Jump to content

smallieslayer

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. reset the router, opened a bunch of links in new tabs, so far no pop ups or redirects. If it is fixed, can you tell me what the problem was?
  2. Ok so that did not work, got this pop up and redirect again today web page reads: computer-alert-message.com/urgent pop up says you're infected and call this toll free number I've attached a pic from my phone
  3. no sooner did I post that, I was looking at houses online and I right clicked to open a link in a new tab and it took me to some other page, it happened twice in a matter of minutes. I don't know it its the web page, a browser setting or what but seems conincidental
  4. seems to be ok so far, I opened a bunch of web page tabs and I didn't get any redirects. the pop up with the voice just happened once yesterday or the day before but I knew something was amiss
  5. thank you, heres the 2 files attached, im going to bed now and work until 730 tomorrow evening so won be able to do any more until then,thanks for your help Addition.txt FRST.txt
  6. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04 Ran by Garrett (administrator) on GARRETT-PC on 15-04-2015 19:42:24 Running from C:\Users\Garrett\Desktop Loaded Profiles: Garrett (Available profiles: Garrett & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google Inc.) C:\Users\Garrett\AppData\Local\Google\Update\GoogleUpdate.exe (Gemalto N.V.) C:\Users\Garrett\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Google Inc.) C:\Users\Garrett\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Google Inc.) C:\Users\Garrett\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2010-01-19] (Intel® Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-03-17] (TOSHIBA) HKLM-x32\...\Run: [iJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-08] (Google Inc.) HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Run: [Google Update] => C:\Users\Garrett\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.) HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Run: [cdloader] => C:\Users\Garrett\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Run: [sanDiskSecureAccess_Manager.exe] => C:\Users\Garrett\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-08-30] (Gemalto N.V.) HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\RunOnce: [Adobe Speed Launcher] => 1429151450 HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\MountPoints2: {37606759-8122-11e2-81c3-705ab6c5c7b9} - D:\KODAK_Camera_Setup_App.exe HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\MountPoints2: {c755ac0a-5e99-11df-b91f-806e6f6e6963} - "F:\Diablo III Setup.exe" HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\WLXPGSS.SCR [302448 2012-03-08] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries) HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA SearchScopes: HKLM -> DefaultScope {84AB4EDF-DDC3-4191-B434-85687F45E35B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {84AB4EDF-DDC3-4191-B434-85687F45E35B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKLM-x32 -> DefaultScope {374DCE7B-E2AC-4945-A2A9-126EE8B69B29} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {374DCE7B-E2AC-4945-A2A9-126EE8B69B29} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001 -> DefaultScope {4548393D-C353-4C28-9960-6C9614FEB190} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS388US388 SearchScopes: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001 -> {374DCE7B-E2AC-4945-A2A9-126EE8B69B29} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001 -> {4548393D-C353-4C28-9960-6C9614FEB190} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS388US388 SearchScopes: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001 -> {84AB4EDF-DDC3-4191-B434-85687F45E35B} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-08] (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11 Tcpip\..\Interfaces\{4A92D8D3-3E4D-475D-9EB9-6CC6E2CCC74E}: [NameServer] 8.8.8.8,8.8.8.8 Tcpip\..\Interfaces\{AB957065-6107-4907-80C7-13BF784379DA}: [NameServer] 8.8.8.8,8.8.8.8 Tcpip\..\Interfaces\{AC6F4C36-09D9-4393-8C61-257250C54C1D}: [NameServer] 8.8.8.8,8.8.8.8 Tcpip\..\Interfaces\{E992AFE5-6D4A-4CB6-9B48-6B5232BA316C}: [NameServer] 8.8.8.8,8.8.8.8 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2650156235-1244069419-2291508736-1001: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-632471a80776450d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2650156235-1244069419-2291508736-1001: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-632471a80776450d\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2650156235-1244069419-2291508736-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-2650156235-1244069419-2291508736-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-2650156235-1244069419-2291508736-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.) Chrome: ======= CHR Plugin: (Chrome PDF Viewer) - C:\Users\Garrett\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Garrett\AppData\Local\Google\Chrome\Application\41.0.2272.118\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Garrett\AppData\Local\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03] StartMenuInternet: Google Chrome - C:\Users\Garrett\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries) R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2010-01-19] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 19:42 - 2015-04-15 19:42 - 00024670 _____ () C:\Users\Garrett\Desktop\FRST.txt 2015-04-15 19:42 - 2015-04-15 19:42 - 00000000 ____D () C:\FRST 2015-04-15 19:41 - 2015-04-15 19:41 - 02097664 _____ (Farbar) C:\Users\Garrett\Desktop\FRST64.exe 2015-04-15 19:26 - 2015-04-15 19:26 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-04-15 19:23 - 2015-04-15 19:23 - 04818760 _____ (AVG Technologies) C:\Users\Garrett\Desktop\avg_free_stb_all_5863p1_177.exe 2015-04-15 19:19 - 2015-04-15 19:20 - 00000000 ____D () C:\ProgramData\AVG2015 2015-04-15 19:16 - 2015-04-15 19:26 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-15 19:16 - 2015-04-15 19:16 - 00000000 ____D () C:\Users\Garrett\AppData\Local\MFAData 2015-04-15 19:16 - 2015-04-15 19:16 - 00000000 ____D () C:\Users\Garrett\AppData\Local\Avg2015 2015-04-14 22:15 - 2015-04-14 22:15 - 00042463 _____ () C:\Users\Garrett\Desktop\paige texts.xlsx 2015-04-14 22:03 - 2015-04-14 22:03 - 00086247 _____ () C:\Users\Garrett\Desktop\sms-20150414214954.xml 2015-04-12 17:18 - 2015-04-12 17:18 - 03072056 _____ (Blizzard Entertainment) C:\Users\Garrett\Desktop\Diablo-III-Setup-enUS.exe 2015-04-11 05:52 - 2015-04-11 05:52 - 00000000 ____D () C:\Users\Garrett\Documents\Diablo III 2015-04-10 22:18 - 2015-04-10 22:18 - 00001153 _____ () C:\Users\Public\Desktop\Diablo III.lnk 2015-04-10 22:18 - 2015-04-10 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III 2015-04-10 21:23 - 2015-04-11 05:52 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2015-04-10 21:21 - 2015-04-15 18:08 - 00000000 ____D () C:\Users\Garrett\AppData\Local\Battle.net 2015-04-10 21:21 - 2015-04-10 21:22 - 00000000 ____D () C:\Users\Garrett\AppData\Roaming\Battle.net 2015-04-10 21:21 - 2015-04-10 21:21 - 00001159 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2015-04-10 21:21 - 2015-04-10 21:21 - 00000000 ____D () C:\Users\Garrett\AppData\Local\Blizzard Entertainment 2015-04-10 21:21 - 2015-04-10 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-04-10 21:21 - 2015-04-10 21:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-04-06 19:02 - 2015-04-07 19:55 - 00039424 ___SH () C:\Users\Garrett\Documents\Thumbs.db 2015-03-27 11:24 - 2015-03-27 11:24 - 00278768 _____ () C:\windows\Minidump\032715-25443-01.dmp 2015-03-18 17:49 - 2015-03-18 17:49 - 02314240 _____ () C:\Users\Garrett\Downloads\MinecraftInstaller.msi ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 19:38 - 2009-07-13 21:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-15 19:38 - 2009-07-13 21:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-15 19:36 - 2009-07-13 22:13 - 00786420 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-15 19:34 - 2014-06-30 17:28 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-15 19:30 - 2010-07-14 17:05 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-15 19:30 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-15 19:29 - 2010-04-08 19:34 - 00700464 _____ () C:\windows\PFRO.log 2015-04-15 19:29 - 2009-07-13 21:51 - 00112376 _____ () C:\windows\setupact.log 2015-04-15 19:28 - 2014-09-17 07:03 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-15 18:55 - 2010-07-20 17:19 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650156235-1244069419-2291508736-1001UA.job 2015-04-15 17:54 - 2010-07-14 17:05 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-15 16:55 - 2010-07-20 17:19 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650156235-1244069419-2291508736-1001Core.job 2015-04-14 19:28 - 2014-09-17 07:03 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-04-14 19:28 - 2012-04-03 17:34 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-04-14 19:28 - 2011-05-13 17:41 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-14 15:16 - 2014-11-19 19:09 - 00000000 ____D () C:\Users\Garrett\Desktop\Kenyon's World 2015-04-12 17:06 - 2011-05-14 19:54 - 01242624 ___SH () C:\Users\Garrett\Desktop\Thumbs.db 2015-04-12 11:01 - 2010-05-13 06:59 - 01456749 _____ () C:\windows\WindowsUpdate.log 2015-04-10 20:35 - 2014-11-28 21:16 - 00000000 ____D () C:\Users\Garrett\AppData\Local\Popcorn-Time 2015-04-01 11:57 - 2010-07-20 17:19 - 00002392 _____ () C:\Users\Garrett\Desktop\Google Chrome.lnk 2015-03-29 16:18 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF 2015-03-27 11:24 - 2012-02-22 21:12 - 473883670 _____ () C:\windows\MEMORY.DMP 2015-03-27 11:24 - 2012-02-22 21:12 - 00000000 ____D () C:\windows\Minidump ==================== Files in the root of some directories ======= 2012-08-30 18:58 - 2012-08-30 18:58 - 0000288 _____ () C:\Users\Garrett\AppData\Roaming\.backup.dm 2011-04-23 10:55 - 2011-04-23 10:55 - 0000000 _____ () C:\Users\Garrett\AppData\Roaming\wklnhst.dat 2011-10-30 19:04 - 2011-10-30 19:04 - 0000017 _____ () C:\Users\Garrett\AppData\Local\resmon.resmoncfg 2010-07-14 17:18 - 2010-07-14 17:18 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Some content of TEMP: ==================== C:\Users\Garrett\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Garrett\AppData\Local\Temp\fsprod.dll C:\Users\Garrett\AppData\Local\Temp\fssfm.dll C:\Users\Garrett\AppData\Local\Temp\GURA005.exe C:\Users\Garrett\AppData\Local\Temp\GURAF51.exe C:\Users\Garrett\AppData\Local\Temp\MSETUP4.EXE C:\Users\Garrett\AppData\Local\Temp\ose00000.exe C:\Users\Garrett\AppData\Local\Temp\preconfig.exe C:\Users\Garrett\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Garrett\AppData\Local\Temp\SkypeSetup.exe C:\Users\Garrett\AppData\Local\Temp\uninst.exe C:\Users\Guest\AppData\Local\Temp\setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-11 21:45 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04 Ran by Garrett at 2015-04-15 19:43:15 Running from C:\Users\Garrett\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Charter Security Suite 9.01 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17} AS: Charter Security Suite 9.01 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Charter Security Suite 9.01 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2005414000.48.56.38538610 - Audible, Inc.) AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - ) Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - ) Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version: - ) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden EZ Vinyl/Tape Converter by Ion Audio 11.5.0 (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: 11.5.0 - Ion Audio LLC) Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}) (Version: 13.01.1000 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation) Intel® Wireless Display (HKLM\...\{26F41FA3-3170-446B-A3A2-83F5FA26E6CD}) (Version: 1.1.8.0 - Intel Corporation) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Java 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel) Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) magicJack (HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.) Pando (HKLM-x32\...\{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}) (Version: 2.5.2.0 - Pando Networks Inc.) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7896 - Skype Technologies S.A.) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-AU - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.1 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.4.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba) Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2650156235-1244069419-2291508736-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 09-03-2015 21:26:25 Scheduled Checkpoint 18-03-2015 17:50:24 Installed Minecraft 11-04-2015 21:51:18 Scheduled Checkpoint 15-04-2015 19:18:42 Installed AVG 2015 15-04-2015 19:19:16 Installed AVG 2015 15-04-2015 19:20:59 Removed AVG 2015 15-04-2015 19:26:24 Installed AVG 2015 15-04-2015 19:33:34 Removed Visual Studio 2012 x86 Redistributables 15-04-2015 19:34:17 Removed Visual Studio 2012 x64 Redistributables ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2014-12-15 20:42 - 00001503 _RASH C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 94.242.254.156 www.google-analytics.com. 94.242.254.156 google-analytics.com. 94.242.254.156 connect.facebook.net. 85.25.79.59 www.google-analytics.com. 85.25.79.59 google-analytics.com. 85.25.79.59 connect.facebook.net. 195.162.68.58 www.google-analytics.com. 195.162.68.58 google-analytics.com. 195.162.68.58 connect.facebook.net. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01E49D4B-403F-4CF5-9601-EF80B0A8D769} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2650156235-1244069419-2291508736-1001Core => C:\Users\Garrett\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) Task: {7F74093A-896A-4940-944C-B85B19AC88E0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated) Task: {7F8440E9-5851-4F33-AA78-32FFD0A0D60C} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] () Task: {81287D0E-082F-4399-BB97-1CD6AF6F58E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {8390BE98-80B9-4998-B1D8-A6AB8562070A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {C61C3A99-6FC2-4C74-8C8E-198417C71717} - System32\Tasks\{7AA5E804-A897-415A-813B-B5D62D544850} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.) Task: {CD58E0CC-95CD-4986-A92C-2661315561E8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {F13FDB27-FBE4-415D-AF5B-C2A5EFBDED71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2650156235-1244069419-2291508736-1001UA => C:\Users\Garrett\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650156235-1244069419-2291508736-1001Core.job => C:\Users\Garrett\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650156235-1244069419-2291508736-1001UA.job => C:\Users\Garrett\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2010-01-19 16:27 - 2010-01-19 16:27 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll 2010-04-08 19:16 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll 2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2010-01-19 16:27 - 2010-01-19 16:27 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2010-03-12 15:41 - 2010-03-12 15:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe 2010-01-19 17:08 - 2010-01-19 17:08 - 00315664 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2012-02-14 16:05 - 2012-02-14 16:37 - 11796096 _____ () C:\Users\Garrett\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2650156235-1244069419-2291508736-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Garrett\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2650156235-1244069419-2291508736-500 - Administrator - Disabled) Garrett (S-1-5-21-2650156235-1244069419-2291508736-1001 - Administrator - Enabled) => C:\Users\Garrett Guest (S-1-5-21-2650156235-1244069419-2291508736-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-2650156235-1244069419-2291508736-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2015 07:26:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver. System Error: The system cannot find the file specified. . Error: (04/15/2015 07:21:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver. System Error: The system cannot find the file specified. . Error: (04/15/2015 07:20:43 PM) (Source: MsiInstaller) (EventID: 10005) (User: Garrett-PC) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27046. CA_Error27046: SetWfpCallbacksAction(0xC007001C): Driver installation failed Error: (04/15/2015 08:39:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1204 Start Time: 01d07738de7a25e0 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (04/07/2015 08:37:07 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\d5577d0a-9555-44b1-b299-7cc0821b1570.dmp Error: (04/07/2015 08:34:27 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\bd668945-8305-4077-8559-4aaad6944b93.dmp Error: (04/07/2015 08:31:31 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\f9f3374b-b90b-42cb-b3a6-0ccfbc8fb01e.dmp Error: (04/07/2015 08:29:28 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\ebc76ecd-3109-4241-a16c-262ba15d94b9.dmp Error: (04/07/2015 08:28:02 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\7082df8a-8f24-4153-9ae4-59428d2071d4.dmp Error: (04/07/2015 08:26:40 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\0e79a05c-18a5-4c47-9939-e3e88b1e2675.dmp System errors: ============= Error: (04/15/2015 07:31:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/15/2015 07:31:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (04/15/2015 07:30:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error: (04/15/2015 07:30:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error: (04/15/2015 07:30:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Computer Browser service terminated with the following error: %%1060 Error: (04/15/2015 07:11:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (04/15/2015 06:54:23 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error: (04/15/2015 06:54:22 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error: (04/15/2015 06:54:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Computer Browser service terminated with the following error: %%1060 Error: (04/14/2015 09:59:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (04/15/2015 07:26:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver. System Error: The system cannot find the file specified. Error: (04/15/2015 07:21:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver. System Error: The system cannot find the file specified. Error: (04/15/2015 07:20:43 PM) (Source: MsiInstaller) (EventID: 10005) (User: Garrett-PC) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27046. CA_Error27046: SetWfpCallbacksAction(0xC007001C): Driver installation failed(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/15/2015 08:39:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe11.0.9600.17496120401d07738de7a25e00C:\Program Files\Internet Explorer\iexplore.exe Error: (04/07/2015 08:37:07 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\d5577d0a-9555-44b1-b299-7cc0821b1570.dmp Error: (04/07/2015 08:34:27 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\bd668945-8305-4077-8559-4aaad6944b93.dmp Error: (04/07/2015 08:31:31 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\f9f3374b-b90b-42cb-b3a6-0ccfbc8fb01e.dmp Error: (04/07/2015 08:29:28 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\ebc76ecd-3109-4241-a16c-262ba15d94b9.dmp Error: (04/07/2015 08:28:02 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\7082df8a-8f24-4153-9ae4-59428d2071d4.dmp Error: (04/07/2015 08:26:40 PM) (Source: Chrome) (EventID: 1) (User: Garrett-PC) Description: Chrome has encountered a fatal error. ver=41.0.2272.118;lang=;guid=B73FA2C5AF9E493FA6485B595B271BCE;is_machine=0;oop=1;upload=1;minidump=C:\Users\Garrett\AppData\Local\Google\CrashReports\0e79a05c-18a5-4c47-9939-e3e88b1e2675.dmp ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 350 @ 2.27GHz Percentage of memory in use: 41% Total physical RAM: 3890.67 MB Available physical RAM: 2265.79 MB Total Pagefile: 7779.52 MB Available Pagefile: 6040.03 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (TI105835W0G) (Fixed) (Total:453.83 GB) (Free:224.09 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1786ECE7) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=453.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10.5 GB) - (Type=17) ==================== End Of Log ============================
  7. thanks a ton, can i just delete all the other stuff i saved to my desktop? its over-flowing lol
  8. Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 18 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java 2 Runtime Environment, SE v1.4.2 Out of date Java installed! Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````
  9. wow, this one took a long time ;*********************************************************************************************************************************************************************************** ANALYSIS: 2011-08-02 07:40:13 PROTECTIONS: 0 MALWARE: 21 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@atdmt[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@247realmedia[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@fastclick[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\garrett\cookies\garrett@mediaplex[2].txt 00148021 Application/FamilyKeylogger HackTools No 0 Yes No c:\qoobox\quarantine\c\program files\home\keylogger.exe.vir 00148021 Application/FamilyKeylogger HackTools No 0 Yes No c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp377\a0023949.exe 00149645 Application/Keylogger-Pro HackTools No 0 Yes No c:\qoobox\quarantine\c\program files\home\keylogger.dll.vir 00149645 Application/Keylogger-Pro HackTools No 0 Yes No c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp377\a0023948.dll 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\garrett\cookies\garrett@com[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@statcounter[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\garrett\cookies\garrett@statcounter[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\garrett\cookies\garrett@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@apmebf[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@burstnet[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@advertising[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@ads.pointroll[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@questionmarket[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\emily\cookies\emily@zedo[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\guest\cookies\guest@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\garrett\cookies\garrett@go[2].txt 04207774 Generic Trojan Virus/Trojan No 0 Yes No c:\program files\digstream\digstream.exe 08868462 Trj/Hupigon.BDH Virus/Trojan No 0 Yes No c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp373\a0021217.sys 08868662 Generic Malware Virus/Trojan No 0 Yes No c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp377\a0023953.exe 08868662 Generic Malware Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2011-08-01_12.39.15.zip[ippromon32.exe] 08868662 Generic Malware Virus/Trojan No 0 Yes No c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp377\a0023952.exe 08868662 Generic Malware Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2011-08-01_12.39.15.zip[atioglx232.exe] 08879377 Generic Trojan Virus/Trojan No 0 Yes No c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp377\a0023951.dll 08879377 Generic Trojan Virus/Trojan No 0 Yes No c:\qoobox\quarantine\[4]-submit_2011-08-01_12.39.15.zip[atioglx232.dll] ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== ;===================================================================================================================================================================================
  10. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=53e11f1e36fbb74b8ac14cb95e8bf6a9 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-31 11:55:52 # local_time=2011-07-31 06:55:52 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=161334 # found=17 # cleaned=0 # scan_time=5743 C:\Program Files\Home\KeyLogger.Dll Win32/KeyLogger.HomeKeyLogger application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Home\KeyLogger.exe Win32/KeyLogger.HomeKeyLogger application (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP374\A0021274.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022274.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022285.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022297.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022325.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0023325.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0023335.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0023356.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0023725.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\WINDOWS\maxdrive\serial.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\WINDOWS\SYSTEM32\atioglx232.dll a variant of Win32/Kryptik.QSR trojan (unable to clean) 00000000000000000000000000000000 I C:\WINDOWS\SYSTEM32\atioglx232.exe a variant of Win32/Kryptik.QUU trojan (unable to clean) 00000000000000000000000000000000 I C:\WINDOWS\SYSTEM32\ippromon32.exe a variant of Win32/Kryptik.QUU trojan (unable to clean) 00000000000000000000000000000000 I C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I ${Memory} multiple threats 00000000000000000000000000000000 I # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=53e11f1e36fbb74b8ac14cb95e8bf6a9 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-08-01 08:33:20 # local_time=2011-08-01 03:33:20 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=162165 # found=19 # cleaned=0 # scan_time=6284 C:\Qoobox\Quarantine\C\Program Files\Home\KeyLogger.Dll.vir Win32/KeyLogger.HomeKeyLogger application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\Home\KeyLogger.exe.vir Win32/KeyLogger.HomeKeyLogger application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\serial.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP374\A0021274.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022274.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022285.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022297.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022325.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0023325.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0023335.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0023356.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0023725.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP377\A0023941.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP377\A0023948.Dll Win32/KeyLogger.HomeKeyLogger application (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP377\A0023949.exe Win32/KeyLogger.HomeKeyLogger application (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP377\A0023951.dll a variant of Win32/Kryptik.QSR trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP377\A0023952.exe a variant of Win32/Kryptik.QUU trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP377\A0023953.exe a variant of Win32/Kryptik.QUU trojan (unable to clean) 00000000000000000000000000000000 I C:\WINDOWS\maxdrive\serial.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.