fokker313

Members

View Profile See their activity

Posts
3
Joined
February 1, 2015
Last visited
February 3, 2015

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by fokker313

Need help .... with possible infection

fokker313 replied to fokker313's topic in Resolved Malware Removal Logs

much thanks, it will take a few days for me to accomplish the above requirements, i will update asap .... again thanks kevin
- February 3, 2015
- 6 replies
- - malware
  - hostageware
  - (and 8 more)
    Tagged with:
    
    malware
    
    hostageware
    
    greenscreen
    
    infection
    
    corruptware
    
    ransomware
    
    hijack
    
    virus
    
    corrupt download
    
    slow start
Need help .... with possible infection

fokker313 replied to fokker313's topic in Resolved Malware Removal Logs

ok thanks, the log i found is below, I am new to this site and I appreciate your kind attention! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015Ran by Doc's (administrator) on DOCS-PC on 01-02-2015 16:09:21Running from C:\Users\Doc's\AppData\Local\Temp\ig2d4pqv.tmpLoaded Profiles: Doc's (Available profiles: Doc's)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(M-Audio) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe(Anonymizer) C:\Program Files (x86)\Anonymizer\Anonymizer Universal\AnonMgmtSvc.exe(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe(Google Inc.) C:\Users\Doc's\AppData\Local\Google\Update\GoogleUpdate.exe(Simple Star, Inc.) C:\Program Files (x86)\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Anonymizer) C:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe(Stronghold Online Backup) C:\Users\Doc's\AppData\Local\Strongvault Online Backup\SMessaging.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe(Adobe) C:\Users\Doc's\AppData\Local\Temp\install_flashplayer16x32_chrd_dn_aaa_aih.exe(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe() C:\Program Files (x86)\SDDUpdater\updater.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-20] (Atheros Commnucations)HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)HKLM-x32\...\Run: [PopularScreensavers Search Scope Monitor] => C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7iSrchMn.exe [42536 2013-05-18] (MindSpark)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)HKLM-x32\...\Run: [sMessaging] => C:\Users\Doc's\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-11] (Power Software Ltd)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)HKLM-x32\...\Run: [gmsd_us_84] => [X]HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [Google Update] => C:\Users\Doc's\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-12] (Google Inc.)HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [Walgreens PhotoShow Media Manager] => C:\Program Files (x86)\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe [237568 2006-04-20] (Simple Star, Inc.)HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2013-11-13] ()HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [Anonymizer Universal] => C:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe [3928600 2014-10-21] (Anonymizer)HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1IFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\Doc's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnkShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)Startup: C:\Users\Doc's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnkShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=https://www.yahoo.com?fr=hp-avast&type=avastbclHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1397259501&from=amt&uid=ST9500325AS_5VETHXTWXXXX5VETHXTW&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1397259501&from=amt&uid=ST9500325AS_5VETHXTWXXXX5VETHXTW&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-373963065-2517038359-3763730876-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1397259501&from=amt&uid=ST9500325AS_5VETHXTWXXXX5VETHXTWHKU\S-1-5-21-373963065-2517038359-3763730876-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}URLSearchHook: HKLM-x32 - (No Name) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - No FileSearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0A0A0EyDyE0DtA0ByE0CtN0D0Tzu0CtAtCyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=695285060SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0A0A0EyDyE0DtA0ByE0CtN0D0Tzu0CtAtCyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=695285060SearchScopes: HKLM-x32 -> {1AF919F4-D7C6-93B8-6BAF-2421B23AF4C4} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1397259501&from=amt&uid=ST9500325AS_5VETHXTWXXXX5VETHXTW&q={searchTerms}SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> DefaultScope {DB5F73D5-888B-4D6A-A376-8BCCEE0E5A60} URL = BHO: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No FileBHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: No Name -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> No FileBHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No FileBHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: No Name -> {ab56dfde-0c14-45b3-9df6-7b0eba617870} -> No FileBHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: No Name -> {df22384f-cf68-4d19-969f-10423715528b} -> No FileToolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - No Name - {6fcaba44-a441-481f-895e-bddfd81a6cc2} - No FileToolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No FileToolbar: HKLM-x32 - No Name - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - No FileToolbar: HKLM-x32 - No Name - {6fcaba44-a441-481f-895e-bddfd81a6cc2} - No FileToolbar: HKLM-x32 - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} - No FileToolbar: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> No Name - {92ED4BBD-83F2-4C70-BB4E-F8D3716143FE} - No FileToolbar: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> No Name - {A0154E07-2B48-475C-A82A-80EFD84EA33E} - No FileDPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox:========FF ProfilePath: C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.defaultFF DefaultSearchEngine: Yahoo!FF SelectedSearchEngine: Yahoo!FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF NetworkProxy: "type", FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No FileFF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No FileFF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )FF Plugin-x32: @PopularScreensavers_7i.com/Plugin -> C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No FileFF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-373963065-2517038359-3763730876-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No FileFF Plugin HKU\S-1-5-21-373963065-2517038359-3763730876-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Doc's\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-373963065-2517038359-3763730876-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Doc's\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF user.js: detected! => C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\user.jsFF SearchPlugin: C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\searchplugins\yahoo_ff.xmlFF Extension: TheTorntv V10 - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\44e4876d5886435183fea8e@44f892d6c2ac4a44858c85e3636.com [2014-08-03]FF Extension: Plus-HD-1.3 - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com [2014-07-05]FF Extension: enterprise 1.1 - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com [2014-09-03]FF Extension: Slick Savings - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2014-12-18]FF Extension: Start Page - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [2014-12-18]FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [2014-12-18]FF HKLM-x32\...\Firefox\Extensions: [7iffxtbr@PopularScreensavers_7i.com] - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.binFF Extension: PopularScreensavers - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin [2013-05-18]FF HKLM-x32\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.binFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta198.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta198\ffFF HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Firefox\Extensions: [lfind@nijadsoft.net] - C:\Program Files (x86)\LyricsFinder\FFFF HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Firefox\Extensions: [lwoofer@lyricswoofer.co] - C:\Program Files (x86)\LyricsWoofer\122.xpiFF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: =======CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Doc's\AppData\Local\funmoods.crx [Not Found]CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Doc's\AppData\Local\funmoods-speeddial_sf.crx [Not Found]CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Doc's\AppData\Local\Smartbar/Application\1Extension.crx [Not Found]CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Doc's\AppData\Local\funmoods.crx [Not Found]CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Doc's\AppData\Local\funmoods-speeddial_sf.crx [Not Found]CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Doc's\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [2013-08-11]CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Doc's\AppData\Local\funmoods.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx [2013-08-05]CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Doc's\AppData\Local\funmoods-speeddial_sf.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [gnbcopcndefcccgdofjadnafjljgofam] - C:\Program Files (x86)\LyricsFinder\Chrome.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - C:\Program Files (x86)\Iminent\Iminent.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\BetterExperience\Chrome\common.crx [2014-01-31]CHR HKLM-x32\...\Chrome\Extension: [jnikkfemnfogahcandhlchoengjbeaij] - C:\Program Files (x86)\LyricsWoofer\122.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Doc's\AppData\Roaming\PlusWinks\PlusWinks.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Doc's\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [2013-08-11]CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Doc's\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found] Opera: =======OPR Extension: (enterprise 1.1) - C:\Users\Doc's\AppData\Roaming\Opera Software\Opera Stable\Extensions\kamobkapmbfjeihgdegmieoldlbkogjb [2014-09-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AnonMgmtSvc; C:\Program Files (x86)\Anonymizer\Anonymizer Universal\AnonMgmtSvc.exe [220184 2014-10-21] (Anonymizer)R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-20] (Atheros Commnucations) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-11] (Avast Software)S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118056 2014-04-23] (Elex do Brasil Participações Ltda)R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)S2 PopularScreensavers_7iService; C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe [42504 2013-05-18] (COMPANYVERS_NAME)S3 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)S2 VjdOuv; C:\ProgramData\tapSSXEo\VjdOuv.exe [2734456 2015-01-13] (Small Island Development)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-01-31] (Advanced Micro Devices, Inc.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [232960 2014-04-23] (Elex do Brasil Participações Ltda)S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [43520 2014-04-23] (Elex do Brasil Participações Ltda)R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [66048 2014-04-23] (Elex do Brasil Participações Ltda)R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48128 2014-04-23] (Elex do Brasil Participações Ltda)S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-09-09] (Duplex Secure Ltd.)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-11] (Avast Software)R1 {1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64; C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys [48792 2015-01-25] (StdLib)R1 {371bcf01-e691-44bf-9345-60788e5d16a5}Gw64; C:\Windows\System32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys [48792 2015-01-28] (StdLib)R1 {4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64; C:\Windows\System32\drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys [48792 2015-01-21] (StdLib)R1 {5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64; C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys [48792 2015-01-22] (StdLib)R1 {8d9208df-94f9-4c96-a224-97b37b0df94e}Gw64; C:\Windows\System32\drivers\{8d9208df-94f9-4c96-a224-97b37b0df94e}Gw64.sys [48792 2015-01-04] (StdLib)U3 aa765cfc; C:\Windows\System32\Drivers\aa765cfc.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 16:09 - 2015-02-01 16:09 - 00000000 ____D () C:\FRST2015-02-01 15:43 - 2015-02-01 15:43 - 00001555 _____ () C:\Users\Doc's\Desktop\hijackthis - Shortcut.lnk2015-02-01 15:32 - 2015-02-01 15:32 - 00015818 _____ () C:\Users\Doc's\Documents\hijackthis.log2015-01-31 23:25 - 2015-01-31 23:35 - 130030423 _____ () C:\Users\Doc's\Downloads\msert.exe.download2015-01-31 18:23 - 2015-01-31 18:23 - 00001998 _____ () C:\Windows\PFRO.log2015-01-31 00:29 - 2015-02-01 12:36 - 00000336 _____ () C:\Windows\setupact.log2015-01-31 00:29 - 2015-01-31 00:29 - 00000000 _____ () C:\Windows\setuperr.log2015-01-29 18:43 - 2015-01-29 18:43 - 00245475 _____ () C:\Users\Doc's\Downloads\photo.php2015-01-28 22:14 - 2015-01-28 22:14 - 00002015 _____ () C:\Users\Doc's\Desktop\FastDownload.com.lnk2015-01-28 22:14 - 2015-01-28 22:14 - 00002007 _____ () C:\Users\Doc's\Desktop\GameTeam.com.lnk2015-01-28 22:14 - 2015-01-28 22:14 - 00002005 _____ () C:\Users\Doc's\Desktop\GameTop.com.lnk2015-01-28 18:48 - 2015-01-28 12:35 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys2015-01-26 10:10 - 2015-01-26 10:14 - 00019691 _____ () C:\Users\Doc's\Downloads\www.google.com.dms2015-01-25 17:40 - 2015-01-31 04:00 - 00000278 _____ () C:\Windows\Tasks\Anonymizer Universal Updates.job2015-01-25 17:40 - 2015-01-25 17:40 - 00003016 _____ () C:\Windows\System32\Tasks\Anonymizer Universal Updates2015-01-25 14:25 - 2015-01-25 14:25 - 00000000 ____D () C:\AdwCleaner2015-01-25 12:36 - 2015-01-25 12:36 - 00000330 _____ () C:\Windows\system32\2015-01-25-17-36-28.043-aswFe.exe-2388.log2015-01-25 12:21 - 2015-01-25 12:36 - 00000247 _____ () C:\Windows\system32\2015-01-25-17-21-38.051-aswFe.exe-7880.log2015-01-25 12:21 - 2015-01-25 12:21 - 00000197 _____ () C:\Windows\system32\2015-01-25-17-21-18.085-AvastVBoxSVC.exe-9100.log2015-01-25 11:49 - 2015-01-25 11:49 - 00000247 _____ () C:\Windows\system32\2015-01-25-16-49-40.021-aswFe.exe-9184.log2015-01-25 11:49 - 2015-01-25 11:49 - 00000197 _____ () C:\Windows\system32\2015-01-25-16-49-15.004-AvastVBoxSVC.exe-7596.log2015-01-25 11:30 - 2015-01-25 11:30 - 00000247 _____ () C:\Windows\system32\2015-01-25-16-30-32.037-aswFe.exe-4208.log2015-01-25 11:30 - 2015-01-25 11:30 - 00000197 _____ () C:\Windows\system32\2015-01-25-16-30-18.011-AvastVBoxSVC.exe-3840.log2015-01-25 08:51 - 2015-01-25 05:45 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anonymizer2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 ____D () C:\Program Files (x86)\Anonymizer2015-01-23 16:10 - 2015-01-23 16:10 - 00000000 ____T () C:\Windows\SysWOW64\Ñ2015-01-23 15:35 - 2015-01-23 15:35 - 00000000 ____T () C:\Windows\SysWOW64\E2015-01-23 15:32 - 2015-01-23 15:32 - 00000000 ____T () C:\Windows\SysWOW64\O2015-01-23 00:08 - 2015-01-23 00:08 - 00000197 _____ () C:\Windows\system32\2015-01-23-05-08-53.046-AvastVBoxSVC.exe-4484.log2015-01-22 20:10 - 2015-01-22 12:54 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys2015-01-22 17:00 - 2015-01-22 17:01 - 00000280 _____ () C:\Windows\system32\2015-01-22-22-00-35.096-aswFe.exe-3172.log2015-01-21 20:43 - 2015-01-21 10:43 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys2015-01-21 19:40 - 2015-01-21 19:40 - 00000280 _____ () C:\Windows\system32\2015-01-22-00-40-33.025-aswFe.exe-7040.log2015-01-21 19:39 - 2015-01-21 19:38 - 06280608 _____ () C:\Users\Doc's\Downloads\hotspot-shield.exe2015-01-21 19:34 - 2015-01-21 19:34 - 00000280 _____ () C:\Windows\system32\2015-01-22-00-34-06.086-aswFe.exe-6344.log2015-01-20 23:39 - 2015-01-20 23:39 - 00000197 _____ () C:\Windows\system32\2015-01-21-04-39-57.025-AvastVBoxSVC.exe-4768.log2015-01-20 21:11 - 2015-01-20 21:12 - 00000280 _____ () C:\Windows\system32\2015-01-21-02-11-59.020-aswFe.exe-7764.log2015-01-20 21:10 - 2015-01-20 21:10 - 00000280 _____ () C:\Windows\system32\2015-01-21-02-10-51.006-aswFe.exe-9004.log2015-01-20 21:02 - 2015-01-20 21:02 - 00000280 _____ () C:\Windows\system32\2015-01-21-02-02-22.004-aswFe.exe-6008.log2015-01-20 18:33 - 2015-01-20 18:33 - 00000000 ____T () C:\Windows\SysWOW64\G2015-01-20 14:19 - 2015-01-20 14:43 - 00000000 ____D () C:\Users\Doc's\AppData\Local\SoftonicAssistant2015-01-20 00:08 - 2015-01-20 00:08 - 00000280 _____ () C:\Windows\system32\2015-01-20-05-08-11.099-aswFe.exe-7612.log2015-01-19 23:18 - 2015-01-19 23:19 - 00000280 _____ () C:\Windows\system32\2015-01-20-04-18-58.059-aswFe.exe-6628.log2015-01-19 16:44 - 2015-01-19 16:44 - 00000197 _____ () C:\Windows\system32\2015-01-19-21-44-11.088-AvastVBoxSVC.exe-5832.log2015-01-18 15:44 - 2015-01-18 15:44 - 00000197 _____ () C:\Windows\system32\2015-01-18-20-44-14.041-AvastVBoxSVC.exe-3396.log2015-01-17 22:51 - 2015-01-17 22:51 - 00000197 _____ () C:\Windows\system32\2015-01-18-03-51-08.061-AvastVBoxSVC.exe-4380.log2015-01-17 22:27 - 2015-01-17 22:27 - 00000197 _____ () C:\Windows\system32\2015-01-18-03-27-25.099-AvastVBoxSVC.exe-3164.log2015-01-17 16:13 - 2015-01-17 16:13 - 00000197 _____ () C:\Windows\system32\2015-01-17-21-13-00.043-AvastVBoxSVC.exe-4696.log2015-01-17 13:39 - 2015-01-17 13:39 - 00000000 ____H () C:\Users\Doc's\Documents\Default.rdp2015-01-17 13:07 - 2015-01-17 13:07 - 00000197 _____ () C:\Windows\system32\2015-01-17-18-07-26.027-AvastVBoxSVC.exe-6328.log2015-01-17 11:13 - 2015-01-17 11:13 - 00000197 _____ () C:\Windows\system32\2015-01-17-16-13-55.037-AvastVBoxSVC.exe-4780.log2015-01-17 10:42 - 2015-01-17 10:42 - 00003124 _____ () C:\Windows\System32\Tasks\{BB637A49-9A49-4603-95E6-16068FF3E37F}2015-01-17 10:30 - 2015-01-17 10:30 - 00000197 _____ () C:\Windows\system32\2015-01-17-15-30-20.095-AvastVBoxSVC.exe-4536.log2015-01-17 10:25 - 2015-01-17 10:25 - 00000000 _____ () C:\Windows\SysWOW64\sho3F94.tmp2015-01-16 14:01 - 2015-01-24 15:42 - 00000000 ____D () C:\ProgramData\Browser2015-01-16 00:50 - 2015-01-16 00:50 - 00000197 _____ () C:\Windows\system32\2015-01-16-05-50-42.003-AvastVBoxSVC.exe-2228.log2015-01-15 22:05 - 2015-01-15 22:05 - 00000197 _____ () C:\Windows\system32\2015-01-16-03-05-31.004-AvastVBoxSVC.exe-7108.log2015-01-15 21:52 - 2015-01-15 21:52 - 00000000 ____D () C:\MovieWizard2015-01-14 15:57 - 2015-01-14 15:57 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Lazy Turtle Games2015-01-14 15:56 - 2015-01-17 22:47 - 00000000 ____D () C:\Windows\The Return of Monte Cristo2015-01-14 15:56 - 2015-01-17 22:47 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Return of Monte Cristo2015-01-14 15:56 - 2015-01-17 22:47 - 00000000 ____D () C:\Program Files (x86)\The Return of Monte Cristo2015-01-14 15:49 - 2015-01-14 15:49 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\To the Moon - Freebird Games2015-01-13 16:47 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-13 16:47 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-13 16:47 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-01-13 16:47 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-13 16:47 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-13 16:47 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-13 16:46 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-13 16:46 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-13 16:46 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-13 16:46 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-13 16:46 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-13 16:46 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-13 16:46 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-13 11:27 - 2015-01-13 11:27 - 00000197 _____ () C:\Windows\system32\2015-01-13-16-27-10.042-AvastVBoxSVC.exe-6360.log2015-01-13 10:30 - 2015-01-13 10:30 - 00003102 _____ () C:\Windows\System32\Tasks\{811E6CDB-C394-4F2F-9B3F-B82A71505F01}2015-01-13 10:27 - 2015-01-13 10:27 - 00000000 ____D () C:\ProgramData\2666cdac00005bfc2015-01-13 10:20 - 2015-01-13 10:20 - 00000197 _____ () C:\Windows\system32\2015-01-13-15-20-53.065-AvastVBoxSVC.exe-4436.log2015-01-13 09:44 - 2015-01-13 09:44 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-44-02.031-AvastVBoxSVC.exe-3516.log2015-01-13 08:46 - 2015-01-13 08:46 - 00000000 _____ () C:\Windows\SysWOW64\sho2EEC.tmp2015-01-13 08:37 - 2015-01-13 08:37 - 00000197 _____ () C:\Windows\system32\2015-01-13-13-37-24.008-AvastVBoxSVC.exe-4672.log2015-01-13 02:44 - 2015-01-25 12:25 - 00000000 ____D () C:\Users\Doc's\AppData\Local\MovieWizard2015-01-13 02:27 - 2015-01-13 02:27 - 00000197 _____ () C:\Windows\system32\2015-01-13-07-27-46.032-AvastVBoxSVC.exe-7064.log2015-01-13 02:26 - 2014-04-23 05:19 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys2015-01-13 01:52 - 2015-01-17 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\SDD2015-01-13 01:52 - 2015-01-17 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip2015-01-13 01:52 - 2015-01-17 22:47 - 00000000 ____D () C:\Program Files (x86)\SDDUpdater2015-01-13 01:51 - 2015-01-17 22:47 - 00000000 ____D () C:\ProgramData\tapSSXEo2015-01-13 01:51 - 2015-01-13 10:39 - 00000000 ____D () C:\ProgramData\MovieWizard2015-01-12 12:27 - 2015-01-12 12:27 - 00000197 _____ () C:\Windows\system32\2015-01-12-17-27-15.015-AvastVBoxSVC.exe-4688.log2015-01-09 00:34 - 2015-01-09 00:34 - 00000197 _____ () C:\Windows\system32\2015-01-09-05-34-50.082-AvastVBoxSVC.exe-6216.log2015-01-06 00:52 - 2015-01-06 00:52 - 00000197 _____ () C:\Windows\system32\2015-01-06-05-52-05.010-AvastVBoxSVC.exe-4320.log2015-01-04 23:58 - 2015-01-05 00:03 - 34305058 _____ () C:\Users\Doc's\Downloads\torbrowser-install-4.0.2_en-US.exe2015-01-04 21:04 - 2015-01-24 16:52 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Anonymizer2015-01-04 20:59 - 2014-09-03 17:27 - 00034248 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys2015-01-04 20:58 - 2015-01-04 20:58 - 00000000 ____D () C:\ProgramData\Anonymizer2015-01-04 19:41 - 2015-01-04 19:41 - 00000280 _____ () C:\Windows\system32\2015-01-05-00-41-31.066-aswFe.exe-5240.log2015-01-04 19:31 - 2015-01-04 19:35 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\StormFall2015-01-04 19:31 - 2015-01-04 19:31 - 00000000 ____D () C:\Users\Doc's\AppData\Local\Pirates2015-01-04 19:27 - 2015-01-04 15:48 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{8d9208df-94f9-4c96-a224-97b37b0df94e}Gw64.sys2015-01-04 13:29 - 2015-01-04 13:29 - 00000197 _____ () C:\Windows\system32\2015-01-04-18-29-50.043-AvastVBoxSVC.exe-5620.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 15:47 - 2013-07-14 08:02 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373963065-2517038359-3763730876-1000UA.job2015-02-01 15:33 - 2012-11-10 14:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-01 15:10 - 2013-11-11 12:25 - 00001296 _____ () C:\Windows\Tasks\Plus-HD-1.3-updater.job2015-02-01 15:10 - 2013-11-11 12:24 - 00001906 _____ () C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job2015-02-01 15:10 - 2013-11-11 12:24 - 00001830 _____ () C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job2015-02-01 15:10 - 2013-11-11 12:24 - 00001198 _____ () C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job2015-02-01 15:01 - 2012-11-12 22:05 - 00000296 _____ () C:\Windows\Tasks\Registry Optimizer_DEFAULT.job2015-02-01 14:41 - 2013-08-22 20:21 - 00000000 ____D () C:\Users\Doc's\AppData\Local\Strongvault Online Backup2015-02-01 14:35 - 2013-12-22 18:24 - 00000000 ____D () C:\Program Files (x86)\iSafe2015-02-01 14:26 - 2012-05-29 10:06 - 01712809 _____ () C:\Windows\WindowsUpdate.log2015-02-01 13:34 - 2014-04-27 19:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job2015-02-01 13:16 - 2014-02-24 16:34 - 00000436 _____ () C:\Windows\Tasks\PC Optimizer Pro Idle.job2015-02-01 13:02 - 2012-11-10 06:45 - 00000000 ____D () C:\Users\Doc's\AppData\Local\Adobe2015-02-01 11:22 - 2014-09-03 22:22 - 00001764 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-5_user.job2015-02-01 11:22 - 2014-09-03 22:22 - 00001744 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-5.job2015-02-01 11:21 - 2014-09-03 22:21 - 00002578 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-4.job2015-02-01 11:21 - 2014-09-03 22:21 - 00001872 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-1.job2015-02-01 11:20 - 2014-09-03 22:20 - 00004482 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-11.job2015-02-01 10:44 - 2014-01-17 19:30 - 00000000 ____D () C:\Program Files (x86)\WinZipper2015-02-01 08:47 - 2013-07-14 08:02 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373963065-2517038359-3763730876-1000Core.job2015-01-31 23:18 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-31 23:18 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-31 22:59 - 2013-06-27 15:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2015-01-31 22:59 - 2012-11-10 06:53 - 00000000 ____D () C:\Users\Doc's\AppData\Local\CrashDumps2015-01-31 22:57 - 2014-02-24 16:34 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job2015-01-31 22:57 - 2014-02-22 23:35 - 00000462 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job2015-01-31 22:57 - 2014-02-22 23:35 - 00000454 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job2015-01-31 22:57 - 2013-12-19 17:08 - 00000458 _____ () C:\Windows\Tasks\RegPowerClean.job2015-01-31 22:57 - 2013-06-10 15:44 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job2015-01-31 22:57 - 2013-06-02 21:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2015-01-31 22:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-01-31 19:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2015-01-31 18:34 - 2013-07-05 07:45 - 00000000 ____D () C:\Users\Doc's\Desktop\Doc's VIDS2015-01-31 18:32 - 2012-11-22 00:38 - 00000000 ____D () C:\Users\Doc's\Desktop\Browsers & Torrent2015-01-31 18:21 - 2012-11-12 22:03 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Azureus2015-01-31 18:18 - 2013-08-17 08:17 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\vlc2015-01-31 16:03 - 2013-09-19 19:25 - 00000000 ____D () C:\Users\Doc's\Desktop\MOVIES&TV SHOWS2015-01-30 18:09 - 2013-12-22 18:24 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\iSafe2015-01-29 00:29 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2015-01-28 22:16 - 2012-11-23 11:53 - 00000000 ___RD () C:\Users\Doc's\Desktop\GAMES2015-01-28 22:14 - 2013-06-19 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com2015-01-28 22:14 - 2013-06-19 12:08 - 00000000 ____D () C:\Program Files (x86)\GameTop.com2015-01-28 22:05 - 2012-11-12 22:05 - 00000304 _____ () C:\Windows\Tasks\Registry Optimizer_UPDATES.job2015-01-28 18:31 - 2009-07-13 21:34 - 00000537 _____ () C:\Windows\win.ini2015-01-26 00:34 - 2012-11-10 14:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-01-26 00:33 - 2012-03-19 12:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-01-26 00:33 - 2012-03-19 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-25 21:10 - 2014-07-05 22:25 - 00000000 ____D () C:\Users\Doc's\Desktop\empty 22015-01-24 17:40 - 2013-09-19 19:25 - 00000000 ____D () C:\Users\Doc's\Desktop\Computer Stuff2015-01-20 23:24 - 2013-07-29 21:41 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Zip Opener Packages2015-01-20 23:24 - 2013-06-02 21:49 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\LavFilters2015-01-20 23:24 - 2013-06-02 21:49 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Codec Pack Packages2015-01-20 21:37 - 2013-11-18 20:33 - 00000000 ____D () C:\temp2015-01-19 09:12 - 2014-01-17 19:30 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\WinZipper2015-01-19 09:09 - 2012-11-14 17:12 - 00000000 ____D () C:\Windows\System32\Tasks\Games2015-01-18 11:20 - 2012-11-14 18:46 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Huntsville2015-01-18 11:19 - 2012-03-19 12:10 - 00000000 ____D () C:\ProgramData\Temp2015-01-17 22:47 - 2014-01-07 14:59 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\dvdcss2015-01-17 22:47 - 2013-12-22 18:24 - 00000000 ____D () C:\Windows\system32\log2015-01-17 22:47 - 2013-10-18 17:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan2015-01-17 22:47 - 2012-11-10 03:21 - 00000000 ____D () C:\Users\Doc's2015-01-17 22:47 - 2012-05-29 10:29 - 00000000 ____D () C:\ProgramData\Atheros2015-01-17 22:47 - 2012-03-19 12:05 - 00000000 ____D () C:\ProgramData\BackupManager2015-01-17 22:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration2015-01-17 21:47 - 2013-10-26 00:46 - 00000000 ____D () C:\Program Files (x86)\qualitink2015-01-17 21:45 - 2014-07-11 12:39 - 00003880 _____ () C:\Windows\System32\Tasks\BrowserSafeguard2015-01-17 16:15 - 2012-11-12 18:38 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Skype2015-01-17 10:42 - 2014-04-20 01:29 - 00000000 ____D () C:\ProgramData\BetterExperience2015-01-17 00:19 - 2013-07-27 04:58 - 00000160 _____ () C:\Users\Doc's\AppData\Roaming\WB.CFG2015-01-16 00:34 - 2013-07-12 02:02 - 00000000 ____D () C:\Windows\system32\MRT2015-01-16 00:22 - 2012-11-12 18:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-01-14 19:03 - 2013-10-02 00:11 - 00000000 ____D () C:\Program Files (x86)\Foxy Games2015-01-13 02:27 - 2012-11-10 03:25 - 00001603 _____ () C:\Users\Doc's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-01-13 01:52 - 2013-12-12 10:42 - 00000000 ____D () C:\ProgramData\Updater2015-01-13 01:50 - 2012-11-10 13:53 - 00000000 ____D () C:\Program Files (x86)\Safari2015-01-12 00:38 - 2014-11-23 23:59 - 00159361 _____ () C:\Users\Doc.mp42015-01-09 22:47 - 2014-04-07 08:38 - 00000000 ____D () C:\Users\Doc's\Desktop\Empty 42015-01-08 20:49 - 2014-04-07 17:50 - 00000000 ____D () C:\Users\Doc's\Desktop\EMPTY 72015-01-08 15:30 - 2009-07-14 00:13 - 00804720 _____ () C:\Windows\system32\PerfStringBackup.INI2015-01-06 11:55 - 2014-09-03 22:20 - 00000000 ____D () C:\Program Files (x86)\enterprise 1.12015-01-06 09:21 - 2013-11-11 12:24 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-1.32015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-01-04 17:43 - 2014-03-23 17:05 - 00000000 ____D () C:\Program Files (x86)\JetAudio2015-01-04 17:43 - 2013-08-20 19:50 - 00000000 ____D () C:\Program Files (x86)\Bejeweled 3 new2015-01-04 17:34 - 2014-12-31 21:21 - 00000000 ____D () C:\ProgramData\BlueStacksSetup2015-01-04 17:34 - 2013-10-28 22:42 - 00000000 ____D () C:\Windows\Minidump2015-01-04 13:44 - 2014-03-18 18:17 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\uTorrent ==================== Files in the root of some directories ======= 2013-12-22 18:09 - 2013-12-22 18:09 - 0000068 _____ () C:\Users\Doc's\AppData\Roaming\photoshow_express_setup.txt2013-12-04 23:19 - 2013-12-05 00:31 - 0003408 _____ () C:\Users\Doc's\AppData\Roaming\result1.db2012-11-12 16:35 - 2015-01-31 19:12 - 0033193 _____ () C:\Users\Doc's\AppData\Roaming\UserTile.png2013-07-27 04:58 - 2015-01-17 00:19 - 0000160 _____ () C:\Users\Doc's\AppData\Roaming\WB.CFG2013-06-15 00:01 - 2014-01-28 00:19 - 0000005 _____ () C:\Users\Doc's\AppData\Roaming\WBPU-TTL.DAT2014-03-23 17:23 - 2014-03-23 17:23 - 0003584 _____ () C:\Users\Doc's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-02 10:04 - 2013-06-02 10:04 - 0000017 _____ () C:\Users\Doc's\AppData\Local\resmon.resmoncfg2014-04-22 09:57 - 2014-04-22 09:57 - 0000057 _____ () C:\ProgramData\Ament.ini2012-05-29 10:40 - 2012-05-29 10:45 - 0002454 _____ () C:\ProgramData\clear.fiSDK20.log2013-12-04 23:20 - 2013-12-05 09:24 - 0002763 _____ () C:\ProgramData\connector.swf2012-05-29 10:44 - 2012-05-29 10:44 - 0000032 _____ () C:\ProgramData\PS.log2014-02-22 13:38 - 2014-02-22 13:38 - 0000079 _____ () C:\ProgramData\spds90.txt Some content of TEMP:====================C:\Users\Doc's\AppData\Local\Temp\ct_2016.exeC:\Users\Doc's\AppData\Local\Temp\install_flashplayer16x32_chrd_dn_aaa_aih.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 09:38 ==================== End Of Log ============================
- February 2, 2015
- 6 replies
- - malware
  - hostageware
  - (and 8 more)
    Tagged with:
    
    malware
    
    hostageware
    
    greenscreen
    
    infection
    
    corruptware
    
    ransomware
    
    hijack
    
    virus
    
    corrupt download
    
    slow start
Need help .... with possible infection

fokker313 posted a topic in Resolved Malware Removal Logs

Please help with the possible infection ...... windows 7, 64bit ......computer gives corrupt error message as "can not open" .... file corrupted...... also when online some video's will not play... shows a green screen with no error message .... flash player up to date....thanks in advance Logfile of Trend Micro Haddition.txtijackThis v2.0.5 Scan saved at 3:31:59 PM, on 2/1/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17496) Boot mode: Normal Running processes:C:\Program Files (x86)\iSafe\iSafeTray.exeC:\Users\Doc's\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exeC:\Program Files\Earth Networks\WeatherBug\WeatherBug.exeC:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer Universal.exeC:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files (x86)\MagicDisc\MagicDisc.exeC:\Users\Doc's\AppData\Local\Strongvault Online Backup\SMessaging.exeC:\Program Files (x86)\Launch Manager\LMworker.exeC:\Program Files\AVAST Software\Avast\avastui.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Users\Doc's\AppData\Local\Temp\jia9y3ww.tmp\install_flashplayer16x32_chrd_dn_aaa_aih.exeC:\Program Files (x86)\Safari\Safari.exeC:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exeC:\Users\Doc's\AppData\Local\Temp\nkczste8.tmp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1397259501&from=amt&uid=ST9500325AS_5VETHXTWXXXX5VETHXTWR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=https://www.yahoo.com?fr=hp-avast&type=avastbclR1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=da598694-8074-4084-8e21-ea8bcf79d624&searchtype=ds&q={searchTerms}&installDate=28/09/2013R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=da598694-8074-4084-8e21-ea8bcf79d624&searchtype=ds&q={searchTerms}&installDate=28/09/2013R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: (no name) - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - (no file)O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dllO2 - BHO: (no name) - {df22384f-cf68-4d19-969f-10423715528b} - (no file)O3 - Toolbar: (no name) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - (no file)O3 - Toolbar: (no name) - {6fcaba44-a441-481f-895e-bddfd81a6cc2} - (no file)O3 - Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - (no file)O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -kO4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostartO4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [PopularScreensavers Search Scope Monitor] "C:\PROGRA~2\POPULA~2\bar\1.bin\7isrchmn.exe" /m=2 /w /hO4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exeO4 - HKLM\..\Run: [sMessaging] "C:\Users\Doc's\AppData\Local\Strongvault Online Backup\SMessaging.exe"O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startupO4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exeO4 - HKCU\..\Run: [Google Update] "C:\Users\Doc's\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~2\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exeO4 - HKCU\..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automountO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKCU\..\Run: [Anonymizer Universal] C:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe /trayO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exeO4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exeO4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exeO9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dllO9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllO9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dllO9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLLO18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dllO18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files (x86)\Anonymizer\Anonymizer Universal\AnonMgmtSvc.exeO23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exeO23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exeO23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files (x86)\iSafe\iSafeSvc.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exeO23 - Service: PopularScreensaversService (PopularScreensavers_7iService) - COMPANYVERS_NAME - C:\PROGRA~2\POPULA~2\bar\1.bin\7ibarsvc.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: USB MIDI Series Audio Device Monitor (USBMIDIAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: VjdOuv - Small Island Development - C:\ProgramData\tapSSXEo\VjdOuv.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exeO23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) --End of file - 15816 bytes
- February 1, 2015
- 6 replies
- - malware
  - hostageware
  - (and 8 more)
    Tagged with:
    
    malware
    
    hostageware
    
    greenscreen
    
    infection
    
    corruptware
    
    ransomware
    
    hijack
    
    virus
    
    corrupt download
    
    slow start

Sign In

fokker313

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by fokker313

Need help .... with possible infection

Need help .... with possible infection

Need help .... with possible infection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information