Jump to content

JerryP412

Members
  • Posts

    20
  • Joined

  • Last visited

Everything posted by JerryP412

  1. Hi Adam, Yes, my wife will be very sorry to hear that. We do have one recurring problem since we cleaned the computer. Skype will not load/operate under the Pow Family II login. Skype loads/operates normally under the Admin login. I've uninstalled it with the removal tool that we used early in the cleaning. And then reinstalled Skype through the P Fam II login; same result as when it was installed through the Admin login. Any idea what would be causing it to start, then detect a 'problem' and close? Thx, Jerry
  2. Hi Adam, I renamed and uploaded the file you requested. And I renamed it back, but now I can't get it to have the XBAD file extension. How do I reset the file extension back to XBAD? Thx, Jerry
  3. Hi Adam, I updated the software as requested, and below is the log from SecurityCheck: Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2015 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader XI Google Chrome 38.0.2125.111 Google Chrome 38.0.2125.122 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` As far as I can tell the computer is performing normally. So far, no outstanding issues. Thanks!
  4. Hi Adam, I have uploaded one of the altered files to the linked 'channel' you provided. By the way, are we done with cleaning the computer? Is it safe to start using normally again? Thanks again for your expert assistance!!
  5. Hi Adam, Sorry for the delayed reply; I was out of town. I've tried to attach one of the encrypted Word files, but I don't have permission to post that type of file. Any suggestions?
  6. Adam, I've read that some of the CryptoWall 2.0 bugs are imposters and do not use the true RSA-2048 encryption. I'm wondering if anything you've seen might suggest that my bug was a fake CryptoWall 2.0? If so, maybe the encryption used wasn't very strong and the files can still be recovered with one of the de-encrypter programs; like Kaspersky's RakhniDecryptor or RectorDecryptor. What do you think the chances are?
  7. Adam, Lots of infected files found by this scan! C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\CanonBJ\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\CanonBJ\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\LogiShrd\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\LogiShrd\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\LogiShrd\Updater\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\LogiShrd\Updater\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\SiteSafety\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\SiteSafety\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Skype\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Skype\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Skype\Apps\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\Skype\Apps\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
  8. Hi Adam, Here are the first two logs requested: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01 Ran by Optiplex-755 at 2014-11-11 19:15:04 Run:3 Running from C:\Users\Optiplex-755\Desktop Loaded Profile: Optiplex-755 (Available profiles: Optiplex-755 & Powell Family II) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-3393986835-1049654633-373516032-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit) 2014-11-10 19:54 - 2013-11-30 10:00 - 00000000 ____D () C:\ProgramData\ProductData 2014-11-09 13:08 - 2013-11-30 09:59 - 00000000 ____D () C:\Program Files\IObit 2014-11-09 12:45 - 2012-05-15 17:12 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Local\AVG Secure Search Task: {0B3EACAF-9BEF-4A0C-8FE4-4C6E73380CEA} - System32\Tasks\ASC7_SkipUac_Optiplex-755 => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe Task: {20A860ED-5344-4355-AF74-B4C575A695DF} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe Task: {F0DA9B2D-ADEF-4829-A691-79ABDD85F2DA} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59143727.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59143727.sys => ""="Driver" C:\Program Files\AVG Security Toolbar C:\Users\Optiplex-755\AppData\LocalLow\AVG Secure Search C:\Users\Powell Family\AppData\Local\AVG Secure Search C:\Users\Powell Family\AppData\LocalLow\AVG Secure Search C:\Users\Powell Family II\AppData\LocalLow\AVG Secure Search EmptyTemp: end ***************** "HKU\S-1-5-21-3393986835-1049654633-373516032-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. LiveUpdateSvc => Service deleted successfully. C:\ProgramData\ProductData => Moved successfully. C:\Program Files\IObit => Moved successfully. C:\Users\Optiplex-755\AppData\Local\AVG Secure Search => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B3EACAF-9BEF-4A0C-8FE4-4C6E73380CEA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B3EACAF-9BEF-4A0C-8FE4-4C6E73380CEA}" => Key deleted successfully. C:\Windows\System32\Tasks\ASC7_SkipUac_Optiplex-755 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Optiplex-755" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20A860ED-5344-4355-AF74-B4C575A695DF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20A860ED-5344-4355-AF74-B4C575A695DF}" => Key deleted successfully. C:\Windows\System32\Tasks\ASC7_PerformanceMonitor => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_PerformanceMonitor" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0DA9B2D-ADEF-4829-A691-79ABDD85F2DA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0DA9B2D-ADEF-4829-A691-79ABDD85F2DA}" => Key deleted successfully. C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\59143727.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\59143727.sys" => Key deleted successfully. C:\Program Files\AVG Security Toolbar => Moved successfully. C:\Users\Optiplex-755\AppData\LocalLow\AVG Secure Search => Moved successfully. C:\Users\Powell Family\AppData\Local\AVG Secure Search => Moved successfully. C:\Users\Powell Family\AppData\LocalLow\AVG Secure Search => Moved successfully. C:\Users\Powell Family II\AppData\LocalLow\AVG Secure Search => Moved successfully. EmptyTemp: => Removed 45.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/8/2014 Scan Time: 12:53:24 PM Logfile: Administrator: No Version: 2.00.3.1025 Malware Database: v2014.11.08.04 Rootkit Database: v2014.11.08.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Optiplex-755 Scan Type: Threat Scan Result: Completed Objects Scanned: 390627 Time Elapsed: 25 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.Spigot.A, HKU\S-1-5-21-3393986835-1049654633-373516032-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [a9ab43f67a029e98b6893c63798b9c64], PUP.Optional.Conduit.A, HKU\S-1-5-21-3393986835-1049654633-373516032-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\conduit.com, Quarantined, [84d075c485f7ba7cb9c2b4f02dd755ab], Registry Values: 1 PUP.Optional.ConduitSearchProtect, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtect, C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe, Quarantined, [de7657e2c1bbe6506ae71e5ec1436799] Registry Data: 1 PUP.Optional.Spigot.A, HKU\S-1-5-21-3393986835-1049654633-373516032-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.yahoo.com/?type=114576&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (http://search.yahoo.com/?type=114576&fr=spigot-yhp-ie),Replaced,[ba9a8faab0ccbd7934de60d55fa68a76] Folders: 4 PUP.Optional.Spigot.A, C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [a7adbf7a5d1f181e060e05077f84d828], PUP.Optional.Spigot.A, C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0, Quarantined, [a7adbf7a5d1f181e060e05077f84d828], PUP.Optional.WiseConvert.A, C:\Users\Powell Family\AppData\LocalLow\WiseConvert_B2, Quarantined, [a9ab09307efee74fab5db078a45fa759], PUP.Optional.WiseConvert.A, C:\Users\Powell Family\AppData\LocalLow\WiseConvert_B2\Logs, Quarantined, [a9ab09307efee74fab5db078a45fa759], Files: 7 PUP.Optional.Spigot.A, C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\background.js, Quarantined, [a7adbf7a5d1f181e060e05077f84d828], PUP.Optional.Spigot.A, C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\ebay-128.png, Quarantined, [a7adbf7a5d1f181e060e05077f84d828], PUP.Optional.Spigot.A, C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\ebay-19.png, Quarantined, [a7adbf7a5d1f181e060e05077f84d828], PUP.Optional.Spigot.A, C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\ebay-48.png, Quarantined, [a7adbf7a5d1f181e060e05077f84d828], PUP.Optional.Spigot.A, C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\manifest.json, Quarantined, [a7adbf7a5d1f181e060e05077f84d828], PUP.Optional.WiseConvert.A, C:\Users\Powell Family\AppData\LocalLow\WiseConvert_B2\toolbar.cfg, Quarantined, [a9ab09307efee74fab5db078a45fa759], PUP.Optional.Spigot.A, C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage" : "http://search.yahoo.com/?type=198484&fr=spigot-yhp-ch",), Replaced,[c98b3aff0e6e2b0b64bb3c391bea748c] Physical Sectors: 0 (No malicious items detected) (end)
  9. Hi Adam, The computer seems to be running normally; I'll know better after we run it for a day or so. The browsers in both Opti-755 and in Pow Fam II all seemed to reset properly. The download settings in both Opti-755 and in Pow Fam II all seemed to reset properly. Below are the requested logs: # AdwCleaner v4.101 - Report created 10/11/2014 at 22:11:30 # Updated 09/11/2014 by Xplode # Database : 2014-11-10.9 [Live] # Operating System : Windows 7 Professional Service Pack 1 (32 bits) # Username : Optiplex-755 - OPTIPLEX-755 # Running from : C:\Users\Optiplex-755\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\iolo [x] Not Deleted : C:\Program Files\AVG Security Toolbar [x] Not Deleted : C:\Users\Optiplex-755\AppData\Local\AVG Secure Search [x] Not Deleted : C:\Users\Optiplex-755\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\Optiplex-755\AppData\Roaming\0D0S1L2Z1P1B [x] Not Deleted : C:\Users\Powell Family\AppData\Local\AVG Secure Search [x] Not Deleted : C:\Users\Powell Family\AppData\LocalLow\AVG Secure Search [x] Not Deleted : C:\Users\Powell Family II\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Deleted : C:\Users\Powell Family II\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Folder Deleted : C:\Users\Powell Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\dsiteproducts [x] Not Deleted : HKLM\SOFTWARE\AVG Security Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 [x] Not Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Google Chrome v38.0.2125.111 [C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Powell Family II\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Powell Family II\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [4716 octets] - [10/11/2014 21:54:41] AdwCleaner[s0].txt - [4521 octets] - [10/11/2014 22:11:30] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4581 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows 7 Professional x86 Ran by Optiplex-755 on Mon 11/10/2014 at 22:30:01.19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3393986835-1049654633-373516032-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util mega browse ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 11/10/2014 at 22:31:51.04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01 Ran by Optiplex-755 (administrator) on OPTIPLEX-755 on 10-11-2014 22:40:26 Running from C:\Users\Optiplex-755\Desktop Loaded Profiles: Optiplex-755 & Powell Family II (Available profiles: Optiplex-755 & Powell Family II) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.) HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.) HKLM\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3393986835-1049654633-373516032-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-19] (Google Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3393986835-1049654633-373516032-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-02] Chrome: ======= CHR Profile: C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09] CHR Extension: (Google Wallet) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit) R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213272 2014-10-07] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies) R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [844064 2010-02-12] (Ralink Technology Corp.) S3 catchme; \??\C:\Users\OPTIPL~1\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-10 22:40 - 2014-11-10 22:41 - 00011236 _____ () C:\Users\Optiplex-755\Desktop\FRST.txt 2014-11-10 22:31 - 2014-11-10 22:34 - 00001611 _____ () C:\Users\Optiplex-755\Desktop\JRT.txt 2014-11-10 22:29 - 2014-11-10 22:29 - 00000000 ____D () C:\Windows\ERUNT 2014-11-10 22:15 - 2014-11-10 22:15 - 00004661 _____ () C:\Users\Optiplex-755\Desktop\AdwCleaner[s0].txt 2014-11-10 21:54 - 2014-11-10 22:11 - 00000000 ____D () C:\AdwCleaner 2014-11-10 21:53 - 2014-11-10 21:53 - 01706808 _____ (Thisisu) C:\Users\Optiplex-755\Desktop\JRT.exe 2014-11-10 21:47 - 2014-11-10 21:47 - 02140160 _____ () C:\Users\Optiplex-755\Desktop\AdwCleaner.exe 2014-11-10 01:12 - 2014-11-10 01:12 - 00426358 _____ () C:\Users\Optiplex-755\Downloads\CryptoWall20AttackCleanupHelppageNumber-MalwareRemovalHelp-MalwarebytesForum.html 2014-11-10 00:34 - 2014-11-10 00:34 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Optiplex-755\Desktop\tdsskiller.exe 2014-11-10 00:23 - 2014-11-10 00:23 - 00012513 _____ () C:\Users\Optiplex-755\Desktop\ComboFix.txt 2014-11-09 23:58 - 2014-11-10 00:24 - 00000000 ____D () C:\Qoobox 2014-11-09 23:58 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-09 23:58 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-09 23:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-09 23:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-09 23:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-09 23:58 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-09 23:58 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-09 23:58 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-09 23:57 - 2014-11-10 00:22 - 00000000 ____D () C:\Windows\erdnt 2014-11-09 23:55 - 2014-11-09 23:55 - 05597372 ____R (Swearware) C:\Users\Optiplex-755\Desktop\ComboFix.exe 2014-11-09 23:25 - 2014-11-09 23:26 - 00000000 ___RD () C:\Program Files\Skype 2014-11-09 23:25 - 2014-11-09 23:25 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-11-09 23:25 - 2014-11-09 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-09 23:25 - 2014-11-09 23:25 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-11-09 18:20 - 2014-11-09 18:22 - 00032617 _____ () C:\Users\Optiplex-755\Documents\Search 110914 1822.txt 2014-11-09 13:43 - 2014-11-09 13:43 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\AVG2015 2014-11-09 13:42 - 2014-11-09 13:42 - 00000000 ____D () C:\Users\Powell Family II\AppData\Local\Avg2015 2014-11-09 13:35 - 2014-11-09 13:35 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2014-11-09 13:35 - 2014-11-09 13:35 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\AVG2015 2014-11-09 13:35 - 2014-11-09 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-11-09 13:34 - 2014-11-09 13:35 - 00000000 ____D () C:\ProgramData\AVG2015 2014-11-09 13:34 - 2014-11-09 13:34 - 00000000 ____D () C:\$AVG 2014-11-09 13:30 - 2014-11-09 13:35 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Local\Avg2015 2014-11-09 12:57 - 2014-11-10 22:36 - 00087244 _____ () C:\Windows\setupact.log 2014-11-09 12:57 - 2014-11-10 22:13 - 00031474 _____ () C:\Windows\PFRO.log 2014-11-09 12:57 - 2014-11-09 12:57 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-09 12:47 - 2014-11-09 12:47 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2014-11-09 12:17 - 2014-11-09 12:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Optiplex-755\Downloads\revosetup (1).exe 2014-11-09 12:17 - 2014-11-09 12:17 - 00001228 _____ () C:\Users\Optiplex-755\Desktop\Revo Uninstaller.lnk 2014-11-09 12:17 - 2014-11-09 12:17 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-11-09 12:15 - 2014-11-09 12:16 - 10691640 _____ (VS Revo Group ) C:\Users\Optiplex-755\Downloads\RevoUninProSetup.exe 2014-11-09 12:15 - 2014-11-09 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Optiplex-755\Downloads\revosetup.exe 2014-11-09 10:48 - 2014-11-09 13:54 - 01107968 _____ (Farbar) C:\Users\Optiplex-755\Desktop\FRST.exe 2014-11-09 10:32 - 2014-11-09 10:32 - 01107456 _____ (Farbar) C:\Users\Optiplex-755\Downloads\FRST.exe 2014-11-08 18:36 - 2014-11-10 22:40 - 00000000 ____D () C:\FRST 2014-11-08 17:12 - 2014-11-09 23:50 - 00000000 ____D () C:\Users\Powell Family II\Downloads\Crypto Junk DLs 2014-11-08 16:41 - 2014-11-09 23:50 - 00000000 ____D () C:\Users\Powell Family II\Documents\Crypto Junk Docs 2014-11-08 16:17 - 2014-11-08 16:47 - 00000000 ____D () C:\Users\Optiplex-755\Documents\Shadow Ex Files 2014-11-08 16:10 - 2014-11-08 16:10 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\www.shadowexplorer.com 2014-11-08 15:12 - 2014-11-08 15:12 - 00001849 _____ () C:\Users\Optiplex-755\Desktop\ShadowExplorer.lnk 2014-11-08 15:12 - 2014-11-08 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2014-11-08 15:12 - 2014-11-08 15:12 - 00000000 ____D () C:\Program Files\ShadowExplorer 2014-11-07 23:26 - 2014-11-07 23:26 - 00001419 _____ () C:\Users\Optiplex-755\Desktop\Internet Explorer.lnk 2014-11-07 22:18 - 2014-11-08 18:26 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-07 22:18 - 2014-11-07 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-07 22:17 - 2014-11-07 22:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-11-07 22:17 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-07 22:17 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-07 22:14 - 2014-11-07 22:14 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Local\Adobe 2014-11-07 07:59 - 2014-11-07 07:59 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\Malwarebytes 2014-11-06 23:39 - 2014-11-06 23:42 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Local\Avg2014 2014-11-02 22:35 - 2014-11-02 22:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-02 22:35 - 2014-11-02 22:35 - 00001995 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-10-26 22:05 - 2014-10-26 22:05 - 00000000 ____D () C:\Users\Powell Family\AppData\Local\Avg 2014-10-16 06:42 - 2014-10-09 20:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 06:42 - 2014-10-09 20:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 06:42 - 2014-10-09 20:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 06:42 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 06:42 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 06:42 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 06:42 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 06:42 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 06:42 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 06:42 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 06:42 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 06:42 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 06:42 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 06:42 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 06:42 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 06:42 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 06:42 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 06:42 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 06:42 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 06:42 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 06:42 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 06:42 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 06:42 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 06:42 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 06:41 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 06:41 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 06:41 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 06:41 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 06:41 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 06:41 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 06:41 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 06:41 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 06:41 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 06:41 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 06:41 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 06:41 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 06:41 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 06:41 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 06:41 - 2014-08-28 20:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-16 06:41 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 06:41 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 06:41 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 06:41 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 06:41 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 06:41 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 06:41 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 06:41 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-16 06:41 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 06:41 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 06:41 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-10 22:40 - 2011-12-02 23:17 - 01438973 _____ () C:\Windows\WindowsUpdate.log 2014-11-10 22:36 - 2011-12-03 00:05 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-11-10 22:36 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-10 22:21 - 2011-12-02 23:06 - 00009744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-10 22:21 - 2011-12-02 23:06 - 00009744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-10 20:18 - 2011-12-03 17:46 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\Skype 2014-11-10 20:04 - 2013-11-16 08:58 - 00002054 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-10 20:02 - 2011-12-03 10:22 - 00000000 ____D () C:\ProgramData\MFAData 2014-11-10 19:54 - 2013-11-30 10:00 - 00000000 ____D () C:\ProgramData\ProductData 2014-11-10 00:23 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public 2014-11-10 00:13 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini 2014-11-09 23:50 - 2014-07-26 12:02 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-11-09 23:50 - 2014-06-28 22:01 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\Skype 2014-11-09 23:50 - 2014-06-28 22:01 - 00000000 ____D () C:\Users\Powell Family II\AppData\Local\Skype 2014-11-09 23:50 - 2014-06-28 21:47 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\Adobe 2014-11-09 23:50 - 2011-12-03 00:09 - 00000000 ____D () C:\ProgramData\LogiShrd 2014-11-09 23:26 - 2011-12-03 17:46 - 00000000 ____D () C:\ProgramData\Skype 2014-11-09 13:33 - 2011-12-03 10:26 - 00000000 ____D () C:\Program Files\AVG 2014-11-09 13:08 - 2013-11-30 09:59 - 00000000 ____D () C:\Program Files\IObit 2014-11-09 12:49 - 2011-12-03 10:53 - 00000000 ____D () C:\ProgramData\TEMP 2014-11-09 12:45 - 2012-05-15 17:12 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Local\AVG Secure Search 2014-11-09 12:36 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-08 17:22 - 2014-06-28 21:47 - 00000000 ____D () C:\Users\Powell Family II 2014-11-08 16:51 - 2014-08-16 14:17 - 00000000 ____D () C:\Users\Powell Family II\Documents\Resumes 2014-11-08 16:49 - 2014-08-16 14:15 - 00000000 ____D () C:\Users\Powell Family II\Documents\Recipes 2014-11-08 16:48 - 2014-08-16 13:50 - 00000000 ____D () C:\Users\Powell Family II\Documents\Breast Cancer 2014-11-08 16:48 - 2014-07-28 19:54 - 00000000 ____D () C:\Users\Powell Family II\Documents\Outlook Files 2014-11-08 13:37 - 2013-11-30 10:05 - 49053696 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2014-11-08 13:37 - 2013-11-30 10:05 - 30732288 _____ () C:\Windows\system32\config\COMPONENTS.iobit 2014-11-08 13:37 - 2013-11-30 10:05 - 00438272 _____ () C:\Windows\system32\config\DEFAULT.iobit 2014-11-08 13:37 - 2013-11-30 10:05 - 00131072 _____ () C:\Windows\system32\config\SAM.iobit 2014-11-08 13:37 - 2013-11-30 10:05 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2014-11-08 13:37 - 2011-12-03 12:27 - 00000000 ____D () C:\Users\Powell Family 2014-11-08 13:37 - 2011-12-02 23:07 - 00000000 ____D () C:\Users\Optiplex-755 2014-11-08 13:24 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Web 2014-11-07 22:18 - 2013-11-28 11:02 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-07 22:18 - 2011-12-03 15:14 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\Malwarebytes 2014-11-07 22:17 - 2011-12-03 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-07 00:02 - 2013-10-27 11:39 - 00000000 ____D () C:\Windows\Minidump 2014-11-07 00:02 - 2011-12-03 02:03 - 00000000 ____D () C:\Windows\Panther 2014-11-06 23:41 - 2014-09-14 22:55 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\canon 2014-11-04 19:08 - 2010-11-20 16:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 14:30 - 2011-12-02 19:28 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-02 22:35 - 2011-12-03 12:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-11-02 22:35 - 2011-12-03 12:41 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-02 22:35 - 2011-12-03 12:41 - 00000000 ____D () C:\Program Files\Adobe 2014-11-02 22:30 - 2013-11-30 10:10 - 49053696 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-11-02 22:30 - 2013-11-30 10:10 - 00438272 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-11-02 22:30 - 2013-11-30 10:10 - 00131072 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2014-11-02 22:30 - 2013-11-30 10:10 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-10-27 08:46 - 2013-09-24 18:27 - 00000000 ____D () C:\ProgramData\AVG2014 2014-10-27 08:40 - 2013-07-19 18:44 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-26 10:02 - 2013-07-19 18:44 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-16 23:12 - 2014-08-16 15:30 - 00000000 ____D () C:\Windows\rescache 2014-10-16 22:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-16 22:32 - 2009-07-13 23:33 - 00409784 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 22:28 - 2014-04-25 19:32 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 21:51 - 2011-12-03 11:39 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 21:49 - 2013-07-24 17:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 21:40 - 2011-12-02 23:34 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Optiplex-755\AppData\Local\temp\Quarantine.exe C:\Users\Optiplex-755\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-11-30 00:54 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01 Ran by Optiplex-755 at 2014-11-10 22:41:55 Running from C:\Users\Optiplex-755\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies) AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden CameraHelperMsi (Version: 13.50.854.0 - Logitech) Hidden Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.) Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.) Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.3.2.15 - Canon Inc.) Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.) Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.) Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.) Canon MX920 series User Registration (HKLM\...\Canon MX920 series User Registration) (Version: - ‭Canon Inc.) Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.) Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.) Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.) Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.3.0.4 - Canon Inc.) Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.4.1.10 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.0.0.19 - Canon Inc.) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.4.0.7 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.) erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - ) Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Store Download Manager (HKLM\...\{797511D8-6C88-4605-B278-552756A3D4C3}) (Version: 2.8.4431.2 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-11-2014 02:39:10 Revo Uninstaller's restore point - Skype Click to Call 10-11-2014 02:39:26 Removed Skype Click to Call 10-11-2014 02:41:54 Revo Uninstaller's restore point - Skype™ 6.20 10-11-2014 02:42:22 Removed Skype™ 6.20 10-11-2014 03:49:55 Revo Uninstaller's restore point - Skype™ 6.22 10-11-2014 03:50:10 Removed Skype™ 6.22 10-11-2014 03:58:39 Revo Uninstaller's restore point - Skype Click to Call 10-11-2014 03:58:54 Removed Skype Click to Call ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2014-11-10 00:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B3EACAF-9BEF-4A0C-8FE4-4C6E73380CEA} - System32\Tasks\ASC7_SkipUac_Optiplex-755 => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs Task: {20A860ED-5344-4355-AF74-B4C575A695DF} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs Task: {6FD72E88-31BB-4581-A443-6732E0B23BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks Task: {7922F376-6980-40A9-85F6-BEABD720A683} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.) Task: {AE032004-644F-4087-B3C0-FF6D73E50F11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.) Task: {E4F7C07C-6744-4675-BBAA-3EFF381A94AD} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {F0DA9B2D-ADEF-4829-A691-79ABDD85F2DA} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe Task: {F99D01A1-7F39-44CD-8ECE-F50DC5A70F78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2012-07-23 14:10 - 2012-07-23 14:10 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59143727.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59143727.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3393986835-1049654633-373516032-500 - Administrator - Disabled) Guest (S-1-5-21-3393986835-1049654633-373516032-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3393986835-1049654633-373516032-1005 - Limited - Enabled) Optiplex-755 (S-1-5-21-3393986835-1049654633-373516032-1001 - Administrator - Enabled) => C:\Users\Optiplex-755 Powell Family II (S-1-5-21-3393986835-1049654633-373516032-1006 - Limited - Enabled) => C:\Users\Powell Family II ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/10/2014 10:37:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/10/2014 10:38:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/10/2014 10:38:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). Error: (11/10/2014 10:36:28 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error: (11/10/2014 10:36:28 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Microsoft Office Sessions: ========================= Error: (11/10/2014 10:37:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-04-26 02:53:26.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:53:26.301 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:53:26.221 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:46.815 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:46.735 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:46.665 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:43.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:43.261 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:43.181 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-25 22:29:57.861 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 57% Total physical RAM: 2004.61 MB Available physical RAM: 857.78 MB Total Pagefile: 4009.22 MB Available Pagefile: 2867.29 MB Total Virtual: 2047.88 MB Available Virtual: 1907.28 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:60.83 GB) (Free:24.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:9.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 4ED5115E) Partition 1: (Active) - (Size=60.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thank you very much for your assistance!!
  10. Hi Adam, Here's the latest batch of logs! Thanks for your assistance! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01 Ran by Optiplex-755 at 2014-11-09 23:50:30 Run:2 Running from C:\Users\Optiplex-755\Desktop Loaded Profiles: Optiplex-755 & Powell Family II (Available profiles: Optiplex-755 & Powell Family II) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Powell Family II\Pictures\Crypto Junk Pix\INSTALL_TOR.URL C:\Users\Powell Family II\Downloads\Crypto Junk DLs\INSTALL_TOR.URL C:\Users\Powell Family II\Documents\Crypto Junk Docs\INSTALL_TOR.URL C:\Users\Powell Family II\Documents\Crypto Junk Docs\Breast Cancer\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Adobe\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Skype\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Skype\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Skype\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Skype\Apps\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Skype\Apps\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Skype\Apps\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\INSTALL_TOR.URL C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.HTML C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.TXT C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\INSTALL_TOR.URL C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT C:\Users\All Users\Microsoft\RAC\PublishedData\INSTALL_TOR.URL C:\Users\All Users\LogiShrd\DECRYPT_INSTRUCTION.HTML C:\Users\All Users\LogiShrd\DECRYPT_INSTRUCTION.TXT C:\Users\All Users\LogiShrd\INSTALL_TOR.URL C:\Users\All Users\LogiShrd\Updater\DECRYPT_INSTRUCTION.HTML C:\Users\All Users\LogiShrd\Updater\DECRYPT_INSTRUCTION.TXT C:\Users\All Users\LogiShrd\Updater\INSTALL_TOR.URL C:\Users\All Users\CanonBJ\DECRYPT_INSTRUCTION.HTML C:\Users\All Users\CanonBJ\DECRYPT_INSTRUCTION.TXT C:\Users\All Users\CanonBJ\INSTALL_TOR.URL C:\Users\All Users\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.HTML C:\Users\All Users\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.TXT C:\Users\All Users\CanonBJ\IJPrinter\INSTALL_TOR.URL C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.HTML C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.TXT C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\INSTALL_TOR.URL C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.HTML C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.TXT C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\INSTALL_TOR.URL C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT C:\ProgramData\Microsoft\RAC\PublishedData\INSTALL_TOR.URL C:\ProgramData\LogiShrd\DECRYPT_INSTRUCTION.HTML C:\ProgramData\LogiShrd\DECRYPT_INSTRUCTION.TXT C:\ProgramData\LogiShrd\INSTALL_TOR.URL C:\ProgramData\LogiShrd\Updater\DECRYPT_INSTRUCTION.HTML C:\ProgramData\LogiShrd\Updater\DECRYPT_INSTRUCTION.TXT C:\ProgramData\LogiShrd\Updater\INSTALL_TOR.URL C:\ProgramData\CanonBJ\DECRYPT_INSTRUCTION.HTML C:\ProgramData\CanonBJ\DECRYPT_INSTRUCTION.TXT C:\ProgramData\CanonBJ\INSTALL_TOR.URL C:\ProgramData\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.HTML C:\ProgramData\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.TXT C:\ProgramData\CanonBJ\IJPrinter\INSTALL_TOR.URL C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.HTML C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.TXT C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\INSTALL_TOR.URL C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.HTML C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.TXT C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\INSTALL_TOR.URL ***************** C:\Users\Powell Family II\Pictures\Crypto Junk Pix\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\Downloads\Crypto Junk DLs\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\Documents\Crypto Junk Docs\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\Documents\Crypto Junk Docs\Breast Cancer\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Skype\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Skype\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Skype\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Skype\Apps\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Skype\Apps\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Skype\Apps\INSTALL_TOR.URL => Moved successfully. "C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\INSTALL_TOR.URL" => File/Directory not found. "C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\INSTALL_TOR.URL" => File/Directory not found. C:\Users\Powell Family II\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\INSTALL_TOR.URL => Moved successfully. C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\All Users\Microsoft\RAC\PublishedData\INSTALL_TOR.URL => Moved successfully. C:\Users\All Users\LogiShrd\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\All Users\LogiShrd\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\All Users\LogiShrd\INSTALL_TOR.URL => Moved successfully. C:\Users\All Users\LogiShrd\Updater\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\All Users\LogiShrd\Updater\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\All Users\LogiShrd\Updater\INSTALL_TOR.URL => Moved successfully. C:\Users\All Users\CanonBJ\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\All Users\CanonBJ\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\All Users\CanonBJ\INSTALL_TOR.URL => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\INSTALL_TOR.URL => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\INSTALL_TOR.URL => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\INSTALL_TOR.URL => Moved successfully. "C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\ProgramData\Microsoft\RAC\PublishedData\INSTALL_TOR.URL" => File/Directory not found. "C:\ProgramData\LogiShrd\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\ProgramData\LogiShrd\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\ProgramData\LogiShrd\INSTALL_TOR.URL" => File/Directory not found. "C:\ProgramData\LogiShrd\Updater\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\ProgramData\LogiShrd\Updater\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\ProgramData\LogiShrd\Updater\INSTALL_TOR.URL" => File/Directory not found. "C:\ProgramData\CanonBJ\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\ProgramData\CanonBJ\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\ProgramData\CanonBJ\INSTALL_TOR.URL" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\INSTALL_TOR.URL" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\INSTALL_TOR.URL" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.HTML" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.TXT" => File/Directory not found. "C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\INSTALL_TOR.URL" => File/Directory not found. ==== End of Fixlog ==== ComboFix 14-11-09.02 - Optiplex-755 11/10/2014 0:01.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2005.1012 [GMT -5:00] Running from: c:\users\Optiplex-755\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Powell Family\AppData\Roaming\SearchProtect c:\users\Powell Family\AppData\Roaming\SearchProtect\bin\msvcp100.dll c:\users\Powell Family\AppData\Roaming\SearchProtect\bin\msvcr100.dll c:\users\Powell Family\AppData\Roaming\SearchProtect\bin\rep.dat c:\windows\system32\Cache c:\windows\system32\Cache\051be9e3673fac4c.fb c:\windows\system32\Cache\26c630d098e22dd5.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\60b5e785a3573631.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\68251047e87f0bdd.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\88a23e12c4c3741c.fb c:\windows\system32\Cache\95f567698be8a182.fb c:\windows\system32\Cache\987a770dd5a5782e.fb c:\windows\system32\Cache\a1629b1327a005a9.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\b9a16045a100e7c9.fb c:\windows\system32\Cache\be1cd88e7c38d557.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d3c066eab287009b.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e486931eec860593.fb c:\windows\system32\Cache\f7551cc4f8c9ad4f.fb c:\windows\system32\Cache\f998975c9cc711ee.fb D:\setup.exe . . ((((((((((((((((((((((((( Files Created from 2014-10-10 to 2014-11-10 ))))))))))))))))))))))))))))))) . . 2014-11-10 05:09 . 2014-11-10 05:13 -------- d-----w- c:\users\Optiplex-755\AppData\Local\temp 2014-11-10 04:25 . 2014-11-10 04:26 -------- d-----r- c:\program files\Skype 2014-11-10 04:25 . 2014-11-10 04:25 -------- d-----w- c:\program files\Common Files\Skype 2014-11-09 18:43 . 2014-11-09 18:43 -------- d-----w- c:\users\Powell Family II\AppData\Roaming\AVG2015 2014-11-09 18:42 . 2014-11-09 18:42 -------- d-----w- c:\users\Powell Family II\AppData\Local\Avg2015 2014-11-09 18:35 . 2014-11-09 18:35 -------- d-----w- c:\users\Optiplex-755\AppData\Roaming\AVG2015 2014-11-09 18:34 . 2014-11-09 18:34 -------- d-----w- C:\$AVG 2014-11-09 18:34 . 2014-11-09 18:35 -------- d-----w- c:\programdata\AVG2015 2014-11-09 18:30 . 2014-11-09 18:35 -------- d-----w- c:\users\Optiplex-755\AppData\Local\Avg2015 2014-11-09 17:17 . 2014-11-09 17:17 -------- d-----w- c:\program files\VS Revo Group 2014-11-08 23:36 . 2014-11-10 04:50 -------- d-----w- C:\FRST 2014-11-08 21:10 . 2014-11-08 21:10 -------- d-----w- c:\users\Optiplex-755\AppData\Roaming\www.shadowexplorer.com 2014-11-08 20:12 . 2014-11-08 20:12 -------- d-----w- c:\program files\ShadowExplorer 2014-11-08 03:18 . 2014-11-08 23:26 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-08 03:17 . 2014-11-08 03:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-11-08 03:17 . 2014-10-01 16:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-08 03:17 . 2014-10-01 16:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-08 03:14 . 2014-11-08 03:14 -------- d-----w- c:\users\Optiplex-755\AppData\Local\Adobe 2014-11-07 12:59 . 2014-11-07 12:59 -------- d-----w- c:\users\Powell Family II\AppData\Roaming\Malwarebytes 2014-11-07 04:39 . 2014-11-07 04:42 -------- d-----w- c:\users\Optiplex-755\AppData\Local\Avg2014 2014-10-27 03:05 . 2014-10-27 03:05 -------- d-----w- c:\users\Powell Family\AppData\Local\Avg 2014-10-27 03:04 . 2014-10-27 03:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2015 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-04 19:30 . 2011-12-03 00:28 229000 ------w- c:\windows\system32\MpSigStub.exe 2014-10-20 07:37 . 2014-11-09 18:21 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D397C2B8-09CB-4B01-92D8-4B1B53E37963}\mpengine.dll 2014-10-10 20:13 . 2014-10-10 20:13 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2014-10-08 02:39 . 2014-10-08 02:39 213272 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2014-10-06 02:42 . 2014-10-06 02:42 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2014-10-01 16:11 . 2011-12-03 20:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-09-29 00:41 . 2014-10-16 11:42 2379264 ----a-w- c:\windows\system32\win32k.sys 2014-09-25 01:40 . 2014-10-01 10:25 519680 ----a-w- c:\windows\system32\qdvd.dll 2014-09-19 01:02 . 2014-10-16 11:42 454656 ----a-w- c:\windows\system32\vbscript.dll 2014-09-18 23:59 . 2014-10-16 11:42 1810944 ----a-w- c:\windows\system32\wininet.dll 2014-09-12 03:10 . 2014-09-12 03:10 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2014-09-09 21:47 . 2014-09-24 12:25 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-04 05:04 . 2014-10-16 11:42 372736 ----a-w- c:\windows\system32\rastls.dll 2014-08-29 02:43 . 2014-08-29 02:43 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2014-08-29 01:44 . 2014-10-16 11:41 2744320 ----a-w- c:\windows\system32\rdpcorets.dll 2014-08-23 01:46 . 2014-08-28 11:53 305152 ----a-w- c:\windows\system32\gdi32.dll 2014-08-19 03:24 . 2012-12-30 00:07 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-08-19 03:24 . 2011-12-03 20:59 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-07-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1282048] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120] "IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-08-31 452272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176] "AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-10-17 3649040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) . R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-08-19 2282272] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-03 1343400] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-19 147736] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-19 27416] S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-19 121624] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-08 213272] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-19 21272] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-29 192792] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-11 42784] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-10-17 3487248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-10-17 298080] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520] S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2013-01-02 9216] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2010-02-12 844064] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-10-26 19:59 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 03:24] . 2014-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-19 14:53] . 2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-19 14:53] . . ------- Supplementary Scan ------- . uStart Page = www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2015\avgrsx.exe c:\program files\AVG\AVG2015\avgcsrvx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\AVG\AVG2015\avgnsx.exe c:\program files\AVG\AVG2015\avgemcx.exe c:\windows\system32\conhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2014-11-10 00:23:41 - machine was rebooted ComboFix-quarantined-files.txt 2014-11-10 05:23 . Pre-Run: 26,451,509,248 bytes free Post-Run: 26,300,346,368 bytes free . - - End Of File - - F0FCEEA4DC7F42259AEFA9E82A8E130F A36C5E4F47E84449FF07ED3517B43A31
  11. Hi Adam, Sorry about that error, below is the correct fixlog and search log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01 Ran by Optiplex-755 at 2014-11-09 17:38:53 Run:1 Running from C:\Users\Optiplex-755\Desktop Loaded Profiles: Optiplex-755 & Powell Family II (Available profiles: Optiplex-755 & Powell Family II) Boot Mode: Normal ============================================== Content of fixlist: ***************** start (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe C:\Program Files\Common Files\AVG Secure Search () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe () C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG Secure Search HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] () HKU\S-1-5-21-3393986835-1049654633-373516032-1006\...\MountPoints2: {47913432-105a-11e1-8825-806e6f6e6963} - E:\Msetup4.exe HKU\S-1-5-21-3393986835-1049654633-373516032-1006\...A8F59079A8D5}\localserver32: <==== ATTENTION! HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKCU - DefaultScope {9B3D06D6-81AA-408B-A46A-C31DB5E96325} URL = http://search.yahoo....p={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FD879735-68F4-48A6-894B-986AB5EB957E}&mid=9025a88113de47d1a592d1578f9941a1-df84535dbddfde4ffb119021a118fb6f04c79fd7〈=en&ds=AVG&pr=fr&d=2012-05-15 18:12:03&v=17.2.0.38&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9B3D06D6-81AA-408B-A46A-C31DB5E96325} URL = http://search.yahoo....p={searchTerms} SearchScopes: HKCU - {BB9E0E3C-BAE6-4994-AF76-9C03503C3AEA} URL = BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) Handler: linkscanner - No CLSID Value - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) C:\ProgramData\AVG Secure Search FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies) CHR Extension: (AVG Secure Search) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-11-16] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-12-18] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28] CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-30] R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search) S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll",ServiceMain c:\progra~1\optimi~1 2014-11-06 20:39 - 2014-11-06 20:39 - 00008562 _____ () C:\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:39 - 2014-11-06 20:39 - 00008562 _____ () C:\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:39 - 2014-11-06 20:39 - 00004224 _____ () C:\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:39 - 2014-11-06 20:39 - 00004224 _____ () C:\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:39 - 2014-11-06 20:39 - 00000276 _____ () C:\Users\Powell Family II\AppData\Roaming\INSTALL_TOR.URL 2014-11-06 20:39 - 2014-11-06 20:39 - 00000276 _____ () C:\Users\Powell Family II\AppData\INSTALL_TOR.URL 2014-11-06 20:37 - 2014-11-06 20:37 - 00008562 _____ () C:\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:37 - 2014-11-06 20:37 - 00004224 _____ () C:\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:37 - 2014-11-06 20:37 - 00000276 _____ () C:\Users\Powell Family II\AppData\Local\INSTALL_TOR.URL 2014-11-06 20:36 - 2014-11-06 20:36 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:36 - 2014-11-06 20:36 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:36 - 2014-11-06 20:36 - 00000276 _____ () C:\ProgramData\INSTALL_TOR.URL 2014-11-06 20:31 - 2014-11-06 23:24 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\FrameworkUpdate7 2014-11-06 20:30 - 2014-11-06 20:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-06 20:36 - 2014-06-28 21:49 - 00000000 ____D () C:\Users\Powell Family II\AppData\Local\AVG Secure Search C:\Users\Powell Family\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aih.exe C:\Users\Powell Family\AppData\Local\Temp\SkypeSetup.exe C:\Users\Powell Family II\AppData\Local\Temp\MSETUP4.EXE C:\Users\Powell Family II\AppData\Local\Temp\SkypeSetup.exe Task: {02059004-F081-4B93-A4E7-59101FDC15B7} - \MySearchDial No Task File <==== ATTENTION Task: {25BE83B3-801D-4CDB-B06A-DA393560E281} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E27C3F57-D416-45C1-AEEE-DD6CC3BDBFCF}.exe Task: {6E535508-F9A5-4D00-92DC-D0F13684BFC0} - System32\Tasks\Digital Sites => C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1 Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E27C3F57-D416-45C1-AEEE-DD6CC3BDBFCF}.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 AlternateDataStreams: C:\ProgramData\TEMP:373E1720 CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: end ***************** [1996] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => Process closed successfully. C:\Program Files\Common Files\AVG Secure Search => Moved successfully. [312] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => Process closed successfully. C:\Program Files\AVG Secure Search\vprot.exe => No running process found C:\Program Files\AVG Secure Search => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully. "HKU\S-1-5-21-3393986835-1049654633-373516032-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47913432-105a-11e1-8825-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{47913432-105a-11e1-8825-806e6f6e6963}" => Key not found. "HKU\S-1-5-21-3393986835-1049654633-373516032-1006\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-3393986835-1049654633-373516032-1006\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. "HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B3D06D6-81AA-408B-A46A-C31DB5E96325}" => Key deleted successfully. "HKCR\CLSID\{9B3D06D6-81AA-408B-A46A-C31DB5E96325}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB9E0E3C-BAE6-4994-AF76-9C03503C3AEA}" => Key deleted successfully. "HKCR\CLSID\{BB9E0E3C-BAE6-4994-AF76-9C03503C3AEA}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully. "HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key not found. "HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully. "HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. "HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key not found. "HKCR\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully. "HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. "HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully. "HKCR\PROTOCOLS\Handler\viprotocol" => Key deleted successfully. "HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully. C:\ProgramData\AVG Secure Search => Moved successfully. "HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully. C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll not found. C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof directory not found. C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd directory not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully. "C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx" => File/Directory not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd" => Key deleted successfully. "C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx" => File/Directory not found. vToolbarUpdater18.1.9 => Service deleted successfully. ca82e1a5 => Service deleted successfully. "c:\progra~1\optimi~1" => File/Directory not found. C:\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\Users\Powell Family II\AppData\Local\INSTALL_TOR.URL => Moved successfully. C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully. C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully. C:\ProgramData\INSTALL_TOR.URL => Moved successfully. C:\Users\Powell Family II\AppData\Roaming\FrameworkUpdate7 => Moved successfully. C:\ProgramData\Windows Genuine Advantage => Moved successfully. C:\Users\Powell Family II\AppData\Local\AVG Secure Search => Moved successfully. C:\Users\Powell Family\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aih.exe => Moved successfully. C:\Users\Powell Family\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Powell Family II\AppData\Local\Temp\MSETUP4.EXE => Moved successfully. C:\Users\Powell Family II\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02059004-F081-4B93-A4E7-59101FDC15B7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02059004-F081-4B93-A4E7-59101FDC15B7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25BE83B3-801D-4CDB-B06A-DA393560E281}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25BE83B3-801D-4CDB-B06A-DA393560E281}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E535508-F9A5-4D00-92DC-D0F13684BFC0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E535508-F9A5-4D00-92DC-D0F13684BFC0}" => Key deleted successfully. C:\Windows\System32\Tasks\Digital Sites => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully. C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1 => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. C:\Windows\Tasks\Digital Sites.job => Moved successfully. C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK! Reseting Interface, OK! Reseting Route, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= EmptyTemp: => Removed 6.3 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01 Ran by Optiplex-755 at 2014-11-09 18:20:58 Running from C:\Users\Optiplex-755\Desktop Boot Mode: Normal ================== Search: "DECRYPT_INSTRUCTION.*;INSTALL_TOR.*" =================== C:\Users\Powell Family II\Pictures\Crypto Junk Pix\INSTALL_TOR.URL [2014-11-06 20:46][2014-11-06 20:46] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\Downloads\Crypto Junk DLs\INSTALL_TOR.URL [2014-11-06 20:46][2014-11-06 20:46] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\Documents\Crypto Junk Docs\INSTALL_TOR.URL [2014-11-06 20:43][2014-11-06 20:43] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\Documents\Crypto Junk Docs\Breast Cancer\INSTALL_TOR.URL [2014-11-08 16:44][2014-11-06 20:41] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\shared_httpfe\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\shared_dynco\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\qikdb\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\storage_db\asyncdb\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Skype\liz.powell911\media_messaging\media_cache\asyncdb\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\INSTALL_TOR.URL [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:38][2014-11-06 20:38] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:38][2014-11-06 20:38] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Adobe\INSTALL_TOR.URL [2014-11-06 20:38][2014-11-06 20:38] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:38][2014-11-06 20:38] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:38][2014-11-06 20:38] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\INSTALL_TOR.URL [2014-11-06 20:38][2014-11-06 20:38] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:38][2014-11-06 20:38] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:38][2014-11-06 20:38] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\INSTALL_TOR.URL [2014-11-06 20:38][2014-11-06 20:38] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:38][2014-11-06 20:38] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:38][2014-11-06 20:38] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Roaming\Adobe\Flash Player\AssetCache\2LZSBDPW\INSTALL_TOR.URL [2014-11-06 20:38][2014-11-06 20:38] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Skype\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Skype\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Skype\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Skype\Apps\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Skype\Apps\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Skype\Apps\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Skype\Apps\login\images\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Media\12.0\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Stationery\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Windows Mail\Backup\new\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Outlook\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Internet Explorer\INSTALL_TOR.URL [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\Powell Family II\AppData\Local\Microsoft\Device Metadata\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\All Users\Microsoft\RAC\PublishedData\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\All Users\LogiShrd\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\All Users\LogiShrd\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\All Users\LogiShrd\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\All Users\LogiShrd\Updater\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\All Users\LogiShrd\Updater\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\All Users\LogiShrd\Updater\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\All Users\CanonBJ\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:35][2014-11-06 20:35] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\All Users\CanonBJ\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:35][2014-11-06 20:35] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\All Users\CanonBJ\INSTALL_TOR.URL [2014-11-06 20:35][2014-11-06 20:35] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\All Users\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:35][2014-11-06 20:35] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\All Users\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:35][2014-11-06 20:35] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\All Users\CanonBJ\IJPrinter\INSTALL_TOR.URL [2014-11-06 20:35][2014-11-06 20:35] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:35][2014-11-06 20:35] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:35][2014-11-06 20:35] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\INSTALL_TOR.URL [2014-11-06 20:35][2014-11-06 20:35] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:35][2014-11-06 20:35] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:35][2014-11-06 20:35] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\INSTALL_TOR.URL [2014-11-06 20:35][2014-11-06 20:35] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\ProgramData\Microsoft\RAC\PublishedData\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\ProgramData\LogiShrd\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\ProgramData\LogiShrd\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\ProgramData\LogiShrd\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\ProgramData\LogiShrd\Updater\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\ProgramData\LogiShrd\Updater\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\ProgramData\LogiShrd\Updater\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\ProgramData\CanonBJ\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:35][2014-11-06 20:35] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\ProgramData\CanonBJ\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:35][2014-11-06 20:35] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\ProgramData\CanonBJ\INSTALL_TOR.URL [2014-11-06 20:35][2014-11-06 20:35] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\ProgramData\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:35][2014-11-06 20:35] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\ProgramData\CanonBJ\IJPrinter\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:35][2014-11-06 20:35] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\ProgramData\CanonBJ\IJPrinter\INSTALL_TOR.URL [2014-11-06 20:35][2014-11-06 20:35] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:35][2014-11-06 20:35] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:35][2014-11-06 20:35] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\INSTALL_TOR.URL [2014-11-06 20:35][2014-11-06 20:35] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:35][2014-11-06 20:35] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:35][2014-11-06 20:35] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MX920 series Printer\INSTALL_TOR.URL [2014-11-06 20:35][2014-11-06 20:35] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.HTML.xBAD [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.TXT.xBAD [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\INSTALL_TOR.URL.xBAD [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.HTML.xBAD [2014-11-06 20:39][2014-11-06 20:39] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.TXT.xBAD [2014-11-06 20:39][2014-11-06 20:39] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Roaming\INSTALL_TOR.URL.xBAD [2014-11-06 20:39][2014-11-06 20:39] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.HTML.xBAD [2014-11-06 20:37][2014-11-06 20:37] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.TXT.xBAD [2014-11-06 20:37][2014-11-06 20:37] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\INSTALL_TOR.URL.xBAD [2014-11-06 20:37][2014-11-06 20:37] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\SiteSafety\DECRYPT_INSTRUCTION.HTML [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\SiteSafety\DECRYPT_INSTRUCTION.TXT [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\FRST\Quarantine\C\Users\Powell Family II\AppData\Local\AVG Secure Search\SiteSafety\INSTALL_TOR.URL [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.HTML.xBAD [2014-11-06 20:36][2014-11-06 20:36] 0008562 ____A () 2D51D43E500D16328ADC9FE0A3E983E6 C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.TXT.xBAD [2014-11-06 20:36][2014-11-06 20:36] 0004224 ____A () 5D4296F9F1371682812FD8284691DF82 C:\FRST\Quarantine\C\ProgramData\INSTALL_TOR.URL.xBAD [2014-11-06 20:36][2014-11-06 20:36] 0000276 ____A () C5BF81FD9F4F9612B47A84C7D5146DF0 === End Of Search ===
  12. Hi Adam, I uninstalled the requested programs successfully, ran fixlist, and below is the fixlist log you requested. The file search log is not done yet, but I have to do something else for a couple hours. I'll send it when I get done. Thanks! start (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe C:\Program Files\Common Files\AVG Secure Search () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe () C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG Secure Search HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] () HKU\S-1-5-21-3393986835-1049654633-373516032-1006\...\MountPoints2: {47913432-105a-11e1-8825-806e6f6e6963} - E:\Msetup4.exe HKU\S-1-5-21-3393986835-1049654633-373516032-1006\...A8F59079A8D5}\localserver32: <==== ATTENTION! HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKCU - DefaultScope {9B3D06D6-81AA-408B-A46A-C31DB5E96325} URL = http://search.yahoo....p={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FD879735-68F4-48A6-894B-986AB5EB957E}&mid=9025a88113de47d1a592d1578f9941a1-df84535dbddfde4ffb119021a118fb6f04c79fd7〈=en&ds=AVG&pr=fr&d=2012-05-15 18:12:03&v=17.2.0.38&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9B3D06D6-81AA-408B-A46A-C31DB5E96325} URL = http://search.yahoo....p={searchTerms} SearchScopes: HKCU - {BB9E0E3C-BAE6-4994-AF76-9C03503C3AEA} URL = BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) Handler: linkscanner - No CLSID Value - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) C:\ProgramData\AVG Secure Search FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies) CHR Extension: (AVG Secure Search) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-11-16] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-12-18] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28] CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-30] R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search) S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll",ServiceMain c:\progra~1\optimi~1 2014-11-06 20:39 - 2014-11-06 20:39 - 00008562 _____ () C:\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:39 - 2014-11-06 20:39 - 00008562 _____ () C:\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:39 - 2014-11-06 20:39 - 00004224 _____ () C:\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:39 - 2014-11-06 20:39 - 00004224 _____ () C:\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:39 - 2014-11-06 20:39 - 00000276 _____ () C:\Users\Powell Family II\AppData\Roaming\INSTALL_TOR.URL 2014-11-06 20:39 - 2014-11-06 20:39 - 00000276 _____ () C:\Users\Powell Family II\AppData\INSTALL_TOR.URL 2014-11-06 20:37 - 2014-11-06 20:37 - 00008562 _____ () C:\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:37 - 2014-11-06 20:37 - 00004224 _____ () C:\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:37 - 2014-11-06 20:37 - 00000276 _____ () C:\Users\Powell Family II\AppData\Local\INSTALL_TOR.URL 2014-11-06 20:36 - 2014-11-06 20:36 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:36 - 2014-11-06 20:36 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:36 - 2014-11-06 20:36 - 00000276 _____ () C:\ProgramData\INSTALL_TOR.URL 2014-11-06 20:31 - 2014-11-06 23:24 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\FrameworkUpdate7 2014-11-06 20:30 - 2014-11-06 20:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-06 20:36 - 2014-06-28 21:49 - 00000000 ____D () C:\Users\Powell Family II\AppData\Local\AVG Secure Search C:\Users\Powell Family\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aih.exe C:\Users\Powell Family\AppData\Local\Temp\SkypeSetup.exe C:\Users\Powell Family II\AppData\Local\Temp\MSETUP4.EXE C:\Users\Powell Family II\AppData\Local\Temp\SkypeSetup.exe Task: {02059004-F081-4B93-A4E7-59101FDC15B7} - \MySearchDial No Task File <==== ATTENTION Task: {25BE83B3-801D-4CDB-B06A-DA393560E281} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E27C3F57-D416-45C1-AEEE-DD6CC3BDBFCF}.exe Task: {6E535508-F9A5-4D00-92DC-D0F13684BFC0} - System32\Tasks\Digital Sites => C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1 Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E27C3F57-D416-45C1-AEEE-DD6CC3BDBFCF}.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 AlternateDataStreams: C:\ProgramData\TEMP:373E1720 CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: end
  13. Hi Adam, AdvancedSystemCare 7 and SpyHunter 4 are software that I've bought. Is it important that I uninstall them? The others are either free or old purchases that I'm OK with uninstalling.
  14. OK, switched to Chrome now. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 Ran by Optiplex-755 (administrator) on OPTIPLEX-755 on 09-11-2014 11:05:35 Running from C:\Users\Optiplex-755\Desktop Loaded Profiles: Optiplex-755 & Powell Family II (Available profiles: Optiplex-755 & Powell Family II) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe () C:\Program Files\AVG Secure Search\vprot.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.) HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] () HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.) HKLM\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKU\S-1-5-21-3393986835-1049654633-373516032-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-19] (Google Inc.) HKU\S-1-5-21-3393986835-1049654633-373516032-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit) HKU\S-1-5-21-3393986835-1049654633-373516032-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-3393986835-1049654633-373516032-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-19] (Google Inc.) HKU\S-1-5-21-3393986835-1049654633-373516032-1006\...\MountPoints2: {47913432-105a-11e1-8825-806e6f6e6963} - E:\Msetup4.exe HKU\S-1-5-21-3393986835-1049654633-373516032-1006\...A8F59079A8D5}\localserver32: <==== ATTENTION! ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKCU - DefaultScope {9B3D06D6-81AA-408B-A46A-C31DB5E96325} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FD879735-68F4-48A6-894B-986AB5EB957E}&mid=9025a88113de47d1a592d1578f9941a1-df84535dbddfde4ffb119021a118fb6f04c79fd7〈=en&ds=AVG&pr=fr&d=2012-05-15 18:12:03&v=17.2.0.38&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9B3D06D6-81AA-408B-A46A-C31DB5E96325} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} SearchScopes: HKCU - {BB9E0E3C-BAE6-4994-AF76-9C03503C3AEA} URL = BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: linkscanner - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-02] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-16] CHR Extension: (Google Drive) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-16] CHR Extension: (YouTube) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-16] CHR Extension: (Google Search) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-16] CHR Extension: (AVG Secure Search) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-11-16] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-12-18] CHR Extension: (Google Wallet) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16] CHR Extension: (Gmail) - C:\Users\Optiplex-755\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-16] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28] CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-30] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit) S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit) R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2014-11-07] (Enigma Software Group USA, LLC.) R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search) S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll",ServiceMain S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [204056 2014-07-24] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies) R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2014-11-07] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2014-11-07] () R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [844064 2010-02-12] (Ralink Technology Corp.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 11:05 - 2014-11-09 11:06 - 00018010 _____ () C:\Users\Optiplex-755\Desktop\FRST.txt 2014-11-09 10:48 - 2014-11-09 10:48 - 01107456 _____ (Farbar) C:\Users\Optiplex-755\Desktop\FRST.exe 2014-11-09 10:32 - 2014-11-09 10:32 - 01107456 _____ (Farbar) C:\Users\Optiplex-755\Downloads\FRST.exe 2014-11-08 18:36 - 2014-11-09 11:05 - 00000000 ____D () C:\FRST 2014-11-08 17:12 - 2014-11-08 17:27 - 00000000 ____D () C:\Users\Powell Family II\Downloads\Crypto Junk DLs 2014-11-08 17:11 - 2014-11-08 17:12 - 00000000 ____D () C:\Users\Powell Family II\Desktop\Crypto Junk DT 2014-11-08 16:41 - 2014-11-08 17:35 - 00000000 ____D () C:\Users\Powell Family II\Documents\Crypto Junk Docs 2014-11-08 16:17 - 2014-11-08 16:47 - 00000000 ____D () C:\Users\Optiplex-755\Documents\Shadow Ex Files 2014-11-08 16:10 - 2014-11-08 16:10 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\www.shadowexplorer.com 2014-11-08 15:12 - 2014-11-08 15:12 - 00001849 _____ () C:\Users\Optiplex-755\Desktop\ShadowExplorer.lnk 2014-11-08 15:12 - 2014-11-08 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2014-11-08 15:12 - 2014-11-08 15:12 - 00000000 ____D () C:\Program Files\ShadowExplorer 2014-11-08 12:46 - 2014-11-08 12:46 - 00000000 ____D () C:\Program Files\ESET 2014-11-07 23:30 - 2014-11-07 23:30 - 00001246 _____ () C:\Users\Optiplex-755\Desktop\SpyHunter.lnk 2014-11-07 23:30 - 2014-11-07 23:30 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-11-07 23:30 - 2014-11-07 23:30 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\Enigma Software Group 2014-11-07 23:30 - 2014-11-07 23:30 - 00000000 ____D () C:\sh4ldr 2014-11-07 23:29 - 2014-11-07 23:29 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2014-11-07 23:29 - 2014-11-07 23:29 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-11-07 23:26 - 2014-11-07 23:26 - 00001419 _____ () C:\Users\Optiplex-755\Desktop\Internet Explorer.lnk 2014-11-07 22:18 - 2014-11-08 18:26 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-07 22:18 - 2014-11-07 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-07 22:17 - 2014-11-07 22:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-11-07 22:17 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-07 22:17 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-07 22:14 - 2014-11-07 22:14 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Local\Adobe 2014-11-07 07:59 - 2014-11-07 07:59 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\Malwarebytes 2014-11-06 23:39 - 2014-11-06 23:42 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Local\Avg2014 2014-11-06 20:39 - 2014-11-06 20:39 - 00008562 _____ () C:\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:39 - 2014-11-06 20:39 - 00008562 _____ () C:\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:39 - 2014-11-06 20:39 - 00004224 _____ () C:\Users\Powell Family II\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:39 - 2014-11-06 20:39 - 00004224 _____ () C:\Users\Powell Family II\AppData\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:39 - 2014-11-06 20:39 - 00000276 _____ () C:\Users\Powell Family II\AppData\Roaming\INSTALL_TOR.URL 2014-11-06 20:39 - 2014-11-06 20:39 - 00000276 _____ () C:\Users\Powell Family II\AppData\INSTALL_TOR.URL 2014-11-06 20:37 - 2014-11-06 20:37 - 00008562 _____ () C:\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:37 - 2014-11-06 20:37 - 00004224 _____ () C:\Users\Powell Family II\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:37 - 2014-11-06 20:37 - 00000276 _____ () C:\Users\Powell Family II\AppData\Local\INSTALL_TOR.URL 2014-11-06 20:36 - 2014-11-06 20:36 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-11-06 20:36 - 2014-11-06 20:36 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 2014-11-06 20:36 - 2014-11-06 20:36 - 00000276 _____ () C:\ProgramData\INSTALL_TOR.URL 2014-11-06 20:31 - 2014-11-06 23:24 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\FrameworkUpdate7 2014-11-06 20:30 - 2014-11-06 20:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-02 22:35 - 2014-11-02 22:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-02 22:35 - 2014-11-02 22:35 - 00001995 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-10-26 22:08 - 2014-11-06 18:19 - 00000000 ____D () C:\Users\Powell Family II\AppData\Local\Avg2015 2014-10-26 22:08 - 2014-10-26 22:08 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\AVG2015 2014-10-26 22:07 - 2014-10-26 22:07 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2014-10-26 22:07 - 2014-10-26 22:07 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\AVG2015 2014-10-26 22:05 - 2014-10-26 22:05 - 00000000 ____D () C:\Users\Powell Family\AppData\Local\Avg 2014-10-26 22:04 - 2014-11-06 23:22 - 00000000 ____D () C:\ProgramData\AVG2015 2014-10-26 21:54 - 2014-10-26 22:08 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Local\Avg2015 2014-10-16 06:42 - 2014-10-09 20:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 06:42 - 2014-10-09 20:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 06:42 - 2014-10-09 20:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 06:42 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 06:42 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 06:42 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 06:42 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 06:42 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 06:42 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 06:42 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 06:42 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 06:42 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 06:42 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 06:42 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 06:42 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 06:42 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 06:42 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 06:42 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 06:42 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 06:42 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 06:42 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 06:42 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 06:42 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 06:42 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 06:41 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 06:41 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 06:41 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 06:41 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 06:41 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 06:41 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 06:41 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 06:41 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 06:41 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 06:41 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 06:41 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 06:41 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 06:41 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 06:41 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 06:41 - 2014-08-28 20:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-16 06:41 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 06:41 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 06:41 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 06:41 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 06:41 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 06:41 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 06:41 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 06:41 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-16 06:41 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 06:41 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 06:41 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 10:47 - 2011-12-03 17:46 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\Skype 2014-11-09 10:24 - 2011-12-03 00:05 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-11-09 10:24 - 2011-12-02 23:17 - 01333808 _____ () C:\Windows\WindowsUpdate.log 2014-11-09 09:04 - 2011-12-03 10:22 - 00000000 ____D () C:\ProgramData\MFAData 2014-11-09 08:43 - 2011-12-02 23:06 - 00009744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-09 08:43 - 2011-12-02 23:06 - 00009744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-09 08:33 - 2013-11-30 10:00 - 00000000 ____D () C:\ProgramData\ProductData 2014-11-09 08:31 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-08 17:22 - 2014-06-28 21:47 - 00000000 ____D () C:\Users\Powell Family II 2014-11-08 16:51 - 2014-08-16 14:17 - 00000000 ____D () C:\Users\Powell Family II\Documents\Resumes 2014-11-08 16:49 - 2014-08-16 14:15 - 00000000 ____D () C:\Users\Powell Family II\Documents\Recipes 2014-11-08 16:48 - 2014-08-16 13:50 - 00000000 ____D () C:\Users\Powell Family II\Documents\Breast Cancer 2014-11-08 16:48 - 2014-07-28 19:54 - 00000000 ____D () C:\Users\Powell Family II\Documents\Outlook Files 2014-11-08 16:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public 2014-11-08 13:37 - 2013-11-30 10:05 - 49053696 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2014-11-08 13:37 - 2013-11-30 10:05 - 30732288 _____ () C:\Windows\system32\config\COMPONENTS.iobit 2014-11-08 13:37 - 2013-11-30 10:05 - 00438272 _____ () C:\Windows\system32\config\DEFAULT.iobit 2014-11-08 13:37 - 2013-11-30 10:05 - 00131072 _____ () C:\Windows\system32\config\SAM.iobit 2014-11-08 13:37 - 2013-11-30 10:05 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2014-11-08 13:37 - 2011-12-03 12:27 - 00000000 ____D () C:\Users\Powell Family 2014-11-08 13:37 - 2011-12-02 23:07 - 00000000 ____D () C:\Users\Optiplex-755 2014-11-08 13:24 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Web 2014-11-07 22:18 - 2013-11-28 11:02 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-07 22:18 - 2011-12-03 15:14 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\Malwarebytes 2014-11-07 22:17 - 2011-12-03 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-07 00:03 - 2013-11-30 09:59 - 00002157 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-11-07 00:02 - 2013-10-27 11:39 - 00000000 ____D () C:\Windows\Minidump 2014-11-07 00:02 - 2011-12-03 02:03 - 00000000 ____D () C:\Windows\Panther 2014-11-06 23:41 - 2014-09-14 22:55 - 00000000 ____D () C:\Users\Optiplex-755\AppData\Roaming\canon 2014-11-06 20:39 - 2014-06-28 22:01 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\Skype 2014-11-06 20:38 - 2014-07-16 08:50 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\Expert PDF 7 2014-11-06 20:38 - 2014-06-28 21:47 - 00000000 ____D () C:\Users\Powell Family II\AppData\Roaming\Adobe 2014-11-06 20:37 - 2014-06-28 22:01 - 00000000 ____D () C:\Users\Powell Family II\AppData\Local\Skype 2014-11-06 20:36 - 2014-06-28 21:49 - 00000000 ____D () C:\Users\Powell Family II\AppData\Local\AVG Secure Search 2014-11-06 20:36 - 2011-12-03 00:09 - 00000000 ____D () C:\ProgramData\LogiShrd 2014-11-06 20:35 - 2014-07-26 12:02 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-11-04 19:08 - 2010-11-20 16:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-02 22:35 - 2011-12-03 12:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-11-02 22:35 - 2011-12-03 12:41 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-02 22:35 - 2011-12-03 12:41 - 00000000 ____D () C:\Program Files\Adobe 2014-11-02 22:30 - 2013-11-30 10:10 - 49053696 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-11-02 22:30 - 2013-11-30 10:10 - 00438272 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-11-02 22:30 - 2013-11-30 10:10 - 00131072 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2014-11-02 22:30 - 2013-11-30 10:10 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-10-28 09:15 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-27 08:46 - 2013-09-24 18:27 - 00000000 ____D () C:\ProgramData\AVG2014 2014-10-27 08:40 - 2013-07-19 18:44 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-26 22:09 - 2011-12-03 10:26 - 00000000 ____D () C:\Program Files\AVG 2014-10-26 22:08 - 2014-03-31 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-10-26 22:08 - 2012-05-15 17:11 - 00000000 ___HD () C:\$AVG 2014-10-26 15:04 - 2013-11-16 08:58 - 00002054 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-26 10:02 - 2013-07-19 18:44 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-16 23:12 - 2014-08-16 15:30 - 00000000 ____D () C:\Windows\rescache 2014-10-16 22:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-16 22:32 - 2009-07-13 23:33 - 00409784 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 22:28 - 2014-04-25 19:32 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 21:51 - 2011-12-03 11:39 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 21:49 - 2013-07-24 17:24 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 21:40 - 2011-12-02 23:34 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Powell Family\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aih.exe C:\Users\Powell Family\AppData\Local\Temp\SkypeSetup.exe C:\Users\Powell Family II\AppData\Local\Temp\MSETUP4.EXE C:\Users\Powell Family II\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-11-30 00:54 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 Ran by Optiplex-755 at 2014-11-09 11:06:23 Running from C:\Users\Optiplex-755\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies) AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden AVG PC Tuneup 2011 (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.26 - AVG) AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies) CameraHelperMsi (Version: 13.50.854.0 - Logitech) Hidden Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.) Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.) Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.3.2.15 - Canon Inc.) Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.) Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.) Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.) Canon MX920 series User Registration (HKLM\...\Canon MX920 series User Registration) (Version: - ‭Canon Inc.) Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.) Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.) Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.) Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.3.0.4 - Canon Inc.) Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.4.1.10 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.0.0.19 - Canon Inc.) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.4.0.7 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Expert PDF 7 Reader (HKLM\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software) Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - ) IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.3.9.2622 - IObit) Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Store Download Manager (HKLM\...\{797511D8-6C88-4605-B278-552756A3D4C3}) (Version: 2.8.4431.2 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Open It! (HKLM\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC) Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) System Checkup 3.4 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-11-2014 21:02:28 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02059004-F081-4B93-A4E7-59101FDC15B7} - \MySearchDial No Task File <==== ATTENTION Task: {0B3EACAF-9BEF-4A0C-8FE4-4C6E73380CEA} - System32\Tasks\ASC7_SkipUac_Optiplex-755 => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit) Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs Task: {20A860ED-5344-4355-AF74-B4C575A695DF} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit) Task: {25BE83B3-801D-4CDB-B06A-DA393560E281} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E27C3F57-D416-45C1-AEEE-DD6CC3BDBFCF}.exe Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs Task: {6E535508-F9A5-4D00-92DC-D0F13684BFC0} - System32\Tasks\Digital Sites => C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {6FD72E88-31BB-4581-A443-6732E0B23BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks Task: {7922F376-6980-40A9-85F6-BEABD720A683} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.) Task: {AE032004-644F-4087-B3C0-FF6D73E50F11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.) Task: {E4F7C07C-6744-4675-BBAA-3EFF381A94AD} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {F0DA9B2D-ADEF-4829-A691-79ABDD85F2DA} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit) Task: {F99D01A1-7F39-44CD-8ECE-F50DC5A70F78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E27C3F57-D416-45C1-AEEE-DD6CC3BDBFCF}.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\OPTIPL~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-30 09:59 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll 2014-08-11 18:35 - 2014-08-11 18:34 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe 2014-08-11 18:35 - 2014-08-11 18:34 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-05-15 17:12 - 2014-08-25 11:58 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe 2013-12-08 17:39 - 2014-03-21 07:03 - 01603608 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll 2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2012-07-23 14:10 - 2012-07-23 14:10 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2013-11-30 09:59 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 7\webres.dll 2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3393986835-1049654633-373516032-500 - Administrator - Disabled) Guest (S-1-5-21-3393986835-1049654633-373516032-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3393986835-1049654633-373516032-1005 - Limited - Enabled) Optiplex-755 (S-1-5-21-3393986835-1049654633-373516032-1001 - Administrator - Enabled) => C:\Users\Optiplex-755 Powell Family II (S-1-5-21-3393986835-1049654633-373516032-1006 - Limited - Enabled) => C:\Users\Powell Family II ==================== Faulty Device Manager Devices ============= Name: Microsoft ISATAP Adapter Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft ISATAP Adapter #2 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/09/2014 08:32:55 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2014 06:09:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2014 06:09:07 PM) (Source: ESENT) (EventID: 455) (User: ) Description: DllHost (3804) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Optiplex-755\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (11/08/2014 05:57:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShadowExplorer.exe version 0.9.462.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 984 Start Time: 01cffba5e44d9365 Termination Time: 16 Application Path: C:\Program Files\ShadowExplorer\ShadowExplorer.exe Report Id: 93f5401d-679a-11e4-a961-001ec97da852 Error: (11/08/2014 04:33:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6 Exception code: 0x0eedfade Fault offset: 0x0000812f Faulting process id: 0x13dc Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (11/08/2014 04:02:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3393986835-1049654633-373516032-1004.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {ecb287b6-e575-42bc-8998-5f09ca918bf2} Error: (11/08/2014 03:13:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: avgwsc.exe, version: 15.0.0.5315, time stamp: 0x5409c7db Faulting module name: avgwsc.exe, version: 15.0.0.5315, time stamp: 0x5409c7db Exception code: 0xc0000005 Fault offset: 0x0002aba5 Faulting process id: 0x7f4 Faulting application start time: 0xavgwsc.exe0 Faulting application path: avgwsc.exe1 Faulting module path: avgwsc.exe2 Report Id: avgwsc.exe3 Error: (11/08/2014 01:25:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2014 09:04:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 35c Start Time: 01cffb5cc904cf7d Termination Time: 125 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (11/07/2014 09:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/09/2014 08:36:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). Error: (11/09/2014 08:32:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect. Error: (11/09/2014 08:31:44 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error: (11/08/2014 06:08:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ShadowExplorer Service service failed to start due to the following error: %%1053 Error: (11/08/2014 06:08:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the ShadowExplorer Service service to connect. Error: (11/08/2014 06:07:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect. Error: (11/08/2014 06:06:53 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error: (11/08/2014 01:25:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect. Error: (11/08/2014 01:24:37 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error: (11/07/2014 09:51:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect. Microsoft Office Sessions: ========================= Error: (11/09/2014 08:32:55 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2014 06:09:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2014 06:09:07 PM) (Source: ESENT) (EventID: 455) (User: ) Description: DllHost3804WebCacheLocal: C:\Users\Optiplex-755\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed) Error: (11/08/2014 05:57:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: ShadowExplorer.exe0.9.462.098401cffba5e44d936516C:\Program Files\ShadowExplorer\ShadowExplorer.exe93f5401d-679a-11e4-a961-001ec97da852 Error: (11/08/2014 04:33:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17344541b6f63KERNELBASE.dll6.1.7601.18409531599f60eedfade0000812f13dc01cffb9b90be52e3C:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\KERNELBASE.dllcfe2f72e-678e-11e4-a961-001ec97da852 Error: (11/08/2014 04:02:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-3393986835-1049654633-373516032-1004.bak)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {ecb287b6-e575-42bc-8998-5f09ca918bf2} Error: (11/08/2014 03:13:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: avgwsc.exe15.0.0.53155409c7dbavgwsc.exe15.0.0.53155409c7dbc00000050002aba57f401cffb9077d957d5C:\Program Files\AVG\AVG2015\avgwsc.exeC:\Program Files\AVG\AVG2015\avgwsc.exeb7560f0a-6783-11e4-a961-001ec97da852 Error: (11/08/2014 01:25:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2014 09:04:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe11.0.9600.1734435c01cffb5cc904cf7d125C:\Program Files\Internet Explorer\iexplore.exe Error: (11/07/2014 09:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-04-26 02:53:26.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:53:26.301 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:53:26.221 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:46.815 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:46.735 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:46.665 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:43.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:43.261 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-26 02:52:43.181 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-25 22:29:57.861 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 50% Total physical RAM: 2004.61 MB Available physical RAM: 997.94 MB Total Pagefile: 4009.22 MB Available Pagefile: 2620.1 MB Total Virtual: 2047.88 MB Available Virtual: 1916.11 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:60.83 GB) (Free:17.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:9.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 4ED5115E) Partition 1: (Active) - (Size=60.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  15. Is there a special technique to paste things into the post window? I can copy all the log text, but nothing appears when I try to paste it into the post window.
  16. Hi Adam, My name is Jerry as you might have guessed. In your instructions did you intend that I download FRST while in the Pow Fam II profile? I tried that and received the message: "Your current settings do not allow this file to be downloaded." Can I download it in the administrator profile, OptiPlex-755? Then run it from the Pow Fam II profile? Jerry
  17. This computer was hit by CryptoWall 2.0 sometime in the last couple days. Having researched this on your site and others, I've used Malwarebytes, SpyHunter and CA Advanced System Care 7 to scan and clean the computer. I also tried ShadowExplorer for recovering encrypted files to no avail. At this point I'm pretty resigned to the fact that the documents are useless, but I want to make sure the computer is clean before I put it back on my home network with access to our main hard drive. Attached for your review are the FRST and Addition scan logs done after the cleaning referenced above. Is there anything else that needs to be done to ensure this PC is clean now? Thanks, Addition_08-11-2014_18-38-34.txt FRST_08-11-2014_18-38-34.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.