1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Vawtrak

Discussion in 'Virus & Other Malware Removal' started by natalie117, Feb 2, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    Hey guys....Malwarebytes is blocking malicious website (c:\windows\syswow64\svchost.exe. Also, was getting a pop-up window entitled HELP_DECRYPT.PNG and my research basically informed me that I'm in trouble. (Vawtrak trojan)

    Any help would be greatly appreciated.



    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, 64 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 5980 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, -1233 Mb
    Hard Drives: C: Total - 464232 MB, Free - 375728 MB;
    Motherboard: TOSHIBA, Satellite P505
    Antivirus: None
     
  2. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    Malwarebytes scan log...
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/2/2015
    Scan Time: 6:03:26 PM
    Logfile: natalie117.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.02.05
    Rootkit Database: v2015.01.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x64
    File System: NTFS
    User: Lappie

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 479170
    Time Elapsed: 42 min, 42 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 2
    Trojan.Vawtrak, HKU\S-1-5-21-468275512-914653057-1215199140-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WutdoXupax, regsvr32.exe "C:\ProgramData\WutdoXupax\LoznIlutq.hlt", , [337a8a8fa5e57db9c8a8257ecc39e31d]
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Generic Host Process, C:\Users\Lappie\AppData\Roaming\Mozilla\svchoste.exe, , [2c8156c37614ef474a36cf2c7c871ce4]

    Registry Data: 2
    Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),,[119cc05924661d194242c8e5ba4b38c8]
    Windows.Tool.Disabled, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),,[f1bc97824446d75f3c48575656af30d0]

    Folders: 0
    (No malicious items detected)

    Files: 7
    Trojan.Vawtrak, C:\ProgramData\WutdoXupax\LoznIlutq.hlt, , [337a8a8fa5e57db9c8a8257ecc39e31d],
    Trojan.AVKiller, C:\Program Files (x86)\NCVSoftware\NCVFormDesigner.exe, , [baf348d16a2037ff888584eae31dd729],
    Trojan.Vawtrak, C:\Users\Lappie\AppData\Local\Temp\~2A4E6B01.tmp, , [cce1ce4b91f9fa3c73fd148fb55060a0],
    Trojan.Agent.0BGen, C:\Users\Lappie\AppData\Local\Temp\elp.dll, , [228b43d65733e353ef7368a272909c64],
    Trojan.Agent.DED, C:\Users\Lappie\AppData\Local\Temp\radE9B72.tmp.exe, , [7f2e64b557330a2cf3639a56689933cd],
    Trojan.Agent.0BGen, C:\Users\Lappie\AppData\Local\Temp\radED75A.tmp.exe, , [7e2f77a26129989ea9ba55b5a062867a],
    Trojan.Agent, C:\Users\Lappie\AppData\Roaming\Mozilla\svchoste.exe, , [2c8156c37614ef474a36cf2c7c871ce4],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    natalie117,
    Malwarebytes is OK, but it does a different function than an antivirus.
    While you have no Antivirus, your system is a "sitting duck", waiting to get infected and used as a robot.

    It may be too late to save the system, without re-installing Windows.

    Let's see what we can do.
    -----------------------------------------------------------
    Download the Microsoft Security Essentials Installer
    The download is here: http://www.microsoft.com/security_essentials/
    Choose "Save As" and Save it to your desktop. Make sure you can find it, but don't run it yet.
    -----------------------------------------------------------
    Install Microsoft Security Essentials
    Double Click the icon for the Microsoft Security Essentials installer.
    Let it install, update itself, run a scan and delete anything it finds.

    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  4. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by Lappie (administrator) on LAPPIE-PC on 02-02-2015 20:10:11
    Running from C:\Users\Lappie\Downloads
    Loaded Profiles: Lappie (Available profiles: Lappie & Mcx1-LAPPIE-PC)
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    () C:\Users\Lappie\AppData\Local\Temp\2973.tmp
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Windows\FrameworkUpdate\Update.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-08-03] (TOSHIBA Corporation.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
    HKLM\...\Run: [Generic Host Process] => C:\Users\Lappie\AppData\Roaming\Mozilla\svchoste.exe [190572 2015-02-02] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [VERIZONDM] => C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [206120 2010-09-02] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
    HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [CFUpdater] => %ProgramFiles%\Bradford\CFUpdater\nu.exe
    HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    HKLM-x32\...\Run: [{67b22373-1a5c-c33e-48c9-fc1d699cb37d}] => C:\ProgramData\Microsoft\{67b22373-1a5c-c33e-48c9-fc1d699cb37d}\{67b22373-1a5c-c33e-48c9-fc1d699cb37d}.exe [304173 2015-02-01] ()
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [{67b22373-1a5c-c33e-48c9-fc1d699cb37d}] => C:\ProgramData\Microsoft\{67b22373-1a5c-c33e-48c9-fc1d699cb37d}\{67b22373-1a5c-c33e-48c9-fc1d699cb37d}.exe [304173 2015-02-01] ( ())
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\Run: [MyTOSHIBA] => C:\Program Files (x86)\Toshiba\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
    HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\Run: [WutdoXupax] => regsvr32.exe "C:\ProgramData\WutdoXupax\LoznIlutq.hlt"
    HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex
    HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\MountPoints2: {ec1a30c8-db91-11df-b4a6-00269e680393} - F:\TL-Bootstrap.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
    ShortcutTarget: hp psc 2000 Series.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\officejet 6100.lnk
    ShortcutTarget: officejet 6100.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (No File)
    Startup: C:\Users\Lappie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
    Startup: C:\Users\Lappie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
    Startup: C:\Users\Lappie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
    InternetURL: C:\Users\Lappie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torpaysolutions.com/1h4j8Ld
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    HKU\S-1-5-21-468275512-914653057-1215199140-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    HKU\S-1-5-21-468275512-914653057-1215199140-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    URLSearchHook: HKU\S-1-5-21-468275512-914653057-1215199140-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM -> DefaultScope {11CEDFD7-B171-4CB3-842D-E1E7BC433C93} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {11CEDFD7-B171-4CB3-842D-E1E7BC433C93} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM-x32 -> DefaultScope {37C7A322-BEC3-4D29-9C8C-CE1A4E9E6F8E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {37C7A322-BEC3-4D29-9C8C-CE1A4E9E6F8E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKU\S-1-5-21-468275512-914653057-1215199140-1000 -> DefaultScope {37C7A322-BEC3-4D29-9C8C-CE1A4E9E6F8E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS361
    SearchScopes: HKU\S-1-5-21-468275512-914653057-1215199140-1000 -> {37C7A322-BEC3-4D29-9C8C-CE1A4E9E6F8E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS361
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-468275512-914653057-1215199140-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-468275512-914653057-1215199140-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    DPF: HKLM-x32 {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265841592880
    DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Lappie\AppData\Roaming\Mozilla\Firefox\Profiles\e15quce8.default
    FF Homepage: hxxp://drudgereport.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-468275512-914653057-1215199140-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lappie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-468275512-914653057-1215199140-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Lappie\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF Plugin HKU\S-1-5-21-468275512-914653057-1215199140-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Lappie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF Plugin HKU\S-1-5-21-468275512-914653057-1215199140-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-394f11f19cd64b1a\\NPRobloxProxy.dll ( ROBLOX Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (WebEx Communications, Inc)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Users\Lappie\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: Rapportive - C:\Users\Lappie\AppData\Roaming\Mozilla\Firefox\Profiles\e15quce8.default\Extensions\[email protected] [2014-02-25]
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-10-19]
    FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
    FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2012-08-01]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-11-07]
    FF HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Kunversion) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabplfdbflnfaabdmafknlgpoffelmej [2015-01-07]
    CHR Extension: (Google Docs) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]
    CHR Extension: (Google Drive) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
    CHR Extension: (YouTube) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15]
    CHR Extension: (Google Search) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15]
    CHR Extension: (Rapportive) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2014-02-25]
    CHR Extension: (Google Wallet) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15]
    CHR Extension: (Gmail) - C:\Users\Lappie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 atashost; C:\windows\SysWOW64\atashost.exe [43912 2010-04-13] (WebEx Communications, Inc.)
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
    R3 hpqcxs08; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL [1043584 2010-01-29] (Hewlett-Packard Co.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S4 QBCFMonitorService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2009-12-16] (Intuit) [File not signed]
    S4 QBFCService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
    R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2010-09-02] (SupportSoft, Inc.)
    R2 SystemUpdate; C:\windows\FrameworkUpdate\Update.exe [90112 2015-02-02] () [File not signed]
    R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2010-09-02] (SupportSoft, Inc.)
    R2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49696 2009-07-16] (O2Micro )
    S3 pae_1394; C:\Windows\System32\Drivers\pae_1394_x64.sys [196992 2010-02-03] (Archwave AG)
    S3 pae_avs; C:\Windows\System32\Drivers\pae_avs_x64.sys [72576 2010-02-03] (Archwave AG)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-13] () [File not signed]
    U3 aeopu4zb; C:\Windows\System32\Drivers\aeopu4zb.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-02 20:10 - 2015-02-02 20:10 - 00029792 _____ () C:\Users\Lappie\Downloads\FRST.txt
    2015-02-02 19:33 - 2015-02-02 20:10 - 00000000 ____D () C:\FRST
    2015-02-02 19:33 - 2015-02-02 19:33 - 02131456 _____ (Farbar) C:\Users\Lappie\Downloads\FRST64.exe
    2015-02-02 19:33 - 2015-02-02 19:33 - 02131456 _____ (Farbar) C:\Users\Lappie\Downloads\FRST64 (1).exe
    2015-02-02 18:47 - 2015-02-02 18:47 - 00002464 _____ () C:\Users\Lappie\Desktop\natalie117.txt
    2015-02-02 18:38 - 2015-02-02 18:38 - 00509440 _____ (Tech Support Guy System) C:\Users\Lappie\Downloads\SysInfo.exe
    2015-02-02 18:03 - 2015-02-02 18:03 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-02 18:02 - 2015-02-02 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-02 18:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-02-02 18:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-02-02 17:55 - 2015-02-02 17:55 - 00000000 ____D () C:\windows\FrameworkUpdate
    2015-02-02 17:24 - 2015-02-02 17:55 - 00008658 _____ () C:\Users\Lappie\Desktop\HELP_DECRYPT.HTML
    2015-02-02 17:24 - 2015-02-02 17:55 - 00004272 _____ () C:\Users\Lappie\Desktop\HELP_DECRYPT.TXT
    2015-02-02 17:24 - 2015-02-02 17:55 - 00000304 _____ () C:\Users\Lappie\Desktop\HELP_DECRYPT.URL
    2015-02-02 17:24 - 2015-02-02 17:24 - 00008658 _____ () C:\Users\Public\HELP_DECRYPT.HTML
    2015-02-02 17:24 - 2015-02-02 17:24 - 00008658 _____ () C:\Users\HELP_DECRYPT.HTML
    2015-02-02 17:24 - 2015-02-02 17:24 - 00008658 _____ () C:\HELP_DECRYPT.HTML
    2015-02-02 17:24 - 2015-02-02 17:24 - 00004272 _____ () C:\Users\Public\HELP_DECRYPT.TXT
    2015-02-02 17:24 - 2015-02-02 17:24 - 00004272 _____ () C:\Users\HELP_DECRYPT.TXT
    2015-02-02 17:24 - 2015-02-02 17:24 - 00004272 _____ () C:\HELP_DECRYPT.TXT
    2015-02-02 17:24 - 2015-02-02 17:24 - 00000304 _____ () C:\Users\Public\HELP_DECRYPT.URL
    2015-02-02 17:24 - 2015-02-02 17:24 - 00000304 _____ () C:\Users\HELP_DECRYPT.URL
    2015-02-02 17:24 - 2015-02-02 17:24 - 00000304 _____ () C:\HELP_DECRYPT.URL
    2015-02-02 17:22 - 2015-02-02 17:22 - 00008658 _____ () C:\Users\Public\Downloads\HELP_DECRYPT.HTML
    2015-02-02 17:22 - 2015-02-02 17:22 - 00008658 _____ () C:\Users\Public\Documents\HELP_DECRYPT.HTML
    2015-02-02 17:22 - 2015-02-02 17:22 - 00004272 _____ () C:\Users\Public\Downloads\HELP_DECRYPT.TXT
    2015-02-02 17:22 - 2015-02-02 17:22 - 00004272 _____ () C:\Users\Public\Documents\HELP_DECRYPT.TXT
    2015-02-02 17:22 - 2015-02-02 17:22 - 00000304 _____ () C:\Users\Public\Downloads\HELP_DECRYPT.URL
    2015-02-02 17:22 - 2015-02-02 17:22 - 00000304 _____ () C:\Users\Public\Documents\HELP_DECRYPT.URL
    2015-02-02 17:03 - 2015-02-02 17:03 - 00008658 _____ () C:\Users\Natalie\HELP_DECRYPT.HTML
    2015-02-02 17:03 - 2015-02-02 17:03 - 00004272 _____ () C:\Users\Natalie\HELP_DECRYPT.TXT
    2015-02-02 17:03 - 2015-02-02 17:03 - 00000304 _____ () C:\Users\Natalie\HELP_DECRYPT.URL
    2015-02-02 17:00 - 2015-02-02 17:00 - 00008658 _____ () C:\Users\Mcx1-LAPPIE-PC\HELP_DECRYPT.HTML
    2015-02-02 17:00 - 2015-02-02 17:00 - 00008658 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\Local\HELP_DECRYPT.HTML
    2015-02-02 17:00 - 2015-02-02 17:00 - 00008658 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\HELP_DECRYPT.HTML
    2015-02-02 17:00 - 2015-02-02 17:00 - 00008658 _____ () C:\Users\Lappie\HELP_DECRYPT.HTML
    2015-02-02 17:00 - 2015-02-02 17:00 - 00004272 _____ () C:\Users\Mcx1-LAPPIE-PC\HELP_DECRYPT.TXT
    2015-02-02 17:00 - 2015-02-02 17:00 - 00004272 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\Local\HELP_DECRYPT.TXT
    2015-02-02 17:00 - 2015-02-02 17:00 - 00004272 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\HELP_DECRYPT.TXT
    2015-02-02 17:00 - 2015-02-02 17:00 - 00004272 _____ () C:\Users\Lappie\HELP_DECRYPT.TXT
    2015-02-02 17:00 - 2015-02-02 17:00 - 00000304 _____ () C:\Users\Mcx1-LAPPIE-PC\HELP_DECRYPT.URL
    2015-02-02 17:00 - 2015-02-02 17:00 - 00000304 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\Local\HELP_DECRYPT.URL
    2015-02-02 17:00 - 2015-02-02 17:00 - 00000304 _____ () C:\Users\Mcx1-LAPPIE-PC\AppData\HELP_DECRYPT.URL
    2015-02-02 17:00 - 2015-02-02 17:00 - 00000304 _____ () C:\Users\Lappie\HELP_DECRYPT.URL
    2015-02-02 16:52 - 2015-02-02 16:52 - 00008658 _____ () C:\Users\Lappie\Downloads\HELP_DECRYPT.HTML
    2015-02-02 16:52 - 2015-02-02 16:52 - 00004272 _____ () C:\Users\Lappie\Downloads\HELP_DECRYPT.TXT
    2015-02-02 16:52 - 2015-02-02 16:52 - 00000304 _____ () C:\Users\Lappie\Downloads\HELP_DECRYPT.URL
    2015-02-02 16:47 - 2015-02-02 16:47 - 00008658 _____ () C:\Users\Lappie\Documents\HELP_DECRYPT.HTML
    2015-02-02 16:47 - 2015-02-02 16:47 - 00004272 _____ () C:\Users\Lappie\Documents\HELP_DECRYPT.TXT
    2015-02-02 16:47 - 2015-02-02 16:47 - 00000304 _____ () C:\Users\Lappie\Documents\HELP_DECRYPT.URL
    2015-02-02 15:16 - 2015-02-02 15:16 - 00008658 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.HTML
    2015-02-02 15:16 - 2015-02-02 15:16 - 00008658 _____ () C:\Users\Lappie\AppData\HELP_DECRYPT.HTML
    2015-02-02 15:16 - 2015-02-02 15:16 - 00004272 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.TXT
    2015-02-02 15:16 - 2015-02-02 15:16 - 00004272 _____ () C:\Users\Lappie\AppData\HELP_DECRYPT.TXT
    2015-02-02 15:16 - 2015-02-02 15:16 - 00000304 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.URL
    2015-02-02 15:16 - 2015-02-02 15:16 - 00000304 _____ () C:\Users\Lappie\AppData\HELP_DECRYPT.URL
    2015-02-02 15:15 - 2015-02-02 15:15 - 00008658 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.HTML
    2015-02-02 15:15 - 2015-02-02 15:15 - 00004272 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.TXT
    2015-02-02 15:15 - 2015-02-02 15:15 - 00000304 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.URL
    2015-02-02 15:13 - 2015-02-02 15:13 - 00008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-02-02 15:13 - 2015-02-02 15:13 - 00004272 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-02-02 15:13 - 2015-02-02 15:13 - 00000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
    2015-02-02 11:36 - 2015-02-02 19:29 - 00000000 ____D () C:\ProgramData\WutdoXupax
    2015-02-02 10:48 - 2015-02-02 15:16 - 00000000 ____D () C:\Users\Lappie\Desktop\2015 BUSINESS EXPENSES

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-02 20:03 - 2013-04-09 11:35 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-02-02 19:54 - 2014-09-15 14:26 - 00000540 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-468275512-914653057-1215199140-1000.job
    2015-02-02 19:16 - 2014-02-15 21:26 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-02 18:16 - 2014-02-15 21:26 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-02 18:02 - 2010-05-28 00:48 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Malwarebytes
    2015-02-02 18:02 - 2010-02-12 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-02 18:02 - 2010-02-12 14:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2015-02-02 17:55 - 2010-03-04 22:52 - 02630144 ___SH () C:\Users\Lappie\Desktop\Thumbs.db
    2015-02-02 17:22 - 2011-04-12 09:40 - 00000000 ____D () C:\Users\Public\Documents\ROWE FURNITURE
    2015-02-02 17:21 - 2012-09-18 15:20 - 00000000 ____D () C:\Users\Public\Documents\iPhone Pics
    2015-02-02 17:15 - 2013-09-25 18:27 - 00000000 ____D () C:\Users\Public\Documents\ALL PICS FROM IPHONE
    2015-02-02 17:15 - 2010-03-15 23:35 - 00000000 ____D () C:\Users\Public\Documents\Intuit
    2015-02-02 17:03 - 2010-02-17 15:21 - 00000000 ____D () C:\Users\Natalie\Appraisal Stuff
    2015-02-02 17:03 - 2010-01-08 18:46 - 00000000 ____D () C:\Users\Natalie
    2015-02-02 17:00 - 2013-03-07 22:33 - 00000000 ____D () C:\Users\Mcx1-LAPPIE-PC
    2015-02-02 17:00 - 2010-01-08 15:04 - 00000000 ____D () C:\Users\Lappie
    2015-02-02 16:47 - 2013-09-23 11:33 - 00000000 ____D () C:\Users\Lappie\Documents\SALES
    2015-02-02 16:47 - 2011-02-09 16:18 - 00000000 ____D () C:\Users\Lappie\Documents\TurboTax
    2015-02-02 16:47 - 2010-10-19 08:32 - 00000000 ____D () C:\Users\Lappie\Documents\WAGEWORKS RECEIPTS
    2015-02-02 16:47 - 2010-03-13 18:13 - 00000000 ____D () C:\Users\Lappie\Documents\NYC BUILDING INFO
    2015-02-02 16:44 - 2011-07-18 15:18 - 00000000 ____D () C:\Users\Lappie\Documents\NCVSoftware
    2015-02-02 15:57 - 2010-06-01 15:53 - 00000000 ____D () C:\Users\Lappie\Documents\My Scans
    2015-02-02 15:56 - 2010-01-08 16:36 - 00000000 ____D () C:\Users\Lappie\Documents\My ClickForms
    2015-02-02 15:47 - 2010-09-22 08:24 - 00000000 ____D () C:\Users\Lappie\Documents\Jeffrey
    2015-02-02 15:45 - 2010-03-04 23:49 - 00000000 ____D () C:\Users\Lappie\Documents\HOUSES
    2015-02-02 15:44 - 2010-08-11 19:56 - 00000000 ____D () C:\Users\Lappie\Documents\CAINER
    2015-02-02 15:44 - 2010-05-24 16:59 - 00000000 ____D () C:\Users\Lappie\Documents\BILLS-RECEIPTS
    2015-02-02 15:44 - 2010-05-05 20:03 - 00000000 ____D () C:\Users\Lappie\Documents\EZPASS RECEIPTS
    2015-02-02 15:44 - 2010-02-01 13:36 - 00000000 ____D () C:\Users\Lappie\Documents\APPRAISALS
    2015-02-02 15:41 - 2011-03-11 18:28 - 00000000 ____D () C:\Users\Lappie\Desktop\STUFF FROM FLASH DRIVE
    2015-02-02 15:19 - 2014-12-27 19:02 - 00000000 ____D () C:\Users\Lappie\Desktop\REAL ESTATE INFO
    2015-02-02 15:19 - 2014-02-15 14:39 - 00000000 ____D () C:\Users\Lappie\Desktop\South Amboy Showings for Jessica
    2015-02-02 15:19 - 2013-11-13 14:49 - 00000000 ____D () C:\Users\Lappie\Desktop\print
    2015-02-02 15:19 - 2013-03-05 14:01 - 00000000 ____D () C:\Users\Lappie\Desktop\PHOTOS
    2015-02-02 15:18 - 2014-10-07 11:11 - 00000000 ____D () C:\Users\Lappie\Desktop\MEDICAL RECEIPTS
    2015-02-02 15:18 - 2014-09-24 09:02 - 00000000 ____D () C:\Users\Lappie\Desktop\FONTS BY NATALIE
    2015-02-02 15:18 - 2014-09-23 21:01 - 00000000 ____D () C:\Users\Lappie\Desktop\DIRECT MAIL MARKETING
    2015-02-02 15:18 - 2014-08-07 17:27 - 00000000 ____D () C:\Users\Lappie\Desktop\ms waste aug pymt for $30_files
    2015-02-02 15:18 - 2014-04-11 14:26 - 00000000 ____D () C:\Users\Lappie\Desktop\DEALS
    2015-02-02 15:18 - 2014-04-01 10:46 - 00000000 ____D () C:\Users\Lappie\Desktop\FLYER
    2015-02-02 15:18 - 2014-04-01 10:11 - 00000000 ____D () C:\Users\Lappie\Desktop\KATHY'S STUFF
    2015-02-02 15:18 - 2014-02-21 18:12 - 00000000 ____D () C:\Users\Lappie\Desktop\GEMSTAR
    2015-02-02 15:18 - 2014-02-11 16:25 - 00000000 ____D () C:\Users\Lappie\Desktop\PDFs for 238 Beacon AVe
    2015-02-02 15:18 - 2014-01-13 12:09 - 00000000 ____D () C:\Users\Lappie\Desktop\PDFs
    2015-02-02 15:18 - 2013-11-06 10:04 - 00000000 ____D () C:\Users\Lappie\Desktop\MARKETING FOR RE SALES
    2015-02-02 15:18 - 2011-11-22 15:33 - 00000000 ____D () C:\Users\Lappie\Desktop\jay picvs
    2015-02-02 15:17 - 2014-05-21 08:04 - 00000000 ____D () C:\Users\Lappie\Desktop\CLIENTS
    2015-02-02 15:17 - 2014-02-19 12:00 - 00000000 ____D () C:\Users\Lappie\Desktop\5 SHEA LANE PICS
    2015-02-02 15:16 - 2014-03-11 10:03 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\webex
    2015-02-02 15:16 - 2013-10-17 11:40 - 00000000 ____D () C:\Users\Lappie\Desktop\400 CROSS RD MATAWAN PICS
    2015-02-02 15:16 - 2012-04-30 21:46 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Skype
    2015-02-02 15:16 - 2011-06-23 19:15 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\vlc
    2015-02-02 15:16 - 2010-12-25 12:18 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\TOSHIBA
    2015-02-02 15:16 - 2010-05-06 13:25 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Steinberg
    2015-02-02 15:16 - 2010-01-25 10:43 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Research In Motion
    2015-02-02 15:16 - 2010-01-21 18:13 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Thunderbird
    2015-02-02 15:15 - 2012-07-12 10:14 - 00000000 ____D () C:\Users\Lappie\AppData\Local\TechSmith
    2015-02-02 15:15 - 2010-06-18 19:22 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Apple Computer
    2015-02-02 15:15 - 2010-05-21 16:31 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\HP
    2015-02-02 15:15 - 2010-02-10 17:40 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Facebook
    2015-02-02 15:15 - 2010-01-21 20:37 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\OpenOffice.org
    2015-02-02 15:15 - 2010-01-21 18:13 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Mozilla
    2015-02-02 15:15 - 2010-01-21 18:13 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Thunderbird
    2015-02-02 15:15 - 2010-01-16 21:41 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Nero
    2015-02-02 15:15 - 2010-01-08 15:58 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\acccore
    2015-02-02 15:15 - 2010-01-08 15:36 - 00000000 ____D () C:\Users\Lappie\AppData\Roaming\Adobe
    2015-02-02 15:14 - 2011-12-24 09:46 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Roblox
    2015-02-02 15:14 - 2010-09-27 22:36 - 00000000 ____D () C:\Users\Lappie\AppData\Local\SupportSoft
    2015-02-02 15:14 - 2010-06-08 07:30 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Symantec
    2015-02-02 15:14 - 2010-05-21 16:31 - 00000000 ____D () C:\Users\Lappie\AppData\Local\HP
    2015-02-02 15:14 - 2010-03-18 07:25 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Mozilla
    2015-02-02 15:13 - 2010-06-18 19:22 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Apple Computer
    2015-02-02 15:13 - 2010-06-18 19:21 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2015-02-02 15:13 - 2010-02-01 15:04 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Ahead
    2015-02-02 15:13 - 2010-01-13 14:21 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Adobe
    2015-02-02 15:13 - 2010-01-08 15:58 - 00000000 ____D () C:\Users\Lappie\AppData\Local\AOL OCP
    2015-02-02 15:13 - 2010-01-08 15:35 - 00000000 ____D () C:\Users\Lappie\AppData\Local\Google
    2015-02-02 15:13 - 2009-09-02 21:26 - 00000000 ____D () C:\ProgramData\WildTangent
    2015-02-02 15:12 - 2010-09-27 22:36 - 00000000 ____D () C:\ProgramData\SupportSoft
    2015-02-02 15:12 - 2010-04-13 11:31 - 00000000 ____D () C:\ProgramData\WebEx
    2015-02-02 15:12 - 2009-09-02 21:25 - 00000000 ____D () C:\ProgramData\Toshiba
    2015-02-02 15:11 - 2010-02-23 17:44 - 00000000 ____D () C:\ProgramData\Intuit
    2015-02-02 15:10 - 2010-05-21 16:02 - 00000000 ____D () C:\ProgramData\HP
    2015-02-02 15:09 - 2013-10-05 22:43 - 00000000 ____D () C:\ProgramData\DivX
    2015-02-02 15:09 - 2013-10-03 12:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2015-02-02 15:09 - 2011-06-07 19:35 - 00000000 ____D () C:\ProgramData\alamode
    2015-02-02 15:09 - 2010-06-18 19:19 - 00000000 ____D () C:\ProgramData\Apple Computer
    2015-02-02 15:09 - 2010-04-22 14:19 - 00000000 ____D () C:\ApexWin
    2015-02-02 15:09 - 2010-01-13 11:54 - 00000000 ____D () C:\ProgramData\FLEXnet
    2015-02-02 15:09 - 2010-01-08 15:57 - 00000000 ____D () C:\ProgramData\AOL OCP
    2015-02-02 15:01 - 2009-10-26 12:26 - 01500945 _____ () C:\windows\WindowsUpdate.log
    2015-02-02 10:44 - 2010-01-21 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
    2015-02-02 09:28 - 2011-11-13 01:00 - 00072364 _____ () C:\windows\setupact.log
    2015-02-01 02:31 - 2010-02-12 10:48 - 00000366 _____ () C:\windows\Tasks\Driver Fetch.job
    2015-01-29 20:18 - 2014-02-15 21:27 - 00002228 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-26 12:11 - 2014-09-15 14:26 - 00003574 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-468275512-914653057-1215199140-1000
    2015-01-25 05:03 - 2013-04-09 11:35 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-25 05:03 - 2012-11-29 12:39 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-01-25 05:03 - 2011-09-11 11:27 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-12 15:17 - 2010-03-13 22:05 - 00002944 _____ () C:\Users\Lappie\Documents\hinge.txt

    ==================== Files in the root of some directories =======

    2010-01-19 22:49 - 2010-01-19 22:49 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
    2010-01-10 15:28 - 2010-01-10 15:28 - 0000235 _____ () C:\Users\Lappie\AppData\Roaming\devices.xml
    2015-02-02 15:16 - 2015-02-02 15:16 - 0008658 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.HTML
    2015-02-02 15:16 - 2015-02-02 15:16 - 0045786 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.PNG
    2015-02-02 15:16 - 2015-02-02 15:16 - 0004272 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.TXT
    2015-02-02 15:16 - 2015-02-02 15:16 - 0000304 _____ () C:\Users\Lappie\AppData\Roaming\HELP_DECRYPT.URL
    2011-02-25 10:53 - 2012-06-11 09:35 - 0000308 _____ () C:\Users\Lappie\AppData\Roaming\Rim.Desktop.Exception.log
    2011-02-25 10:45 - 2011-02-25 10:45 - 0001153 _____ () C:\Users\Lappie\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2010-01-10 15:28 - 2010-01-10 15:28 - 0000012 _____ () C:\Users\Lappie\AppData\Roaming\settings.xml
    2015-02-02 15:15 - 2015-02-02 15:15 - 0008658 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.HTML
    2015-02-02 15:15 - 2015-02-02 15:15 - 0045786 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.PNG
    2015-02-02 15:15 - 2015-02-02 15:15 - 0004272 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.TXT
    2015-02-02 15:15 - 2015-02-02 15:15 - 0000304 _____ () C:\Users\Lappie\AppData\Local\HELP_DECRYPT.URL
    2015-02-02 15:13 - 2015-02-02 15:13 - 0008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-02-02 15:13 - 2015-02-02 15:13 - 0045786 _____ () C:\ProgramData\HELP_DECRYPT.PNG
    2015-02-02 15:13 - 2015-02-02 15:13 - 0004272 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-02-02 15:13 - 2015-02-02 15:13 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
    2010-01-09 23:53 - 2010-11-28 11:15 - 0014479 _____ () C:\ProgramData\hpzinstall.log
    2013-02-08 11:39 - 2014-02-15 13:54 - 0001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    Files to move or delete:
    ====================
    C:\Users\Lappie\hpothb07.dat
    C:\Users\Natalie\hpothb07.dat
    C:\Users\Public\hpothb07.dat


    Some content of TEMP:
    ====================
    C:\Users\Lappie\AppData\Local\Temp\elp.dll
    C:\Users\Lappie\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
    C:\Users\Lappie\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Lappie\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Lappie\AppData\Local\Temp\radE9B72.tmp.exe
    C:\Users\Lappie\AppData\Local\Temp\radED75A.tmp.exe
    C:\Users\Lappie\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Lappie\AppData\Local\Temp\update.exe
    C:\Users\Lappie\AppData\Local\Temp\_is3851.exe
    C:\Users\Lappie\AppData\Local\Temp\_isB77F.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-14 10:48

    ==================== End Of Log ============================
     
  5. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
    Ran by Lappie at 2015-02-02 20:11:07
    Running from C:\Users\Lappie\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 1.8.5 - )
    2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    ACI Collection 32 (HKLM-x32\...\{C1067095-24AB-4BCD-B64B-BE83A9186DCE}) (Version: 2010 - )
    ACI Delivery Client SP2.8 (HKLM-x32\...\{CCD88E41-79CF-486F-8024-E67FABDCF6F5}) (Version: 2.08.023 - ACI)
    ACI Desktop Additional Components (HKLM-x32\...\{B91E86A0-9F63-4E7E-9D53-2C0AB67BE15C}) (Version: 1.00.069 - ACI)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AppraisalSoft Enterprise Beta (HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\f1187fe52fd3cbe4) (Version: 2.0.9.70 - AppraisalBank, Inc)
    AppraisalSoft Remote Lite (HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\e30f0682c3a5dc94) (Version: 1.0.0.37 - AppraisalBank, Inc.)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
    Aventail Access Manager (x32 Version: 9.5.8 - Aventail Corporation) Hidden
    Aventail Web Proxy Agent (HKLM-x32\...\{9B0B46B3-10DF-4ADA-9501-0129D784563D}) (Version: 9.5.8 - Aventail Corporation)
    Aventail Webifiers (HKLM-x32\...\{54D44AD1-A083-48B9-BD6F-AFD517B7C775}) (Version: 9.5.8 - Aventail Corporation)
    BlackBerry Desktop Software 6.0.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
    BlackBerry Desktop Software 6.0.1 (x32 Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
    BlackBerry Device Software Updater (HKLM-x32\...\{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}) (Version: 5.0.1.32 - Research In Motion Ltd)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
    ClickFORMS (HKLM-x32\...\{0D910620-F8EE-11D4-A7B6-0080C6F23D71}) (Version: 2.4.8 - Bradford Technologies Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.6.63 - Conexant)
    Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
    CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.3 - GlobalSCAPE)
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
    Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
    DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
    DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
    DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
    DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
    DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
    DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
    Facebook Plug-In (HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
    Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
    FNC Uploader Files (HKLM-x32\...\FNC Uploader Files_is1) (Version: - FNC)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-468275512-914653057-1215199140-1000\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA)
    HDMI Control Manager (Version: 2.0 - TOSHIBA) Hidden
    HDMI Control Manager (x32 Version: 2.0 - TOSHIBA) Hidden
    HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
    HP Photosmart C309a All-In-One Driver 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    InterVideo WinDVD BD for TOSHIBA (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.107 - InterVideo Inc.)
    InterVideo WinDVD BD for TOSHIBA (x32 Version: 8.0.20.107 - InterVideo Inc.) Hidden
    iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
    Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1031 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.19.2900 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
    Mozilla Thunderbird (3.0.4) (HKLM-x32\...\Mozilla Thunderbird (3.0.4)) (Version: 3.0.4 (en-US) - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MyToshiba (HKLM-x32\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
    NCVSoftware Bundle 4.70 Build 212 (HKLM-x32\...\NCVSoftware Bundle_is1) (Version: - NCVSoftware)
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{2D8101CE-BBBD-498A-8F09-F2A8085D4F7B}) (Version: 2.0.11 - O2Micro International LTD.)
    O2Micro Flash Memory Card Windows Driver (Version: 2.0.11 - O2Micro International LTD.) Hidden
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    OJOsoft Total Video Converter (HKLM-x32\...\OJOsoft Total Video Converter_is1) (Version: 2.7.4.0126 - OJOsoft)
    OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
    PCL Printer Driver Uninstaller (HKLM\...\PCL Printer Driver) (Version: 6, 0, 1, 0 - Canon Inc.)
    PhoenixSketch (HKLM-x32\...\{69486FCF-13BE-42E9-844A-0A7CB1CC168B}) (Version: 1.6 - PhoenixSuite, LLC)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
    QuickBooks (x32 Version: 20.0.4005.807 - Intuit Inc.) Hidden
    Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
    QuickBooks Premier Edition 2010 (HKLM-x32\...\{0700E22B-A424-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4005.807 - Intuit Inc.)
    Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
    Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
    ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    Skype™ 5.9 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.9.114 - Skype Technologies S.A.)
    SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
    Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
    Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
    Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
    Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
    Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
    Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
    Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
    Steinberg Nuendo 4 (HKLM-x32\...\{41E0A8DD-4343-4B33-95C3-272A99F18984}) (Version: 4.3.0.371 - Steinberg Media Technologies GmbH)
    Steinberg Nuendo Expansion Kit (HKLM-x32\...\{A1E50F2C-F6CA-4C27-AEA7-819B2A486223}) (Version: 4.2.2.274 - Steinberg Media Technologies GmbH)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
    TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: - )
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.64 - TOSHIBA Corporation)
    Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: - )
    TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
    TOTAL 2011 (HKLM-x32\...\{B90A3D91-5145-4398-BC7B-AE93354BCD40}) (Version: 6.66.0000 - a la mode, inc.)
    TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
    TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Verizon Download Manager (HKLM-x32\...\{F54E5D65-CB60-4A31-A71B-BCFB0FA0076D}) (Version: 1.0.0 - Verizon)
    Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
    VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    WinSketch Pro 7 (HKLM-x32\...\WinSketch Pro 7) (Version: 7.8.2 - Jammin Software, Inc.)
    WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
    WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B5}) (Version: 3.0.9557 - WinZip Computing, S.L. )
    WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC)
    WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 5 - Antony Lewis)
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-468275512-914653057-1215199140-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2013-11-07 00:22 - 00001821 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1C0F0A73-A0A9-4DDD-9E45-D56E7CEF9A2F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
    Task: {70A006FC-96D9-411F-9751-02B6A3659493} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-LAPPIE-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {71E0E93B-4582-4935-BDED-A31CC3113620} - System32\Tasks\{FF4DA6F3-3787-466E-A1DA-A6240B35CDB6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Task: {76ACA95E-1E51-4C8E-BB0F-6E6FAB706095} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
    Task: {76EDB65A-1976-42D8-B98F-13E962E4F5F5} - System32\Tasks\{7D6BD998-626A-40FB-9DB3-751FF0F2972E} => pcalua.exe -a "C:\Users\Jeffrey\Downloads\FTP Downloads\RealPlayer11GOLD.exe" -d "C:\Users\Jeffrey\Downloads\FTP Downloads"
    Task: {7A45EF71-F808-47A2-B42F-F6C32209DEA0} - System32\Tasks\{EF36D136-DD93-44A8-8E08-CBFC457FABEC} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {86568A0F-5A62-458E-B4B7-AD4AD71F2FC9} - System32\Tasks\{9711F654-E42B-4F37-867D-8E08E892C0EF} => pcalua.exe -a D:\DNS323.exe -d D:\
    Task: {975ECDB0-5EB7-426F-AB03-D9E9BDD1C4F4} - System32\Tasks\Driver Fetch => C:\Program Files (x86)\Driver Fetch\2.0.0.0\DriverFetch.exe
    Task: {9DAC8F48-9243-4974-B4D6-07123F301779} - System32\Tasks\G2MUpdateTask-S-1-5-21-468275512-914653057-1215199140-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {AE6A58AD-C0F1-46C5-9B77-0ECFF097C88B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
    Task: {C72653CB-4269-46E0-8E49-A1401DFA48E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\Driver Fetch.job => C:\Program Files (x86)\Driver Fetch\2.0.0.0\DriverFetch.exe
    Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-468275512-914653057-1215199140-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-08-28 19:23 - 2013-08-28 19:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2009-08-03 20:18 - 2009-08-03 20:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2015-02-02 14:40 - 2015-02-02 14:40 - 00190572 _____ () C:\Users\Lappie\AppData\Local\Temp\2973.tmp
    2015-02-02 17:55 - 2015-02-02 17:55 - 00090112 _____ () C:\windows\FrameworkUpdate\Update.exe
    2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-28 19:25 - 2013-08-28 19:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    2010-01-21 13:02 - 2010-04-17 11:17 - 00160432 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
    2010-01-21 13:02 - 2010-04-17 11:17 - 00020144 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
    2015-01-29 20:18 - 2015-01-26 22:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
    2015-01-29 20:18 - 2015-01-26 22:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
    2015-01-29 20:18 - 2015-01-26 22:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
    2015-01-29 20:18 - 2015-01-26 22:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:2342AE46

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: IntuitUpdateService => 2
    MSCONFIG\Services: IntuitUpdateServiceV4 => 2
    MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
    MSCONFIG\Services: NMIndexingService => 3
    MSCONFIG\Services: O2FLASH => 2
    MSCONFIG\Services: QBCFMonitorService => 2
    MSCONFIG\Services: QBFCService => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Lappie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scans-reconnect.bat => C:\windows\pss\scans-reconnect.bat.Startup
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    MSCONFIG\startupreg: Aim6 => "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    MSCONFIG\startupreg: Intuit SyncManager => c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-468275512-914653057-1215199140-500 - Administrator - Disabled)
    Guest (S-1-5-21-468275512-914653057-1215199140-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-468275512-914653057-1215199140-1002 - Limited - Enabled)
    Lappie (S-1-5-21-468275512-914653057-1215199140-1000 - Administrator - Enabled) => C:\Users\Lappie
    Mcx1-LAPPIE-PC (S-1-5-21-468275512-914653057-1215199140-1007 - Limited - Enabled) => C:\Users\Mcx1-LAPPIE-PC

    ==================== Faulty Device Manager Devices =============

    Name: Photosmart C309a series
    Description: Photosmart C309a series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Photosmart C6100 series
    Description: Photosmart C6100 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Photosmart C309a series
    Description: Photosmart C309a series
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/02/2015 07:29:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (02/02/2015 06:29:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (02/02/2015 06:29:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (02/02/2015 05:54:36 PM) (Source: VSS) (EventID: 22) (User: )
    Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
    This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
    The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
    ].

    Error: (02/02/2015 05:54:33 PM) (Source: RpcNs) (EventID: 2) (User: )
    Description: C:\Users\Lappie\AppData\Local\Temp\7363.tmp4128

    Error: (02/02/2015 05:54:33 PM) (Source: RpcNs) (EventID: 2) (User: )
    Description: C:\Users\Lappie\AppData\Local\Temp\7363.tmp4128

    Error: (02/02/2015 05:28:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (02/02/2015 05:28:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (02/02/2015 04:28:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (02/02/2015 04:28:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .


    System errors:
    =============
    Error: (02/02/2015 04:50:36 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (02/01/2015 05:19:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 80.

    Error: (02/01/2015 02:50:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 80.

    Error: (01/16/2015 11:44:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (01/07/2015 09:35:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (12/24/2014 00:17:56 PM) (Source: BROWSER) (EventID: 8032) (User: )
    Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5C49BEE8-60D7-4851-AA0B-7543BE2574E0}.
    The backup browser is stopping.

    Error: (12/21/2014 01:47:00 PM) (Source: BROWSER) (EventID: 8032) (User: )
    Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5C49BEE8-60D7-4851-AA0B-7543BE2574E0}.
    The backup browser is stopping.

    Error: (12/20/2014 10:34:06 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer LAPSTER
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5C49BEE8-60D7-4851-AA0B-7543BE2574E0}.
    The master browser is stopping or an election is being forced.

    Error: (12/19/2014 11:07:32 AM) (Source: BROWSER) (EventID: 8032) (User: )
    Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5C49BEE8-60D7-4851-AA0B-7543BE2574E0}.
    The backup browser is stopping.

    Error: (12/06/2014 01:24:23 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:20:06 PM on &#8206;12/&#8206;6/&#8206;2014 was unexpected.


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
    Percentage of memory in use: 56%
    Total physical RAM: 5980.94 MB
    Available physical RAM: 2574.25 MB
    Total Pagefile: 11960.03 MB
    Available Pagefile: 7843.73 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: (TI102692W0G) (Fixed) (Total:453.35 GB) (Free:366.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: A3DF3CD1)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=453.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.9 GB) - (Type=17)

    ==================== End Of Log ============================
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Natalie117,
    Some notes about this machine:
    It's obviously used, at least partly, for business purposes.
    It appears to be a victim of a "Ransomware" infection called CryptoWall. Version 3 of Cryptowall, actually.
    These infections usually begin encrypting ALL the documents on the machine, then demand a ransom to deliver the key to Decrypt them.
    There is generally no defense for files already encrypted. Paying the ransom does not guarantee a successful decryption either.
    This is purveyed by serious crooks.

    Your only defense is the backups made of your documents prior to encryption.

    This machine appears to have tax documents and business information on it. Make Sure there are backups.
    The more the machine is used, the more documents will be encrypted.

    Did you think I was joking about installing Microsoft Security Essentials? Did you try and fail? You didn't say anything about it.

    Do these steps at once, in this sequence. This instruction is long because there is no time to waste.
    -----------------------------------------------------------
    Download the Microsoft Security Essentials Installer
    The download is here: http://www.microsoft.com/security_essentials/
    Choose "Save As" and Save it to your desktop. Make sure you can find it.
    -----------------------------------------------------------
    Install Microsoft Security Essentials (Antivirus)
    Double Click the icon for the Microsoft Security Essentials installer.
    Let it install, update itself, run a Full Scan and delete anything it finds.
    -------------------------------------------------------------------
    Run Malwarebytes' Anti-Malware
    • If you see a separate message box to Update databases, click OK and allow it to update before Scanning.
    • On the Scanner tab, make sure the Perform Full Scan button is checked, then click on the Scan button to begin.
      This may take a while, so be patient.
    • When the Scan has finished, a message box will appear telling you the scan was completed. Click OK.
    • You will be moved back to the main screen. Click on the Show Results button.
    • A list of the detected malware will be shown. Click on Remove Selected.
    • While removing malware, MBAM may display a message that it needs to reboot.
      If so, Allow it to reboot, and sign in as normal when Windows restarts.
    • When finished, with or without a reboot, a Scan log will be displayed in Notepad.
    • Copy and paste the contents back here in a reply.
    • Then close MBAM.
    The Log files can be found in this location: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
    -------------------------------------------------------------------
    Run ListCWall
    Download ListCwall from here:
    http://www.bleepingcomputer.com/download/listcwall/
    Save it on your desktop and Double click to run it.
    It will produce a new file on your desktop named listcwall.txt
    Please post the contents of that file in your next reply.
    -------------------------------------------------------------------
    We will be looking for the following in your reply:
    • Notes about business uses of the machine.
    • Anything in my instructions that doesn't work
    • The log from malwarebytes anti-malware.
    • Contents of the ListCwall.txt file on your desktop.

    Separate replies are fine.
    askey127
     
  7. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    no, i didn't think you were joking and i installed and ran it as soon as i read it. sorry for not saying anything
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Strangely, the FRST logs don't show it.
    That's why I asked.
    OK.
    Don't let me slow you down.
    Please run the Malwarebytes and the ListCwall scans.
     
  9. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/3/2015
    Scan Time: 12:35:44 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.03.06
    Rootkit Database: v2015.02.03.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x64
    File System: NTFS
    User: Lappie

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 484531
    Time Elapsed: 4 hr, 53 min, 1 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 1
    Trojan.Clicker.64, C:\Windows\FrameworkUpdate\Update.exe, 452, Delete-on-Reboot, [cc46ce4c6723e056390e8a8f837f55ab]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    Trojan.Clicker.64, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemUpdate, Quarantined, [cc46ce4c6723e056390e8a8f837f55ab],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 3
    Trojan.Clicker.64, C:\Windows\FrameworkUpdate\Update.exe, Delete-on-Reboot, [cc46ce4c6723e056390e8a8f837f55ab],
    Trojan.Clicker.64, C:\Users\Lappie\AppData\Local\Temp\C72C.tmp, Quarantined, [937fab6f37530333cd7a0a0fdb271ee2],
    Trojan.Agent.ED, C:\Users\Lappie\AppData\Local\Temp\2973.tmp, Quarantined, [70a2a17952382d0952c48a8f8a78ba46],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    i must have run the FRST before the MSE so that's why it didn't show. my apologies. i'll be extra careful to do things in the order specified.
     
  11. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    I've run the ListCWall. There are over 17,000 encryped files on my computer. the log is too big to post.
     
  12. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    i am a real estate appraiser, as well as a sales agent. that is the business use of my machine.
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Now you know what is going on. What would you like to do?
    Any documents for which you have no backups are gone.
    If you choose to pay, ( that message will likely show up at some future date), you may or may not get the lost ones back.
    ListCwall can be used to isolate all encrypted files in a separate directory, in case some method evolves to unencrypt them.
    Or, you may choose to isolate them and save them offline someplace.

    Your call.
    Tell me about the other questions, and what you are thinking.
    ... about the business use of this machine.
    I will help if I can.
    I just wanted to get you to the bottom of this quickly.

    askey127
     
  14. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    i have a .zip file of the ListCWall txt file.
     

    Attached Files:

  15. natalie117

    natalie117 Thread Starter

    Joined:
    Mar 29, 2008
    Messages:
    12
    what should i do now? do i reformat the hard drive and reinstall windows? essentially start over? will that cure this virus?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1142352

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice