sofficeapp.dllfe46b75b-c0eb-11e3-9b19-00266cba5d49 Error: (04/10/2014 03:08:32 PM) (Source: Application Error)(User: ) Description: soffice.bin3.4.103.5004e05435dsofficeapp.dll3.4.103.5004ef21f92c000000500013b5f110001cf54f8a5ac7451C:\Program Files (x86)\LibreOffice 3.4\program\soffice.binC:\Program Files (x86)\LibreOffice 3.4\program\sofficeapp.dlle3922037-c0eb-11e3-9b19-00266cba5d49 Error: (04/10/2014 03:07:59 PM) (Source: Application Error)(User: ) Description: soffice.bin3.4.103.5004e05435dsofficeapp.dll3.4.103.5004ef21f92c000000500013b5f133001cf54f891c67386C:\Program Files (x86)\LibreOffice 3.4\program\soffice.binC:\Program Files (x86)\LibreOffice 3.4\program\sofficeapp.dllcfea0334-c0eb-11e3-9b19-00266cba5d49 Error: (04/10/2014 03:06:33 PM) (Source: Application Error)(User: ) Description: soffice.bin3.4.103.5004e05435dsofficeapp.dll3.4.103.5004ef21f92c000000500013b5f83c01cf54f85da14e86C:\Program Files (x86)\LibreOffice 3.4\program\soffice.binC:\Program Files (x86)\LibreOffice 3.4\program\sofficeapp.dll9c750408-c0eb-11e3-9b19-00266cba5d49 Error: (04/10/2014 03:22:07 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/07/2014 09:33:20 PM) (Source: Application Error)(User: ) Description: soffice.bin3.4.103.5004e05435dsofficeapp.dll3.4.103.5004ef21f92c000000500013b5fd9801cf52d2e74e9939C:\Program Files (x86)\LibreOffice 3.4\program\soffice.binC:\Program Files (x86)\LibreOffice 3.4\program\sofficeapp.dll259aa04c-bec6-11e3-b26c-00266cba5d49 Error: (04/07/2014 09:32:20 PM) (Source: Application Error)(User: ) Description: soffice.bin3.4.103.5004e05435dsofficeapp.dll3.4.103.5004ef21f92c000000500013b5fd9401cf52d2bf934146C:\Program Files (x86)\LibreOffice 3.4\program\soffice.binC:\Program Files (x86)\LibreOffice 3.4\program\sofficeapp.dll01d08fcd-bec6-11e3-b26c-00266cba5d49 ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 3963.98 MB Available physical RAM: 2113.84 MB Total Pagefile: 7926.13 MB Available Pagefile: 6041.36 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (TI106140W0C) (Fixed) (Total:285.45 GB) (Free:159.14 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5A9912A7) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11 GB) - (Type=DE) Partition 4: (Not Active) - (Size=289 MB) - (Type=00) ==================== End Of Log ============================
  8. Hi, I volunteered to help a friend try to take back her laptop from a host of virus and malware. It had no antivirus so I put on AVG Free and Malwarebytes. Finally got some control back but still not sure if it is clean to give back to her. I know she had the HowDecrypt Ransomware on here as well. I have downloaded decrypto and it has fixed most jpgs but alot of the word & PPT are still screwed up. Can some expert help me out? Thx Jebarr
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.