Trojan.Vawtrak

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
Hey guys....Malwarebytes is blocking malicious website (c:\windows\syswow64\svchost.exe. Also, was getting a pop-up window entitled HELP_DECRYPT.PNG and my research basically informed me that I'm in trouble. (Vawtrak trojan)

Any help would be greatly appreciated.



Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 5980 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, -1233 Mb
Hard Drives: C: Total - 464232 MB, Free - 375728 MB;
Motherboard: TOSHIBA, Satellite P505
Antivirus: None
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
Malwarebytes scan log...
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/2/2015
Scan Time: 6:03:26 PM
Logfile: natalie117.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.02.05
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Lappie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 479170
Time Elapsed: 42 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Vawtrak, HKU\S-1-5-21-468275512-914653057-1215199140-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WutdoXupax, regsvr32.exe "C:\ProgramData\WutdoXupax\LoznIlutq.hlt", , [337a8a8fa5e57db9c8a8257ecc39e31d]
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Generic Host Process, C:\Users\Lappie\AppData\Roaming\Mozilla\svchoste.exe, , [2c8156c37614ef474a36cf2c7c871ce4]

Registry Data: 2
Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),,[119cc05924661d194242c8e5ba4b38c8]
Windows.Tool.Disabled, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),,[f1bc97824446d75f3c48575656af30d0]

Folders: 0
(No malicious items detected)

Files: 7
Trojan.Vawtrak, C:\ProgramData\WutdoXupax\LoznIlutq.hlt, , [337a8a8fa5e57db9c8a8257ecc39e31d],
Trojan.AVKiller, C:\Program Files (x86)\NCVSoftware\NCVFormDesigner.exe, , [baf348d16a2037ff888584eae31dd729],
Trojan.Vawtrak, C:\Users\Lappie\AppData\Local\Temp\~2A4E6B01.tmp, , [cce1ce4b91f9fa3c73fd148fb55060a0],
Trojan.Agent.0BGen, C:\Users\Lappie\AppData\Local\Temp\elp.dll, , [228b43d65733e353ef7368a272909c64],
Trojan.Agent.DED, C:\Users\Lappie\AppData\Local\Temp\radE9B72.tmp.exe, , [7f2e64b557330a2cf3639a56689933cd],
Trojan.Agent.0BGen, C:\Users\Lappie\AppData\Local\Temp\radED75A.tmp.exe, , [7e2f77a26129989ea9ba55b5a062867a],
Trojan.Agent, C:\Users\Lappie\AppData\Roaming\Mozilla\svchoste.exe, , [2c8156c37614ef474a36cf2c7c871ce4],

Physical Sectors: 0
(No malicious items detected)


(end)
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
natalie117,
Malwarebytes is OK, but it does a different function than an antivirus.
While you have no Antivirus, your system is a "sitting duck", waiting to get infected and used as a robot.

It may be too late to save the system, without re-installing Windows.

Let's see what we can do.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Choose "Save As" and Save it to your desktop. Make sure you can find it, but don't run it yet.
-----------------------------------------------------------
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.

-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST64 and save to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST64 will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST64.exe
Feel free to use separate replies if it's more convenient.

askey127
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Lappie (administrator) on LAPPIE-PC on 02-02-2015 20:10:11
Running from C:\Users\Lappie\Downloads
Loaded Profiles: Lappie (Available profiles: Lappie & Mcx1-LAPPIE-PC)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Users\Lappie\AppData\Local\Temp\2973.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\FrameworkUpdate\Update.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-08-03] (TOSHIBA Corporation.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [Generic Host Process] => C:\Users\Lappie\AppData\Roaming\Mozilla\svchoste.exe [190572 2015-02-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [VERIZONDM] => C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [206120 2010-09-02] (SupportSoft, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [CFUpdater] => %ProgramFiles%\Bradford\CFUpdater\nu.exe
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM-x32\...\Run: [{67b22373-1a5c-c33e-48c9-fc1d699cb37d}] => C:\ProgramData\Microsoft\{67b22373-1a5c-c33e-48c9-fc1d699cb37d}\{67b22373-1a5c-c33e-48c9-fc1d699cb37d}.exe [304173 2015-02-01] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [{67b22373-1a5c-c33e-48c9-fc1d699cb37d}] => C:\ProgramData\Microsoft\{67b22373-1a5c-c33e-48c9-fc1d699cb37d}\{67b22373-1a5c-c33e-48c9-fc1d699cb37d}.exe [304173 2015-02-01] ( ())
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\Run: [MyTOSHIBA] => C:\Program Files (x86)\Toshiba\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\Run: [WutdoXupax] => regsvr32.exe "C:\ProgramData\WutdoXupax\LoznIlutq.hlt"
HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex
HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\MountPoints2: {ec1a30c8-db91-11df-b4a6-00269e680393} - F:\TL-Bootstrap.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
ShortcutTarget: hp psc 2000 Series.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\officejet 6100.lnk
ShortcutTarget: officejet 6100.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (No File)
Startup: C:\Users\Lappie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Lappie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Lappie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Lappie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torpaysolutions.com/1h4j8Ld
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-468275512-914653057-1215199140-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-468275512-914653057-1215199140-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-468275512-914653057-1215199140-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {11CEDFD7-B171-4CB3-842D-E1E7BC433C93} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {11CEDFD7-B171-4CB3-842D-E1E7BC433C93} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {37C7A322-BEC3-4D29-9C8C-CE1A4E9E6F8E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {37C7A322-BEC3-4D29-9C8C-CE1A4E9E6F8E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-468275512-914653057-1215199140-1000 -> DefaultScope {37C7A322-BEC3-4D29-9C8C-CE1A4E9E6F8E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS361
SearchScopes: HKU\S-1-5-21-468275512-914653057-1215199140-1000 -> {37C7A322-BEC3-4D29-9C8C-CE1A4E9E6F8E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS361
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-468275512-914653057-1215199140-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-468275512-914653057-1215199140-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
DPF: HKLM-x32 {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265841592880
DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lappie\AppData\Roaming\Mozilla\Firefox\Profiles\e15quce8.default
FF Homepage: hxxp://drudgereport.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-468275512-914653057-1215199140-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lappie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-468275512-914653057-1215199140-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Lappie\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKU\S-1-5-21-468275512-914653057-1215199140-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Lappie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKU\S-1-5-21-468275512-914653057-1215199140-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-394f11f19cd64b1a\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (WebEx Communications, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Lappie\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Rapportive - C:\Users\Lappie\AppData\Roaming\Mozilla\Firefox\Profiles\e15quce8.default\Extensions\[email protected] [2014-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2012-08-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-11-07]
FF HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kunversion) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabplfdbflnfaabdmafknlgpoffelmej [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]
CHR Extension: (Google Drive) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (YouTube) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15]
CHR Extension: (Google Search) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15]
CHR Extension: (Rapportive) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15]
CHR Extension: (Gmail) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atashost; C:\windows\SysWOW64\atashost.exe [43912 2010-04-13] (WebEx Communications, Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL [1043584 2010-01-29] (Hewlett-Packard Co.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 QBCFMonitorService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2009-12-16] (Intuit) [File not signed]
S4 QBFCService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2010-09-02] (SupportSoft, Inc.)
R2 SystemUpdate; C:\windows\FrameworkUpdate\Update.exe [90112 2015-02-02] () [File not signed]
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2010-09-02] (SupportSoft, Inc.)
R2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49696 2009-07-16] (O2Micro )
S3 pae_1394; C:\Windows\System32\Drivers\pae_1394_x64.sys [196992 2010-02-03] (Archwave AG)
S3 pae_avs; C:\Windows\System32\Drivers\pae_avs_x64.sys [72576 2010-02-03] (Archwave AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-13] () [File not signed]
U3 aeopu4zb; C:\Windows\System32\Drivers\aeopu4zb.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 20:10 - 2015-02-02 20:10 - 00029792 _____ () C:\Users\Lappie\Downloads\FRST.txt
2015-02-02 19:33 - 2015-02-02 20:10 - 00000000 ____D () C:\FRST
2015-02-02 19:33 - 2015-02-02 19:33 - 02131456 _____ (Farbar) C:\Users\Lappie\Downloads\FRST64.exe
2015-02-02 19:33 - 2015-02-02 19:33 - 02131456 _____ (Farbar) C:\Users\Lappie\Downloads\FRST64 (1).exe
2015-02-02 18:47 - 2015-02-02 18:47 - 00002464 _____ () C:\Users\Lappie\Desktop\natalie117.txt
2015-02-02 18:38 - 2015-02-02 18:38 - 00509440 _____ (Tech Support Guy System) C:\Users\Lappie\Downloads\SysInfo.exe
2015-02-02 18:03 - 2015-02-02 18:03 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 18:02 - 2015-02-02 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 18:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-02 18:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-02 17:55 - 2015-02-02 17:55 - 00000000 ____D () C:\windows\FrameworkUpdate
2015-02-02 17:24 - 2015-02-02 17:55 - 00008658 _____ () C:\Users\Lappie\Desktop\HELP_DECRYPT.HTML
2015-02-02 17:24 - 2015-02-02 17:55 - 00004272 _____ () C:\Users\Lappie\Desktop\HELP_DECRYPT.TXT
2015-02-02 17:24 - 2015-02-02 17:55 - 00000304 _____ () C:\Users\Lappie\Desktop\HELP_DECRYPT.URL
2015-02-02 17:24 - 2015-02-02 17:24 - 00008658 _____ () C:\Users\Public\HELP_DECRYPT.HTML
2015-02-02 17:24 - 2015-02-02 17:24 - 00008658 _____ () C:\Users\HELP_DECRYPT.HTML
2015-02-02 17:24 - 2015-02-02 17:24 - 00008658 _____ () C:\HELP_DECRYPT.HTML
2015-02-02 17:24 - 2015-02-02 17:24 - 00004272 _____ () C:\Users\Public\HELP_DECRYPT.TXT
2015-02-02 17:24 - 2015-02-02 17:24 - 00004272 _____ () C:\Users\HELP_DECRYPT.TXT
2015-02-02 17:24 - 2015-02-02 17:24 - 00004272 _____ () C:\HELP_DECRYPT.TXT
2015-02-02 17:24 - 2015-02-02 17:24 - 00000304 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-02-02 17:24 - 2015-02-02 17:24 - 00000304 _____ () C:\Users\HELP_DECRYPT.URL
2015-02-02 17:24 - 2015-02-02 17:24 - 00000304 _____ () C:\HELP_DECRYPT.URL
2015-02-02 17:22 - 2015-02-02 17:22 - 00008658 _____ () C:\Users\Public\Downloads\HELP_DECRYPT.HTML
2015-02-02 17:22 - 2015-02-02 17:22 - 00008658 _____ () C:\Users\Public\Documents\HELP_DECRYPT.HTML
2015-02-02 17:22 - 2015-02-02 17:22 - 00004272 _____ () C:\Users\Public\Downloads\HELP_DECRYPT.TXT
2015-02-02 17:22 - 2015-02-02 17:22 - 00004272 _____ () C:\Users\Public\Documents\HELP_DECRYPT.TXT
2015-02-02 17:22 - 2015-02-02 17:22 - 00000304 _____ () C:\Users\Public\Downloads\HELP_DECRYPT.URL
2015-02-02 17:22 - 2015-02-02 17:22 - 00000304 _____ () C:\Users\Public\Documents\HELP_DECRYPT.URL
2015-02-02 17:03 - 2015-02-02 17:03 - 00008658 _____ () C:\Users\Natalie\HELP_DECRYPT.HTML
2015-02-02 17:03 - 2015-02-02 17:03 - 00004272 _____ () C:\Users\Natalie\HELP_DECRYPT.TXT
2015-02-02 17:03 - 2015-02-02 17:03 - 00000304 _____ () C:\Users\Natalie\HELP_DECRYPT.URL
2015-02-02 17:00 - 2015-02-02 17:00 - 00008658 _____ () C:\Users\Mcx1-LAPPIE-PC\HELP_DECRYPT.HTML
2015-02-02 17:00 - 2015-02-02 17:00 - 00008658 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\Local\HELP_DECRYPT.HTML
2015-02-02 17:00 - 2015-02-02 17:00 - 00008658 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\HELP_DECRYPT.HTML
2015-02-02 17:00 - 2015-02-02 17:00 - 00008658 _____ () C:\Users\Lappie\HELP_DECRYPT.HTML
2015-02-02 17:00 - 2015-02-02 17:00 - 00004272 _____ () C:\Users\Mcx1-LAPPIE-PC\HELP_DECRYPT.TXT
2015-02-02 17:00 - 2015-02-02 17:00 - 00004272 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\Local\HELP_DECRYPT.TXT
2015-02-02 17:00 - 2015-02-02 17:00 - 00004272 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\HELP_DECRYPT.TXT
2015-02-02 17:00 - 2015-02-02 17:00 - 00004272 _____ () C:\Users\Lappie\HELP_DECRYPT.TXT
2015-02-02 17:00 - 2015-02-02 17:00 - 00000304 _____ () C:\Users\Mcx1-LAPPIE-PC\HELP_DECRYPT.URL
2015-02-02 17:00 - 2015-02-02 17:00 - 00000304 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\Local\HELP_DECRYPT.URL
2015-02-02 17:00 - 2015-02-02 17:00 - 00000304 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\HELP_DECRYPT.URL
2015-02-02 17:00 - 2015-02-02 17:00 - 00000304 _____ () C:\Users\Lappie\HELP_DECRYPT.URL
2015-02-02 16:52 - 2015-02-02 16:52 - 00008658 _____ () C:\Users\Lappie\Downloads\HELP_DECRYPT.HTML
2015-02-02 16:52 - 2015-02-02 16:52 - 00004272 _____ () C:\Users\Lappie\Downloads\HELP_DECRYPT.TXT
2015-02-02 16:52 - 2015-02-02 16:52 - 00000304 _____ () C:\Users\Lappie\Downloads\HELP_DECRYPT.URL
2015-02-02 16:47 - 2015-02-02 16:47 - 00008658 _____ () C:\Users\Lappie\Documents\HELP_DECRYPT.HTML
2015-02-02 16:47 - 2015-02-02 16:47 - 00004272 _____ () C:\Users\Lappie\Documents\HELP_DECRYPT.TXT
2015-02-02 16:47 - 2015-02-02 16:47 - 00000304 _____ () C:\Users\Lappie\Documents\HELP_DECRYPT.URL
2015-02-02 15:16 - 2015-02-02 15:16 - 00008658 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-02 15:16 - 2015-02-02 15:16 - 00008658 _____ () C:\Users\Lappie\AppData\HELP_DECRYPT.HTML
2015-02-02 15:16 - 2015-02-02 15:16 - 00004272 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.TXT
2015-02-02 15:16 - 2015-02-02 15:16 - 00004272 _____ () C:\Users\Lappie\AppData\HELP_DECRYPT.TXT
2015-02-02 15:16 - 2015-02-02 15:16 - 00000304 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.URL
2015-02-02 15:16 - 2015-02-02 15:16 - 00000304 _____ () C:\Users\Lappie\AppData\HELP_DECRYPT.URL
2015-02-02 15:15 - 2015-02-02 15:15 - 00008658 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.HTML
2015-02-02 15:15 - 2015-02-02 15:15 - 00004272 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.TXT
2015-02-02 15:15 - 2015-02-02 15:15 - 00000304 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.URL
2015-02-02 15:13 - 2015-02-02 15:13 - 00008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-02 15:13 - 2015-02-02 15:13 - 00004272 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-02-02 15:13 - 2015-02-02 15:13 - 00000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-02-02 11:36 - 2015-02-02 19:29 - 00000000 ____D () C:\ProgramData\WutdoXupax
2015-02-02 10:48 - 2015-02-02 15:16 - 00000000 ____D () C:\Users\Lappie\Desktop\2015 BUSINESS EXPENSES

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 20:03 - 2013-04-09 11:35 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 19:54 - 2014-09-15 14:26 - 00000540 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-468275512-914653057-1215199140-1000.job
2015-02-02 19:16 - 2014-02-15 21:26 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 18:16 - 2014-02-15 21:26 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 18:02 - 2010-05-28 00:48 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Malwarebytes
2015-02-02 18:02 - 2010-02-12 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 18:02 - 2010-02-12 14:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-02-02 17:55 - 2010-03-04 22:52 - 02630144 ___SH () C:\Users\Lappie\Desktop\Thumbs.db
2015-02-02 17:22 - 2011-04-12 09:40 - 00000000 ____D () C:\Users\Public\Documents\ROWE FURNITURE
2015-02-02 17:21 - 2012-09-18 15:20 - 00000000 ____D () C:\Users\Public\Documents\iPhone Pics
2015-02-02 17:15 - 2013-09-25 18:27 - 00000000 ____D () C:\Users\Public\Documents\ALL PICS FROM IPHONE
2015-02-02 17:15 - 2010-03-15 23:35 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2015-02-02 17:03 - 2010-02-17 15:21 - 00000000 ____D () C:\Users\Natalie\Appraisal Stuff
2015-02-02 17:03 - 2010-01-08 18:46 - 00000000 ____D () C:\Users\Natalie
2015-02-02 17:00 - 2013-03-07 22:33 - 00000000 ____D () C:\Users\Mcx1-LAPPIE-PC
2015-02-02 17:00 - 2010-01-08 15:04 - 00000000 ____D () C:\Users\Lappie
2015-02-02 16:47 - 2013-09-23 11:33 - 00000000 ____D () C:\Users\Lappie\Documents\SALES
2015-02-02 16:47 - 2011-02-09 16:18 - 00000000 ____D () C:\Users\Lappie\Documents\TurboTax
2015-02-02 16:47 - 2010-10-19 08:32 - 00000000 ____D () C:\Users\Lappie\Documents\WAGEWORKS RECEIPTS
2015-02-02 16:47 - 2010-03-13 18:13 - 00000000 ____D () C:\Users\Lappie\Documents\NYC BUILDING INFO
2015-02-02 16:44 - 2011-07-18 15:18 - 00000000 ____D () C:\Users\Lappie\Documents\NCVSoftware
2015-02-02 15:57 - 2010-06-01 15:53 - 00000000 ____D () C:\Users\Lappie\Documents\My Scans
2015-02-02 15:56 - 2010-01-08 16:36 - 00000000 ____D () C:\Users\Lappie\Documents\My ClickForms
2015-02-02 15:47 - 2010-09-22 08:24 - 00000000 ____D () C:\Users\Lappie\Documents\Jeffrey
2015-02-02 15:45 - 2010-03-04 23:49 - 00000000 ____D () C:\Users\Lappie\Documents\HOUSES
2015-02-02 15:44 - 2010-08-11 19:56 - 00000000 ____D () C:\Users\Lappie\Documents\CAINER
2015-02-02 15:44 - 2010-05-24 16:59 - 00000000 ____D () C:\Users\Lappie\Documents\BILLS-RECEIPTS
2015-02-02 15:44 - 2010-05-05 20:03 - 00000000 ____D () C:\Users\Lappie\Documents\EZPASS RECEIPTS
2015-02-02 15:44 - 2010-02-01 13:36 - 00000000 ____D () C:\Users\Lappie\Documents\APPRAISALS
2015-02-02 15:41 - 2011-03-11 18:28 - 00000000 ____D () C:\Users\Lappie\Desktop\STUFF FROM FLASH DRIVE
2015-02-02 15:19 - 2014-12-27 19:02 - 00000000 ____D () C:\Users\Lappie\Desktop\REAL ESTATE INFO
2015-02-02 15:19 - 2014-02-15 14:39 - 00000000 ____D () C:\Users\Lappie\Desktop\South Amboy Showings for Jessica
2015-02-02 15:19 - 2013-11-13 14:49 - 00000000 ____D () C:\Users\Lappie\Desktop\print
2015-02-02 15:19 - 2013-03-05 14:01 - 00000000 ____D () C:\Users\Lappie\Desktop\PHOTOS
2015-02-02 15:18 - 2014-10-07 11:11 - 00000000 ____D () C:\Users\Lappie\Desktop\MEDICAL RECEIPTS
2015-02-02 15:18 - 2014-09-24 09:02 - 00000000 ____D () C:\Users\Lappie\Desktop\FONTS BY NATALIE
2015-02-02 15:18 - 2014-09-23 21:01 - 00000000 ____D () C:\Users\Lappie\Desktop\DIRECT MAIL MARKETING
2015-02-02 15:18 - 2014-08-07 17:27 - 00000000 ____D () C:\Users\Lappie\Desktop\ms waste aug pymt for $30_files
2015-02-02 15:18 - 2014-04-11 14:26 - 00000000 ____D () C:\Users\Lappie\Desktop\DEALS
2015-02-02 15:18 - 2014-04-01 10:46 - 00000000 ____D () C:\Users\Lappie\Desktop\FLYER
2015-02-02 15:18 - 2014-04-01 10:11 - 00000000 ____D () C:\Users\Lappie\Desktop\KATHY'S STUFF
2015-02-02 15:18 - 2014-02-21 18:12 - 00000000 ____D () C:\Users\Lappie\Desktop\GEMSTAR
2015-02-02 15:18 - 2014-02-11 16:25 - 00000000 ____D () C:\Users\Lappie\Desktop\PDFs for 238 Beacon AVe
2015-02-02 15:18 - 2014-01-13 12:09 - 00000000 ____D () C:\Users\Lappie\Desktop\PDFs
2015-02-02 15:18 - 2013-11-06 10:04 - 00000000 ____D () C:\Users\Lappie\Desktop\MARKETING FOR RE SALES
2015-02-02 15:18 - 2011-11-22 15:33 - 00000000 ____D () C:\Users\Lappie\Desktop\jay picvs
2015-02-02 15:17 - 2014-05-21 08:04 - 00000000 ____D () C:\Users\Lappie\Desktop\CLIENTS
2015-02-02 15:17 - 2014-02-19 12:00 - 00000000 ____D () C:\Users\Lappie\Desktop\5 SHEA LANE PICS
2015-02-02 15:16 - 2014-03-11 10:03 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\webex
2015-02-02 15:16 - 2013-10-17 11:40 - 00000000 ____D () C:\Users\Lappie\Desktop\400 CROSS RD MATAWAN PICS
2015-02-02 15:16 - 2012-04-30 21:46 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Skype
2015-02-02 15:16 - 2011-06-23 19:15 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\vlc
2015-02-02 15:16 - 2010-12-25 12:18 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\TOSHIBA
2015-02-02 15:16 - 2010-05-06 13:25 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Steinberg
2015-02-02 15:16 - 2010-01-25 10:43 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Research In Motion
2015-02-02 15:16 - 2010-01-21 18:13 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Thunderbird
2015-02-02 15:15 - 2012-07-12 10:14 - 00000000 ____D () C:\Users\Lappie\AppData\Local\TechSmith
2015-02-02 15:15 - 2010-06-18 19:22 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Apple Computer
2015-02-02 15:15 - 2010-05-21 16:31 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\HP
2015-02-02 15:15 - 2010-02-10 17:40 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Facebook
2015-02-02 15:15 - 2010-01-21 20:37 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\OpenOffice.org
2015-02-02 15:15 - 2010-01-21 18:13 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Mozilla
2015-02-02 15:15 - 2010-01-21 18:13 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Thunderbird
2015-02-02 15:15 - 2010-01-16 21:41 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Nero
2015-02-02 15:15 - 2010-01-08 15:58 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\acccore
2015-02-02 15:15 - 2010-01-08 15:36 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Adobe
2015-02-02 15:14 - 2011-12-24 09:46 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Roblox
2015-02-02 15:14 - 2010-09-27 22:36 - 00000000 ____D () C:\Users\Lappie\AppData\Local\SupportSoft
2015-02-02 15:14 - 2010-06-08 07:30 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Symantec
2015-02-02 15:14 - 2010-05-21 16:31 - 00000000 ____D () C:\Users\Lappie\AppData\Local\HP
2015-02-02 15:14 - 2010-03-18 07:25 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Mozilla
2015-02-02 15:13 - 2010-06-18 19:22 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Apple Computer
2015-02-02 15:13 - 2010-06-18 19:21 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-02-02 15:13 - 2010-02-01 15:04 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Ahead
2015-02-02 15:13 - 2010-01-13 14:21 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Adobe
2015-02-02 15:13 - 2010-01-08 15:58 - 00000000 ____D () C:\Users\Lappie\AppData\Local\AOL OCP
2015-02-02 15:13 - 2010-01-08 15:35 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Google
2015-02-02 15:13 - 2009-09-02 21:26 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-02 15:12 - 2010-09-27 22:36 - 00000000 ____D () C:\ProgramData\SupportSoft
2015-02-02 15:12 - 2010-04-13 11:31 - 00000000 ____D () C:\ProgramData\WebEx
2015-02-02 15:12 - 2009-09-02 21:25 - 00000000 ____D () C:\ProgramData\Toshiba
2015-02-02 15:11 - 2010-02-23 17:44 - 00000000 ____D () C:\ProgramData\Intuit
2015-02-02 15:10 - 2010-05-21 16:02 - 00000000 ____D () C:\ProgramData\HP
2015-02-02 15:09 - 2013-10-05 22:43 - 00000000 ____D () C:\ProgramData\DivX
2015-02-02 15:09 - 2013-10-03 12:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-02 15:09 - 2011-06-07 19:35 - 00000000 ____D () C:\ProgramData\alamode
2015-02-02 15:09 - 2010-06-18 19:19 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-02 15:09 - 2010-04-22 14:19 - 00000000 ____D () C:\ApexWin
2015-02-02 15:09 - 2010-01-13 11:54 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-02-02 15:09 - 2010-01-08 15:57 - 00000000 ____D () C:\ProgramData\AOL OCP
2015-02-02 15:01 - 2009-10-26 12:26 - 01500945 _____ () C:\windows\WindowsUpdate.log
2015-02-02 10:44 - 2010-01-21 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-02 09:28 - 2011-11-13 01:00 - 00072364 _____ () C:\windows\setupact.log
2015-02-01 02:31 - 2010-02-12 10:48 - 00000366 _____ () C:\windows\Tasks\Driver Fetch.job
2015-01-29 20:18 - 2014-02-15 21:27 - 00002228 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 12:11 - 2014-09-15 14:26 - 00003574 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-468275512-914653057-1215199140-1000
2015-01-25 05:03 - 2013-04-09 11:35 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 05:03 - 2012-11-29 12:39 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 05:03 - 2011-09-11 11:27 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 15:17 - 2010-03-13 22:05 - 00002944 _____ () C:\Users\Lappie\Documents\hinge.txt

==================== Files in the root of some directories =======

2010-01-19 22:49 - 2010-01-19 22:49 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2010-01-10 15:28 - 2010-01-10 15:28 - 0000235 _____ () C:\Users\Lappie\AppData\Roaming\devices.xml
2015-02-02 15:16 - 2015-02-02 15:16 - 0008658 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-02 15:16 - 2015-02-02 15:16 - 0045786 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-02 15:16 - 2015-02-02 15:16 - 0004272 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.TXT
2015-02-02 15:16 - 2015-02-02 15:16 - 0000304 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.URL
2011-02-25 10:53 - 2012-06-11 09:35 - 0000308 _____ () C:\Users\Lappie\AppData\Roaming\Rim.Desktop.Exception.log
2011-02-25 10:45 - 2011-02-25 10:45 - 0001153 _____ () C:\Users\Lappie\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2010-01-10 15:28 - 2010-01-10 15:28 - 0000012 _____ () C:\Users\Lappie\AppData\Roaming\settings.xml
2015-02-02 15:15 - 2015-02-02 15:15 - 0008658 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.HTML
2015-02-02 15:15 - 2015-02-02 15:15 - 0045786 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.PNG
2015-02-02 15:15 - 2015-02-02 15:15 - 0004272 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.TXT
2015-02-02 15:15 - 2015-02-02 15:15 - 0000304 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.URL
2015-02-02 15:13 - 2015-02-02 15:13 - 0008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-02 15:13 - 2015-02-02 15:13 - 0045786 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-02 15:13 - 2015-02-02 15:13 - 0004272 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-02-02 15:13 - 2015-02-02 15:13 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2010-01-09 23:53 - 2010-11-28 11:15 - 0014479 _____ () C:\ProgramData\hpzinstall.log
2013-02-08 11:39 - 2014-02-15 13:54 - 0001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Lappie\hpothb07.dat
C:\Users\Natalie\hpothb07.dat
C:\Users\Public\hpothb07.dat


Some content of TEMP:
====================
C:\Users\Lappie\AppData\Local\Temp\elp.dll
C:\Users\Lappie\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Lappie\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Lappie\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Lappie\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Lappie\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Lappie\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Lappie\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Lappie\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Lappie\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Lappie\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Lappie\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Lappie\AppData\Local\Temp\radE9B72.tmp.exe
C:\Users\Lappie\AppData\Local\Temp\radED75A.tmp.exe
C:\Users\Lappie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lappie\AppData\Local\Temp\update.exe
C:\Users\Lappie\AppData\Local\Temp\_is3851.exe
C:\Users\Lappie\AppData\Local\Temp\_isB77F.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 10:48

==================== End Of Log ============================
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Lappie at 2015-02-02 20:11:07
Running from C:\Users\Lappie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 1.8.5 - )
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACI Collection 32 (HKLM-x32\...\{C1067095-24AB-4BCD-B64B-BE83A9186DCE}) (Version: 2010 - )
ACI Delivery Client SP2.8 (HKLM-x32\...\{CCD88E41-79CF-486F-8024-E67FABDCF6F5}) (Version: 2.08.023 - ACI)
ACI Desktop Additional Components (HKLM-x32\...\{B91E86A0-9F63-4E7E-9D53-2C0AB67BE15C}) (Version: 1.00.069 - ACI)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppraisalSoft Enterprise Beta (HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\f1187fe52fd3cbe4) (Version: 2.0.9.70 - AppraisalBank, Inc)
AppraisalSoft Remote Lite (HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\e30f0682c3a5dc94) (Version: 1.0.0.37 - AppraisalBank, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Aventail Access Manager (x32 Version: 9.5.8 - Aventail Corporation) Hidden
Aventail Web Proxy Agent (HKLM-x32\...\{9B0B46B3-10DF-4ADA-9501-0129D784563D}) (Version: 9.5.8 - Aventail Corporation)
Aventail Webifiers (HKLM-x32\...\{54D44AD1-A083-48B9-BD6F-AFD517B7C775}) (Version: 9.5.8 - Aventail Corporation)
BlackBerry Desktop Software 6.0.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.1 (x32 Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}) (Version: 5.0.1.32 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
ClickFORMS (HKLM-x32\...\{0D910620-F8EE-11D4-A7B6-0080C6F23D71}) (Version: 2.4.8 - Bradford Technologies Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.6.63 - Conexant)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.3 - GlobalSCAPE)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Facebook Plug-In (HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FNC Uploader Files (HKLM-x32\...\FNC Uploader Files_is1) (Version: - FNC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA)
HDMI Control Manager (Version: 2.0 - TOSHIBA) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart C309a All-In-One Driver 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD BD for TOSHIBA (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.107 - InterVideo Inc.)
InterVideo WinDVD BD for TOSHIBA (x32 Version: 8.0.20.107 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1031 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.19.2900 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
Mozilla Thunderbird (3.0.4) (HKLM-x32\...\Mozilla Thunderbird (3.0.4)) (Version: 3.0.4 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyToshiba (HKLM-x32\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NCVSoftware Bundle 4.70 Build 212 (HKLM-x32\...\NCVSoftware Bundle_is1) (Version: - NCVSoftware)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{2D8101CE-BBBD-498A-8F09-F2A8085D4F7B}) (Version: 2.0.11 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.11 - O2Micro International LTD.) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OJOsoft Total Video Converter (HKLM-x32\...\OJOsoft Total Video Converter_is1) (Version: 2.7.4.0126 - OJOsoft)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
PCL Printer Driver Uninstaller (HKLM\...\PCL Printer Driver) (Version: 6, 0, 1, 0 - Canon Inc.)
PhoenixSketch (HKLM-x32\...\{69486FCF-13BE-42E9-844A-0A7CB1CC168B}) (Version: 1.6 - PhoenixSuite, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickBooks (x32 Version: 20.0.4005.807 - Intuit Inc.) Hidden
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuickBooks Premier Edition 2010 (HKLM-x32\...\{0700E22B-A424-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4005.807 - Intuit Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 5.9 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.9.114 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg Nuendo 4 (HKLM-x32\...\{41E0A8DD-4343-4B33-95C3-272A99F18984}) (Version: 4.3.0.371 - Steinberg Media Technologies GmbH)
Steinberg Nuendo Expansion Kit (HKLM-x32\...\{A1E50F2C-F6CA-4C27-AEA7-819B2A486223}) (Version: 4.2.2.274 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: - )
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.64 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: - )
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TOTAL 2011 (HKLM-x32\...\{B90A3D91-5145-4398-BC7B-AE93354BCD40}) (Version: 6.66.0000 - a la mode, inc.)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Download Manager (HKLM-x32\...\{F54E5D65-CB60-4A31-A71B-BCFB0FA0076D}) (Version: 1.0.0 - Verizon)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinSketch Pro 7 (HKLM-x32\...\WinSketch Pro 7) (Version: 7.8.2 - Jammin Software, Inc.)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B5}) (Version: 3.0.9557 - WinZip Computing, S.L. )
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC)
WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 5 - Antony Lewis)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-468275512-914653057-1215199140-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-11-07 00:22 - 00001821 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C0F0A73-A0A9-4DDD-9E45-D56E7CEF9A2F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {70A006FC-96D9-411F-9751-02B6A3659493} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-LAPPIE-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {71E0E93B-4582-4935-BDED-A31CC3113620} - System32\Tasks\{FF4DA6F3-3787-466E-A1DA-A6240B35CDB6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
Task: {76ACA95E-1E51-4C8E-BB0F-6E6FAB706095} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {76EDB65A-1976-42D8-B98F-13E962E4F5F5} - System32\Tasks\{7D6BD998-626A-40FB-9DB3-751FF0F2972E} => pcalua.exe -a "C:\Users\Jeffrey\Downloads\FTP Downloads\RealPlayer11GOLD.exe" -d "C:\Users\Jeffrey\Downloads\FTP Downloads"
Task: {7A45EF71-F808-47A2-B42F-F6C32209DEA0} - System32\Tasks\{EF36D136-DD93-44A8-8E08-CBFC457FABEC} => pcalua.exe -a D:\setup.exe -d D:\
Task: {86568A0F-5A62-458E-B4B7-AD4AD71F2FC9} - System32\Tasks\{9711F654-E42B-4F37-867D-8E08E892C0EF} => pcalua.exe -a D:\DNS323.exe -d D:\
Task: {975ECDB0-5EB7-426F-AB03-D9E9BDD1C4F4} - System32\Tasks\Driver Fetch => C:\Program Files (x86)\Driver Fetch\2.0.0.0\DriverFetch.exe
Task: {9DAC8F48-9243-4974-B4D6-07123F301779} - System32\Tasks\G2MUpdateTask-S-1-5-21-468275512-914653057-1215199140-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AE6A58AD-C0F1-46C5-9B77-0ECFF097C88B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {C72653CB-4269-46E0-8E49-A1401DFA48E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Driver Fetch.job => C:\Program Files (x86)\Driver Fetch\2.0.0.0\DriverFetch.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-468275512-914653057-1215199140-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-28 19:23 - 2013-08-28 19:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-08-03 20:18 - 2009-08-03 20:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-02-02 14:40 - 2015-02-02 14:40 - 00190572 _____ () C:\Users\Lappie\AppData\Local\Temp\2973.tmp
2015-02-02 17:55 - 2015-02-02 17:55 - 00090112 _____ () C:\windows\FrameworkUpdate\Update.exe
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-28 19:25 - 2013-08-28 19:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2010-01-21 13:02 - 2010-04-17 11:17 - 00160432 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2010-01-21 13:02 - 2010-04-17 11:17 - 00020144 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-29 20:18 - 2015-01-26 22:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-29 20:18 - 2015-01-26 22:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-29 20:18 - 2015-01-26 22:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-01-29 20:18 - 2015-01-26 22:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2342AE46

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: IntuitUpdateService => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: O2FLASH => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lappie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scans-reconnect.bat => C:\windows\pss\scans-reconnect.bat.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Aim6 => "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Intuit SyncManager => c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-468275512-914653057-1215199140-500 - Administrator - Disabled)
Guest (S-1-5-21-468275512-914653057-1215199140-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-468275512-914653057-1215199140-1002 - Limited - Enabled)
Lappie (S-1-5-21-468275512-914653057-1215199140-1000 - Administrator - Enabled) => C:\Users\Lappie
Mcx1-LAPPIE-PC (S-1-5-21-468275512-914653057-1215199140-1007 - Limited - Enabled) => C:\Users\Mcx1-LAPPIE-PC

==================== Faulty Device Manager Devices =============

Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 07:29:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/02/2015 06:29:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/02/2015 06:29:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/02/2015 05:54:36 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].

Error: (02/02/2015 05:54:33 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: C:\Users\Lappie\AppData\Local\Temp\7363.tmp4128

Error: (02/02/2015 05:54:33 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: C:\Users\Lappie\AppData\Local\Temp\7363.tmp4128

Error: (02/02/2015 05:28:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/02/2015 05:28:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/02/2015 04:28:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/02/2015 04:28:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (02/02/2015 04:50:36 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/01/2015 05:19:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (02/01/2015 02:50:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (01/16/2015 11:44:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/07/2015 09:35:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/24/2014 00:17:56 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5C49BEE8-60D7-4851-AA0B-7543BE2574E0}.
The backup browser is stopping.

Error: (12/21/2014 01:47:00 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5C49BEE8-60D7-4851-AA0B-7543BE2574E0}.
The backup browser is stopping.

Error: (12/20/2014 10:34:06 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer LAPSTER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C49BEE8-60D7-4851-AA0B-7543BE2574E0}.
The master browser is stopping or an election is being forced.

Error: (12/19/2014 11:07:32 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5C49BEE8-60D7-4851-AA0B-7543BE2574E0}.
The backup browser is stopping.

Error: (12/06/2014 01:24:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:20:06 PM on &#8206;12/&#8206;6/&#8206;2014 was unexpected.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 5980.94 MB
Available physical RAM: 2574.25 MB
Total Pagefile: 11960.03 MB
Available Pagefile: 7843.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (TI102692W0G) (Fixed) (Total:453.35 GB) (Free:366.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: A3DF3CD1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=17)

==================== End Of Log ============================
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Natalie117,
Some notes about this machine:
It's obviously used, at least partly, for business purposes.
It appears to be a victim of a "Ransomware" infection called CryptoWall. Version 3 of Cryptowall, actually.
These infections usually begin encrypting ALL the documents on the machine, then demand a ransom to deliver the key to Decrypt them.
There is generally no defense for files already encrypted. Paying the ransom does not guarantee a successful decryption either.
This is purveyed by serious crooks.

Your only defense is the backups made of your documents prior to encryption.

This machine appears to have tax documents and business information on it. Make Sure there are backups.
The more the machine is used, the more documents will be encrypted.

Did you think I was joking about installing Microsoft Security Essentials? Did you try and fail? You didn't say anything about it.

Do these steps at once, in this sequence. This instruction is long because there is no time to waste.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Choose "Save As" and Save it to your desktop. Make sure you can find it.
-----------------------------------------------------------
Install Microsoft Security Essentials (Antivirus)
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a Full Scan and delete anything it finds.
-------------------------------------------------------------------
Run Malwarebytes' Anti-Malware
  • If you see a separate message box to Update databases, click OK and allow it to update before Scanning.
  • On the Scanner tab, make sure the Perform Full Scan button is checked, then click on the Scan button to begin.
    This may take a while, so be patient.
  • When the Scan has finished, a message box will appear telling you the scan was completed. Click OK.
  • You will be moved back to the main screen. Click on the Show Results button.
  • A list of the detected malware will be shown. Click on Remove Selected.
  • While removing malware, MBAM may display a message that it needs to reboot.
    If so, Allow it to reboot, and sign in as normal when Windows restarts.
  • When finished, with or without a reboot, a Scan log will be displayed in Notepad.
  • Copy and paste the contents back here in a reply.
  • Then close MBAM.
The Log files can be found in this location: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
-------------------------------------------------------------------
Run ListCWall
Download ListCwall from here:
http://www.bleepingcomputer.com/download/listcwall/
Save it on your desktop and Double click to run it.
It will produce a new file on your desktop named listcwall.txt
Please post the contents of that file in your next reply.
-------------------------------------------------------------------
We will be looking for the following in your reply:
  • Notes about business uses of the machine.
  • Anything in my instructions that doesn't work
  • The log from malwarebytes anti-malware.
  • Contents of the ListCwall.txt file on your desktop.

Separate replies are fine.
askey127
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
no, i didn't think you were joking and i installed and ran it as soon as i read it. sorry for not saying anything
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Strangely, the FRST logs don't show it.
That's why I asked.
OK.
Don't let me slow you down.
Please run the Malwarebytes and the ListCwall scans.
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/3/2015
Scan Time: 12:35:44 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.03.06
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Lappie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 484531
Time Elapsed: 4 hr, 53 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 1
Trojan.Clicker.64, C:\Windows\FrameworkUpdate\Update.exe, 452, Delete-on-Reboot, [cc46ce4c6723e056390e8a8f837f55ab]

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.Clicker.64, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemUpdate, Quarantined, [cc46ce4c6723e056390e8a8f837f55ab],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.Clicker.64, C:\Windows\FrameworkUpdate\Update.exe, Delete-on-Reboot, [cc46ce4c6723e056390e8a8f837f55ab],
Trojan.Clicker.64, C:\Users\Lappie\AppData\Local\Temp\C72C.tmp, Quarantined, [937fab6f37530333cd7a0a0fdb271ee2],
Trojan.Agent.ED, C:\Users\Lappie\AppData\Local\Temp\2973.tmp, Quarantined, [70a2a17952382d0952c48a8f8a78ba46],

Physical Sectors: 0
(No malicious items detected)


(end)
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
i must have run the FRST before the MSE so that's why it didn't show. my apologies. i'll be extra careful to do things in the order specified.
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
I've run the ListCWall. There are over 17,000 encryped files on my computer. the log is too big to post.
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
i am a real estate appraiser, as well as a sales agent. that is the business use of my machine.
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Now you know what is going on. What would you like to do?
Any documents for which you have no backups are gone.
If you choose to pay, ( that message will likely show up at some future date), you may or may not get the lost ones back.
ListCwall can be used to isolate all encrypted files in a separate directory, in case some method evolves to unencrypt them.
Or, you may choose to isolate them and save them offline someplace.

Your call.
Tell me about the other questions, and what you are thinking.
... about the business use of this machine.
I will help if I can.
I just wanted to get you to the bottom of this quickly.

askey127
 

natalie117

Thread Starter
Joined
Mar 29, 2008
Messages
12
what should i do now? do i reformat the hard drive and reinstall windows? essentially start over? will that cure this virus?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top