just_apparently_stupid

Sorry, I don't know registry. If you give me instructions I might be able to do it. Here is the additional text log. *********** Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2013 02 Ran by Test at 2013-08-21 12:12:51 Running from C:\Users\Test Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 32 Bit HP CIO Components Installer (Version: 2.1.5) Acrobat.com (Version: 1.7.186) ActiveCheck component for HP Active Support Library (Version: 3.0.0.2) Adobe AIR (Version: 1.5.3.9130) Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Adobe Flash Player 11 Plugin (Version: 11.6.602.171) Adobe Reader 9.5.5 (Version: 9.5.5) Adobe Shockwave Player (Version: 11) AIO_Scan (Version: 90.0.222.000) AnswerWorks 5.0 English Runtime (Version: 008.000.0003) Apple Application Support (Version: 2.3) Apple Mobile Device Support (Version: 4.0.0.97) Apple Software Update (Version: 2.1.3.127) AVG 2013 (Version: 13.0.3211) AVG 2013 (Version: 13.0.3392) AVG 2013 (Version: 2013.0.3392) BufferChm (Version: 90.0.146.000) Camera Window DS (Version: 5.2) Camera Window DVC (Version: 5.4) Camera Window MC (Version: 5.4) Canon Camera Support Core Library (Version: 7.3.0.4) Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4) Canon Camera Window DS for ZoomBrowser EX (Version: 5.2) Canon Camera Window MC 5 for ZoomBrowser EX (Version: 5.4) Canon MovieEdit Task for ZoomBrowser EX (Version: 1.3.1.21) Canon PhotoRecord (Version: 02.02.02000) Canon RAW Image Task for ZoomBrowser EX (Version: 2.1) Canon Utilities PhotoStitch 3.1 (Version: 3.1.14) Canon ZoomBrowser EX (Version: 5.02.0100) Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000) CCleaner (Version: 4.04) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Copy (Version: 90.0.146.000) CustomerResearchQFolder (Version: 1.00.0000) CyberLink DVD Suite Deluxe (Version: .1707) D3DX10 (Version: 15.4.2368.0902) Destination Component (Version: 090.000.091.086) DeviceDiscovery (Version: 90.0.146.000) DeviceManagementQFolder (Version: 1.00.0000) DJ_AIO_ProductContext (Version: 90.0.236.000) DJ_AIO_Software (Version: 90.0.200.000) DJ_AIO_Software (Version: 90.0.222.000) DJ_AIO_Software_min (Version: 90.0.200.000) DJ_AIO_Software_min (Version: 90.0.222.000) DVD Play (Version: 2.4.5411) eSupportQFolder (Version: 1.00.0000) F4100 (Version: 90.0.222.000) F4100_doccd (Version: 90.0.200.000) F4100_doccd (Version: 90.0.222.000) F4100_Help (Version: 90.0.222.000) Google Chrome (Version: 28.0.1500.95) Google Desktop (Version: 5.9.1005.12335) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.153) Hardware Diagnostic Tools (Version: 5.1.4861.15) HP Active Support Library (Version: 3.1.9.1) HP Advisor (Version: 3.3.12286.3436) HP Customer Experience Enhancements (Version: 5.6.0.2510) HP Customer Feedback (Version: 1.0.0) HP Customer Participation Program 9.0 (Version: 9.0) HP Demo (Version: 1.00.0000) HP Deskjet All-In-One Software 9.0 (Version: 9.0) HP Imaging Device Functions 9.0 (Version: 9.0) HP Photosmart Essential 2.5 (Version: 1.03.0000) HP Photosmart Essential 3.0 (Version: 3.0) HP Product Assistant (Version: 100.000.001.000) HP Recovery Manager RSS (Version: 84.0.0.7) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 9.0 (Version: 9.0) HP Update (Version: 4.000.010.008) HPAsset component for HP Active Support Library (Version: 3.0.2.2) HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000) HPProductAssistant (Version: 90.0.146.000) HPSSupply (Version: 2.2.0.0000) HPTCSSetup (Version: 1.0.964.2626) Internet Explorer (Enable DEP) iTunes (Version: 10.5.2.11) Java Auto Updater (Version: 2.1.9.0) Java 6 Update 22 (Version: 6.0.220) Java 6 Update 3 (Version: 1.6.0.30) Java 6 Update 7 (Version: 1.6.0.70) Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10) Junk Mail filter update (Version: 15.4.3502.0922) LabelPrint (Version: 2.2.2913) Learning QuickBooks 2009 Learning QuickBooks 2009 (Version: 2007.9) LightScribe System Software (Version: 1.18.3.2) LightScribeTemplateLabeler (Version: 1.10.23.1) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 90.0.146.000) Mavis Beacon Teaches Typing 15 Mesh Runtime (Version: 15.4.5722.2) Messenger Companion (Version: 15.4.3502.0922) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Corporation (Version: 9.0.0.0) Microsoft Corporation (Version: 9.1.0.0) Microsoft LifeCam (Version: 3.60.253.0) Microsoft Office Home and Student 60 day trial Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Search Enhancement Pack (Version: 1.3.59.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) mIRC (Version: 6.35) MovieEdit Task (Version: 1.3.1.21) Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0) Mozilla Maintenance Service (Version: 19.0) MSN Toolbar (Version: 3.0.1203.0) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) muvee autoProducer 6.1 (Version: 6.10.050) My HP Games (Version: 1.0.0.52) MyPC Backup (Version: ) NVIDIA Drivers OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) OpenOffice.org 3.3 (Version: 3.3.9567) PCIe Soft Data Fax Modem with SmartCP (Version: 7.71.00.50) PhotoScape PhotoStitch (Version: 3.1.14) PictureMover (Version: 3.0.1.52) Power2Go (Version: 5.6.4109) PowerDirector (Version: 6.5.2926) PSSWCORE (Version: 2.03.0000) Python 2.5.2 (Version: 2.5.2150) QuickBooks (Version: 19.0.4007.703) QuickBooks Pro 2009 (Version: 19.0.4007.703) QuickTime (Version: 7.69.80.9) RAW Image Task 2.1 (Version: 2.1) Realtek High Definition Audio Driver (Version: 6.0.1.5789) Rhapsody Scan (Version: 9.0.0.0) Search Protect (Version: 2.6.0.108) Segoe UI (Version: 15.4.2271.0615) Skype™ 5.10 (Version: 5.10.116) SmartWebPrinting (Version: 140.0.186.000) SolutionCenter (Version: 90.0.146.000) Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0) SPORE Creature Creator Trial Edition (Version: 1.00.0000) Status (Version: 90.0.146.000) SupportSoft Assisted Service (Version: 15) Toolbox (Version: 90.0.146.000) TrayApp (Version: 90.0.146.000) TurboTax 2008 TurboTax 2008 WinPerFedFormset (Version: 008.000.0341) TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219) TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197) TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007) TurboTax 2008 WinPerUserEducation (Version: 008.000.0433) TurboTax 2008 wrapper (Version: 008.000.0065) TurboTax 2009 TurboTax 2009 WinPerFedFormset (Version: 009.000.2163) TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328) TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238) TurboTax 2009 wrapper (Version: 009.000.0145) TurboTax 2010 TurboTax 2010 WinPerFedFormset (Version: 010.000.4012) TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0457) TurboTax 2010 WinPerTaxSupport (Version: 010.000.0213) TurboTax 2010 wrapper (Version: 010.000.0157) TurboTax 2011 TurboTax 2011 WinPerFedFormset (Version: 011.000.3351) TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496) TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222) TurboTax 2011 wrapper (Version: 011.000.0121) TurboTax 2012 (Version: 2012.0) TurboTax 2012 WinPerFedFormset (Version: 012.000.2114) TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451) TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179) TurboTax 2012 wrapper (Version: 012.000.0127) UnloadSupport (Version: 9.0.0) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update Installer for WildTangent Games App VideoToolkit01 (Version: 110.0.171.000) WebReg (Version: 90.0.146.000) WildTangent Games App (HP Games) (Version: 4.0.10.17) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Messenger Companion Core (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live Sync (Version: 14.0.8089.726) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) WinZip 17.0 (Version: 17.0.10381) Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar Yontoo Layers Runtime 1.10.01 (Version: 1.10.01) Zuma Deluxe ==================== Restore Points ========================= Could not list Restore Points. ==================== Hosts content: ========================== 2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\Windows\Tasks\HPCeeScheduleForJim.job => ? Task: C:\Windows\Tasks\HPCeeScheduleForod.job => ? Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => ? ==================== Faulty Device Manager Devices ============= Name: Microsoft 6to4 Adapter Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (08/21/2013 00:28:41 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/21/2013 00:13:09 AM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/21/2013 00:12:30 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 07:38:03 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 07:02:06 PM) (Source: Application Error) (User: ) Description: Faulting application IntuitUpdateService.exe, version 4.0.7.0, time stamp 0x4fa2e7b3, faulting module imagehlp.dll_unloaded, version 0.0.0.0, time stamp 0x4f4e4011, exception code 0xc0000005, fault offset 0x76afd626, process id 0x10b8, application start time 0xIntuitUpdateService.exe0. Error: (08/20/2013 07:00:01 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 05:16:04 PM) (Source: Application Hang) (User: ) Description: The program FRST.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 91c Start Time: 01ce9dfd3b080a59 Termination Time: 0 Error: (08/20/2013 03:19:58 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 03:06:40 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 11:06:58 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16502, time stamp 0x51f08c68, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x006c0064, process id 0xb74, application start time 0xiexplore.exe0. System errors: ============= Error: (08/21/2013 01:56:36 AM) (Source: Dhcp) (User: ) Description: Your computer has lost the lease to its IP address 192.168.100.2 on the Network Card with network address 0023543B2E60. Error: (08/21/2013 01:55:55 AM) (Source: Dhcp) (User: ) Description: The IP address lease 24.113.103.225 for the Network Card with network address 0023543B2E60 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Error: (08/21/2013 00:28:42 AM) (Source: Service Control Manager) (User: ) Description: PxHelp20 Error: (08/21/2013 00:28:42 AM) (Source: Service Control Manager) (User: ) Description: Photoshop Elements Device Connect%%2 Error: (08/21/2013 00:28:42 AM) (Source: Service Control Manager) (User: ) Description: MCSTRM%%2 Error: (08/21/2013 00:28:42 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (08/21/2013 00:13:49 AM) (Source: Service Control Manager) (User: ) Description: Network List ServiceNetwork Location Awareness%%1068 Error: (08/21/2013 00:13:47 AM) (Source: DCOM) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (08/21/2013 00:13:46 AM) (Source: Service Control Manager) (User: ) Description: Network List ServiceNetwork Location Awareness%%1068 Error: (08/21/2013 00:13:35 AM) (Source: DCOM) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= Error: (08/21/2013 00:28:41 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/21/2013 00:13:09 AM) (Source: EventSystem)(User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/21/2013 00:12:30 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 07:38:03 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 07:02:06 PM) (Source: Application Error)(User: ) Description: IntuitUpdateService.exe4.0.7.04fa2e7b3imagehlp.dll_unloaded0.0.0.04f4e4011c000000576afd62610b801ce9e126c903412 Error: (08/20/2013 07:00:01 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 05:16:04 PM) (Source: Application Hang)(User: ) Description: FRST.exe3.3.8.191c01ce9dfd3b080a590 Error: (08/20/2013 03:19:58 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 03:06:40 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 11:06:58 PM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.1650251f08c68unknown0.0.0.000000000c0000005006c0064b7401ce9ca24d1d8b4b CodeIntegrity Errors: =================================== Date: 2013-08-21 12:12:33.104 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:12:32.667 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:12:32.230 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:12:31.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:12:31.263 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:12:30.779 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:12:30.327 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:12:29.874 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:00:10.291 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-21 12:00:09.839 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 61% Total physical RAM: 1917.76 MB Available physical RAM: 732.72 MB Total Pagefile: 4088.01 MB Available Pagefile: 2130.82 MB Total Virtual: 2047.88 MB Available Virtual: 1935.07 MB ==================== Drives ================================ Drive c: (COMPAQ) (Fixed) (Total:221.91 GB) (Free:143.66 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.97 GB) (Free:1.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: () (Removable) (Total:29.8 GB) (Free:29.76 GB) FAT32 ==================== MBR & Partition Table ================== ==================== End Of Log ============================

I'm assuming you wanted me to send just this particular line from addition txt log. I read the log and used the find feature using different search words but could not find any place in the log referring to HKEY. Nor did I find it in the other log. I'll be happy to copy the entire log but it is long. Also I ran the program with the top standard values checked and then checked additonal txt but not the other to the left of additional txt. Does this matter? Thanks.

This post was getting long and I didn't want to confuse the issue and I wanted to post before I forgot how I did what I did... or heck maybe I already have!

Oh.. and PLEASE PLEASE PLEASE do not think I am doing a new post because MrC wasn't helpful with my other post. He was and is! It's just that the previous post was getting long and so I directed him to this new post but made it an open forum question.

Hi. I posted yesterday under the topic ICE virus w/ Malwarebyte and Hitman expired HELP! I followed the directions (as you can see).. It seemed safe to be in my Test login but I got the Windows security alert. So, being "just apparently stupid" I clicked on it and saw that it was off and did some exploring and I'm not sure what I did, because I don't want to do it again... If it was under Internet options or Firewall exceptions I'm not sure but I clicked on an exceptions button (thinking, stupidly, that I could disable any exceptions) and BOOM! the ICE screen showed up! . Anyway, I powered off my computer and the "you didn't shut down correctly" screen came up and I entered in safe mode.. Amazingly the Malwarebyte program was there and worked (whereas it was expired in the other mode.. don't care why, just glad it was). I ran the program and the computer restarted and I was able to access my Test account again. I'm running Windows Vista and below is the log from Malwarebytes after this "fun" little incident...I didn't check any of the PUP boxes.. I just clicked on "fix" for whatever the Malwarebytes program had decided wasn't optional. Any HELP is greatly appreciated... Oh and viewing the last of my dialogue from the previous post may be helpful... THANK YOU! ********* Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.20.01 Windows Vista Service Pack 2 x86 NTFS (Safe Mode) Internet Explorer 9.0.8112.16421 Test :: OD-PC [limited] 8/21/2013 12:18:46 AM mbam-log-2013-08-21 (00-18-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191099 Time elapsed: 5 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\BackupStack (PUP.Optional.MyPCBackup) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup (PUP.Optional.MyPCBackup) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 15 C:\Users\od\AppData\Roaming\SpeedAnalysis2 (PUP.Optional.SpeedAnalysis.A) -> No action taken. C:\Program Files\MyPC Backup (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Config (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Database (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\log (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Resources (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Resources\cache (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\x64 (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\x86 (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\~updates (PUP.Optional.MyPCBackup) -> No action taken. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053} (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Cache (PUP.Optional.Tarma.A) -> No action taken. Files Detected: 70 C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken. C:\Users\od\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx (PUP.Optional.SpeedAnalysis.A) -> No action taken. C:\Program Files\MyPC Backup\pt_PT.mo (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\aff.conf (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\AlphaVSS.51.x86.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\AlphaVSS.52.x64.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\AlphaVSS.52.x86.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\AlphaVSS.60.x64.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\AlphaVSS.60.x86.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\AlphaVSS.Common.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\AWSSDK.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\BackupStack.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Configuration Updater.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Crypto32.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Crypto64.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\de_DE.mo (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\diffstack.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\es_ES.mo (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\fr_FR.mo (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\GetText.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\it_IT.mo (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\LogicNP.EZShellExtensions.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\MPCBClient.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\MPCBContextMenu.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\MPCBIconOverlays.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\MyPC Backup.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\mypcbackup.ico (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x64.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x86.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\RestartExplorer.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Service Start.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Shared Stack.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Signup Wizard.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\syncicon.ico (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\syncing.ico (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\tick.ico (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\uninst.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\UnRegisterExtensions.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Updater.exe (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Config\api.ts2 (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Database\mpcb_backup_conf.db (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Database\mpcb_file_cache.db (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Database\mpcb_queues.db (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Database\mpcb_settings.db (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Database\mpcb_sig_cache.db (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\Database\mpcb_version_queue.db (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\log\AUTH.log (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\log\LICENCE.log (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\log\REMOTING.log (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\log\REQUEST.log (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\log\SERVICE.log (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\log\UPDATER.log (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\x64\System.Data.SQLite.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll (PUP.Optional.MyPCBackup) -> No action taken. C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.ConduitSearchProtect) -> No action taken. C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken. C:\Users\od\AppData\Roaming\File Scout\filescout.exe (Trojan.PUP.Optional.FileScout.A) -> Delete on reboot. C:\Users\od\AppData\Local\Temp\nghynqbcqlsfogvga.dll (Backdoor.Bot) -> Delete on reboot. c:\users\od\templates\2433f433 (Trojan.Agent.TPL) -> Delete on reboot. C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Delete on reboot. C:\Users\od\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Delete on reboot. C:\Users\od\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Delete on reboot. (end)

I've posted something new under "HELP.. something sneaky"

please see my above comments and this additional one... I don't know if this has anything to do with how the virus is getting in or if this is a separate malware issue, or nothing at all. A few months back I switched out one of my printer cartridges. Since then I've had a balloon pop up when i access both User A, B or C that the printer has detected a new cartridge and to click on the "align" tab in the balloon. I've clicked on align but nothing happens, though I am able to click and close the balloon. As I think back on it, when I ran Hitman a few months back when I was "free and clear" I was able to click on the "align" tab and it worked! I thought, whew.. that issue is over with! But once I logged out and came back in the ballon popped up again with the "click here to align" which I can't do. As I said I can click "close" and it goes away. This happens even if I just exit that user without logging off. The next time I open that user login the balloon pops up. I've assumed that with Windows updates I needed to download a new driver and have been too lazy to follow up because I can just click and close the balloon. I don't know if this is a driver issue. I have an HP printer and I bought an (to my knowledge) un-recycled cartridge. I'm not suggesting the cartridge is at fault but I did want to mention the balloon pop up as it may be symptomatic of something else? Thanks again for your help!

Ok.. let me try that again with better spelling. I clicked on user A and got "Welcome" then it went to a dos prompt. When this happened before the person who helped me gave me a line to type in at that prompt that would get me into that login and everything was fine once I was in there. I got tired of typing that line and assumed there was still something not right so I did down load a "one time" copy of Hitman and after that was able to use my computer normally. Unfortunately there was a time stamp for trial use and I cannot do that again and, as I said, I'm not in a good financial position to pay for it at this time. Can you give me the proper words to type at the dos prompt to let me access user A so I can at least access it until I can either afford a fix or try something else? I can't find the paper I wrote it down on but it was something like: i/explorer something something.. Thank you!

I did clicked on user "A" the ICE screen did not come up but it took me to the dos prompt. This is the same thing that happened with the FBI virus.. There was a way by typing something like i/exlplorer that allowed me to access that user. The only way I found to get things back to normal a jolt by Hitman. Would you happen to know what I should typle at the prompt to get me into that user login? Thanks.

I'm scared to try.. should it be fixed?

I hope I downloaded your file correctly. Here is the log file. Thanks again! ********** Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-08-2013 Ran by Test at 2013-08-20 18:56:31 Run:1 Running from F:\ Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\od\AppData\Roaming\2433f433 C:\ProgramData\2433f433 C:\Users\od\AppData\Local\2433f433 ***************** Could not move "C:\Users\od\AppData\Roaming\2433f433" => Scheduled to move on reboot. Could not move "C:\ProgramData\2433f433" => Scheduled to move on reboot. Could not move "C:\Users\od\AppData\Local\2433f433" => Scheduled to move on reboot. =========== Result of Scheduled Files to move =========== "C:\Users\od\AppData\Roaming\2433f433" => File could not move. "C:\ProgramData\2433f433" => File could not move. "C:\Users\od\AppData\Local\2433f433" => File could not move. ==== End of Fixlog ====

Here is the log. Please note that I am able to use the computer with the virus using the a login called "Test". I cannot access either of the other logins without the ICE screen comimg up. That why the log shows i'm not authorized as administrator. Here is the log. Thanks for your help! ***** Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013 Ran by Test (ATTENTION: The logged in user is not administrator) on 20-08-2013 17:03:21 Running from F:\ Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Conduit) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\LifeExp.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (TLC Education Properties LLC) C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe (Hewlett-Packard Company) C:\Program Files\PictureMover\Bin\PictureMover.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Microsoft Corporation) C:\Windows\system32\sdclt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corp.) C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation) HKLM\...\Run: [DPService] - C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-11] (CyberLink Corp.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [hpqSRMon] - [x] HKLM\...\Run: [intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.) HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-19] (Google) HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [HPADVISOR] - [x] HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-15] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Personal Coach.lnk ShortcutTarget: Personal Coach.lnk -> C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe (TLC Education Properties LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) Startup: C:\Users\od\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\od\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.king5.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com SearchScopes: HKLM - DefaultScope {51EEC4A8-05B7-44A1-89F5-51ADBC3730C2} URL = SearchScopes: HKLM - {BB67E9B4-E19D-4753-A3FB-5C52509D3BF9} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt SearchScopes: HKLM - {D20B6448-844F-44E8-96EB-AEDDA205B403} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=OCId7wqOldUTFnlOuAop5JcDKi8?q={searchTerms} SearchScopes: HKCU - {BB67E9B4-E19D-4753-A3FB-5C52509D3BF9} URL = SearchScopes: HKCU - {D20B6448-844F-44E8-96EB-AEDDA205B403} URL = BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.) BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.) Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/default/mjolauncher.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/bingame/feed/default/SproutLauncher.cab DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 24.113.0.30 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Docs) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [knllpfimimccdfnihbikigiagifmllol] - C:\Users\od\AppData\Local\CRE\knllpfimimccdfnihbikigiagifmllol.crx CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\od\AppData\Local\Temp\YontooLayers.crx ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It) R2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [1733920 2013-08-11] (Conduit) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-19] (Google) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) R2 RadioRage_4jService; C:\PROGRA~1\RADIOR~2\bar\1.bin\4jbarsvc.exe [42504 2013-06-30] (COMPANYVERS_NAME) S2 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x] ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation) R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-08-20] (Malwarebytes Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S2 MCSTRM; No ImagePath S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [x] S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x] S0 PxHelp20; System32\Drivers\PxHelp20.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-20 16:13 - 2013-08-20 16:13 - 00000795 _____ C:\Windows\setupact.log 2013-08-20 16:13 - 2013-08-20 16:13 - 00000000 _____ C:\Windows\setuperr.log 2013-08-20 03:42 - 2013-08-20 03:42 - 00000000 ____D C:\Users\Test\AppData\Local\WinZip 2013-08-20 03:06 - 2013-08-20 03:06 - 00000000 ____D C:\Users\Test\AppData\Local\SearchProtect 2013-08-20 03:05 - 2013-08-20 03:05 - 00000558 _____ C:\Windows\PFRO.log 2013-08-20 02:49 - 2013-08-20 02:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-08-20 02:44 - 2013-08-20 03:06 - 00000000 ____D C:\Program Files\MyPC Backup 2013-08-20 02:44 - 2013-08-20 02:44 - 00000850 _____ C:\Users\od\Desktop\MyPC Backup.lnk 2013-08-20 02:43 - 2013-08-20 03:20 - 00000000 ____D C:\Users\od\AppData\Local\SearchProtect 2013-08-20 02:43 - 2013-08-20 02:43 - 00001710 _____ C:\Users\od\Desktop\Install HitmanPro 3 (32-bit).lnk 2013-08-20 02:43 - 2013-08-20 02:43 - 00000000 ____D C:\Program Files\SearchProtect 2013-08-20 02:38 - 2013-08-20 02:38 - 01097723 _____ C:\Users\od\AppData\Roaming\2433f433 2013-08-20 02:38 - 2013-08-20 02:38 - 01097721 _____ C:\ProgramData\2433f433 2013-08-20 02:38 - 2013-08-20 02:38 - 01097711 _____ C:\Users\od\AppData\Local\2433f433 2013-08-19 00:42 - 2013-08-19 00:42 - 00000133 _____ C:\Users\od\Documents\literotica links.txt 2013-08-18 22:50 - 2013-08-18 22:50 - 00000000 ____D C:\Users\od\AppData\Local\{3E960398-3241-47DD-9799-F21FECB594CA} 2013-08-16 01:18 - 2013-08-16 02:41 - 00000083 _____ C:\Users\od\stories to read.txt 2013-08-14 21:01 - 2013-08-14 21:01 - 00000000 ____D C:\Users\od\AppData\Local\{E8700723-F6BF-426B-8882-1CEB3F88B862} 2013-08-13 21:31 - 2013-08-13 21:31 - 00000000 ____D C:\Users\od\AppData\Local\{883C7E49-D402-4CE8-B1BE-FEEC490AD55D} 2013-08-13 20:40 - 2013-07-24 19:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-13 20:40 - 2013-07-24 19:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-13 20:40 - 2013-07-24 19:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-13 20:40 - 2013-07-24 19:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-13 20:40 - 2013-07-24 19:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-13 20:40 - 2013-07-24 19:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-08-13 20:40 - 2013-07-24 19:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-13 20:40 - 2013-07-24 19:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-13 20:40 - 2013-07-24 19:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-13 20:40 - 2013-07-24 19:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-13 20:40 - 2013-07-24 19:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-13 20:40 - 2013-07-24 19:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-08-13 20:40 - 2013-07-24 19:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-08-13 20:40 - 2013-07-24 19:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-13 20:40 - 2013-07-24 19:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-13 20:40 - 2013-07-24 19:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-13 20:38 - 2013-07-17 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-13 20:38 - 2013-07-10 02:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-13 20:38 - 2013-07-09 05:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-13 20:38 - 2013-07-07 21:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-08-13 20:38 - 2013-07-07 21:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-13 20:38 - 2013-07-04 21:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-13 20:38 - 2013-06-15 06:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2013-08-13 20:38 - 2013-06-15 04:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 20:37 - 2013-07-07 21:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-13 20:37 - 2013-07-07 21:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-13 20:37 - 2013-07-07 21:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-13 20:37 - 2013-07-07 21:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-12 13:03 - 2013-08-13 12:34 - 00024177 _____ C:\Users\od\Documents\Catherine Office resume.odt 2013-08-12 13:01 - 2013-08-12 13:01 - 00012107 _____ C:\Users\od\Documents\nordic email.odt 2013-08-12 02:40 - 2013-08-12 02:40 - 00000022 _____ C:\Users\od\rob artist west seattle.txt 2013-08-12 02:07 - 2013-08-12 02:07 - 00000383 _____ C:\Users\od\manning street.txt 2013-08-06 02:17 - 2013-08-06 02:17 - 00000325 _____ C:\Users\od\BDSM gatherin.txt 2013-08-06 01:18 - 2013-08-06 01:18 - 00000030 _____ C:\Users\od\mrmutantstories.txt 2013-08-04 03:53 - 2013-08-04 03:53 - 00000000 ____D C:\Users\od\AppData\Local\{ADF7A7C8-8098-48BB-88A8-FDAFE1C4CD62} 2013-08-01 01:25 - 2013-08-01 01:26 - 00000000 ____D C:\Users\od\AppData\Local\{CB29C3B1-49C5-4A27-AB22-AE491F3B77B3} 2013-07-28 00:49 - 2013-07-28 00:49 - 00000059 _____ C:\Users\od\Bucky.txt 2013-07-21 00:54 - 2013-07-21 00:54 - 00000432 _____ C:\Users\od\Sirlostpm.. more.txt 2013-07-21 00:41 - 2013-07-21 00:41 - 00000028 _____ C:\Users\od\chatroom_email_send.txt 2013-07-21 00:38 - 2013-07-21 00:38 - 00001406 _____ C:\Users\od\SirLost_pm.txt ==================== One Month Modified Files and Folders ======= 2013-08-20 16:37 - 2010-01-28 23:00 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-20 16:30 - 2013-08-20 16:30 - 00000000 ____D C:\FRST 2013-08-20 16:15 - 2006-11-02 03:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-20 16:13 - 2013-08-20 16:13 - 00000795 _____ C:\Windows\setupact.log 2013-08-20 16:13 - 2013-08-20 16:13 - 00000000 _____ C:\Windows\setuperr.log 2013-08-20 15:20 - 2006-11-02 05:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-20 15:20 - 2006-11-02 05:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-20 11:37 - 2010-01-28 23:00 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-20 10:39 - 2008-10-24 01:12 - 01947792 _____ C:\Windows\WindowsUpdate.log 2013-08-20 09:02 - 2010-10-28 17:46 - 00000000 ____D C:\ProgramData\MFAData 2013-08-20 03:42 - 2013-08-20 03:42 - 00000000 ____D C:\Users\Test\AppData\Local\WinZip 2013-08-20 03:21 - 2013-01-24 10:42 - 00000342 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2013-08-20 03:20 - 2013-08-20 02:43 - 00000000 ____D C:\Users\od\AppData\Local\SearchProtect 2013-08-20 03:19 - 2006-11-02 05:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-20 03:18 - 2006-11-02 05:58 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-20 03:06 - 2013-08-20 03:06 - 00000000 ____D C:\Users\Test\AppData\Local\SearchProtect 2013-08-20 03:06 - 2013-08-20 02:44 - 00000000 ____D C:\Program Files\MyPC Backup 2013-08-20 03:05 - 2013-08-20 03:05 - 00000558 _____ C:\Windows\PFRO.log 2013-08-20 02:51 - 2013-08-20 02:49 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-08-20 02:49 - 2013-05-31 14:29 - 00000872 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-20 02:49 - 2013-05-31 14:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-20 02:44 - 2013-08-20 02:44 - 00000850 _____ C:\Users\od\Desktop\MyPC Backup.lnk 2013-08-20 02:43 - 2013-08-20 02:43 - 00001710 _____ C:\Users\od\Desktop\Install HitmanPro 3 (32-bit).lnk 2013-08-20 02:43 - 2013-08-20 02:43 - 00000000 ____D C:\Program Files\SearchProtect 2013-08-20 02:42 - 2013-01-29 05:21 - 00000000 _____ C:\end 2013-08-20 02:41 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Resources 2013-08-20 02:38 - 2013-08-20 02:38 - 01097723 _____ C:\Users\od\AppData\Roaming\2433f433 2013-08-20 02:38 - 2013-08-20 02:38 - 01097721 _____ C:\ProgramData\2433f433 2013-08-20 02:38 - 2013-08-20 02:38 - 01097711 _____ C:\Users\od\AppData\Local\2433f433 2013-08-19 00:42 - 2013-08-19 00:42 - 00000133 _____ C:\Users\od\Documents\literotica links.txt 2013-08-18 22:50 - 2013-08-18 22:50 - 00000000 ____D C:\Users\od\AppData\Local\{3E960398-3241-47DD-9799-F21FECB594CA} 2013-08-18 22:50 - 2009-01-21 16:54 - 00000000 ____D C:\Users\od\Tracing 2013-08-17 23:08 - 2008-12-10 16:59 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForod.job 2013-08-16 02:41 - 2013-08-16 01:18 - 00000083 _____ C:\Users\od\stories to read.txt 2013-08-16 01:18 - 2008-12-10 16:56 - 00000000 ____D C:\Users\od 2013-08-14 21:01 - 2013-08-14 21:01 - 00000000 ____D C:\Users\od\AppData\Local\{E8700723-F6BF-426B-8882-1CEB3F88B862} 2013-08-13 21:42 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache 2013-08-13 21:42 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-13 21:31 - 2013-08-13 21:31 - 00000000 ____D C:\Users\od\AppData\Local\{883C7E49-D402-4CE8-B1BE-FEEC490AD55D} 2013-08-13 21:25 - 2011-11-20 18:59 - 00000314 _____ C:\Windows\Tasks\HPCeeScheduleForJim.job 2013-08-13 20:53 - 2013-07-10 22:23 - 00000000 ____D C:\Windows\system32\MRT 2013-08-13 20:49 - 2006-11-02 03:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-08-13 12:34 - 2013-08-12 13:03 - 00024177 _____ C:\Users\od\Documents\Catherine Office resume.odt 2013-08-13 00:36 - 2009-05-16 21:18 - 00087040 ____H C:\Users\od\Documents\photothumb.db 2013-08-12 13:01 - 2013-08-12 13:01 - 00012107 _____ C:\Users\od\Documents\nordic email.odt 2013-08-12 02:40 - 2013-08-12 02:40 - 00000022 _____ C:\Users\od\rob artist west seattle.txt 2013-08-12 02:07 - 2013-08-12 02:07 - 00000383 _____ C:\Users\od\manning street.txt 2013-08-10 02:01 - 2008-12-10 18:55 - 00000052 _____ C:\Windows\system32\DOErrors.log 2013-08-06 02:17 - 2013-08-06 02:17 - 00000325 _____ C:\Users\od\BDSM gatherin.txt 2013-08-06 01:18 - 2013-08-06 01:18 - 00000030 _____ C:\Users\od\mrmutantstories.txt 2013-08-04 03:53 - 2013-08-04 03:53 - 00000000 ____D C:\Users\od\AppData\Local\{ADF7A7C8-8098-48BB-88A8-FDAFE1C4CD62} 2013-08-04 01:23 - 2010-06-26 23:22 - 00000000 ___RD C:\Users\od\Documents\HOVER[1] 2013-08-04 01:14 - 2009-07-30 00:22 - 00000000 ____D C:\Users\od\Documents\Job 2013-08-04 01:11 - 2012-07-24 18:08 - 00014336 ____H C:\Users\od\photothumb.db 2013-08-04 01:01 - 2009-01-21 13:05 - 00000000 ____D C:\Users\od\Documents\My Scans 2013-08-01 03:42 - 2011-08-02 03:42 - 00001893 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-01 01:26 - 2013-08-01 01:25 - 00000000 ____D C:\Users\od\AppData\Local\{CB29C3B1-49C5-4A27-AB22-AE491F3B77B3} 2013-07-30 09:40 - 2012-10-15 19:11 - 00000764 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-30 01:40 - 2011-08-02 03:42 - 00000770 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-07-30 01:39 - 2009-03-09 21:32 - 00000000 ____D C:\Program Files\CCleaner 2013-07-28 00:49 - 2013-07-28 00:49 - 00000059 _____ C:\Users\od\Bucky.txt 2013-07-24 19:40 - 2013-08-13 20:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-24 19:32 - 2013-08-13 20:40 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-24 19:30 - 2013-08-13 20:40 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-24 19:26 - 2013-08-13 20:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-24 19:26 - 2013-08-13 20:40 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-24 19:25 - 2013-08-13 20:40 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-24 19:24 - 2013-08-13 20:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-24 19:24 - 2013-08-13 20:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-24 19:23 - 2013-08-13 20:40 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-24 19:23 - 2013-08-13 20:40 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-24 19:23 - 2013-08-13 20:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-24 19:23 - 2013-08-13 20:40 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-24 19:23 - 2013-08-13 20:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-24 19:22 - 2013-08-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-24 19:22 - 2013-08-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-24 19:22 - 2013-08-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-21 00:54 - 2013-07-21 00:54 - 00000432 _____ C:\Users\od\Sirlostpm.. more.txt 2013-07-21 00:41 - 2013-07-21 00:41 - 00000028 _____ C:\Users\od\chatroom_email_send.txt 2013-07-21 00:38 - 2013-07-21 00:38 - 00001406 _____ C:\Users\od\SirLost_pm.txt ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================

Can't believe I got this. Last time it was HOMELAND.. now it's ICE.. I have Windows Vista with, let's call them User A, B and C logins. I just got the Virus on A.. was able to switch to B and when i ran and went to copy the Malwarebyes log after running it but before cleaning, the ICE screen popped up again.. I turned off the computer and fortunately i can access user C on this computer.. My problem is: I can't run Malwarebytes or Hitman because even though it was a trial for Malwarebytes a few months ago and used Hitman only once a few months ago I am denied access to them for clearing this virus unless I pay. I'm not rolling in money these days. Can someone please help with other options? As stupid as I am, I'm also very appreciative of help.. THANKS!