ICE virus w/ Maleware and Hitman expired HELP!

just_apparently_stupid · August 20, 2013

Can't believe I got this. Last time it was HOMELAND.. now it's ICE.. I have Windows Vista with, let's call them User A, B and C logins. I just got the Virus on A.. was able to switch to B and when i ran and went to copy the Malwarebyes log after running it but before cleaning, the ICE screen popped up again.. I turned off the computer and fortunately i can access user C on this computer.. My problem is:

I can't run Malwarebytes or Hitman because even though it was a trial for Malwarebytes a few months ago and used Hitman only once a few months ago I am denied access to them for clearing this virus unless I pay. I'm not rolling in money these days. Can someone please help with other options? As stupid as I am, I'm also very appreciative of help.. THANKS!

MrCharlie · August 20, 2013

Welcome to the forum, here's how we deal with that malware:

Please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Plug the flash drive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
- - Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    Select Command Prompt
    Once in the Command Prompt:
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

just_apparently_stupid · August 21, 2013

Welcome to the forum, here's how we deal with that malware:
Please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Plug the flash drive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html
To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
Once in the Command Prompt:
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC

Here is the log. Please note that I am able to use the computer with the virus using the a login called "Test". I cannot access either of the other logins without the ICE screen comimg up. That why the log shows i'm not authorized as administrator. Here is the log. Thanks for your help!

*****

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013

Ran by Test (ATTENTION: The logged in user is not administrator) on 20-08-2013 17:03:21

Running from F:\

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Conduit) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe

(Conduit) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\LifeExp.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(TLC Education Properties LLC) C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe

(Hewlett-Packard Company) C:\Program Files\PictureMover\Bin\PictureMover.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

(Microsoft Corporation) C:\Windows\system32\sdclt.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corp.) C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation)

HKLM\...\Run: [DPService] - C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-11] (CyberLink Corp.)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)

HKLM\...\Run: [hpqSRMon] - [x]

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-19] (Google)

HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)

HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)

HKCU\...\Run: [HPADVISOR] - [x]

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-15] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Personal Coach.lnk

ShortcutTarget: Personal Coach.lnk -> C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe (TLC Education Properties LLC)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk

ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

Startup: C:\Users\od\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

Startup: C:\Users\od\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.king5.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

SearchScopes: HKLM - DefaultScope {51EEC4A8-05B7-44A1-89F5-51ADBC3730C2} URL =

SearchScopes: HKLM - {BB67E9B4-E19D-4753-A3FB-5C52509D3BF9} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt

SearchScopes: HKLM - {D20B6448-844F-44E8-96EB-AEDDA205B403} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=OCId7wqOldUTFnlOuAop5JcDKi8?q={searchTerms}

SearchScopes: HKCU - {BB67E9B4-E19D-4753-A3FB-5C52509D3BF9} URL =

SearchScopes: HKCU - {D20B6448-844F-44E8-96EB-AEDDA205B403} URL =

BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)

BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)

Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab

DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx

DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab

DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab

DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/default/mjolauncher.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab

DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/bingame/feed/default/SproutLauncher.cab

DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 24.113.0.30

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Docs) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Gmail) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM\...\Chrome\Extension: [knllpfimimccdfnihbikigiagifmllol] - C:\Users\od\AppData\Local\CRE\knllpfimimccdfnihbikigiagifmllol.crx

CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\od\AppData\Local\Temp\YontooLayers.crx

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)

R2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [1733920 2013-08-11] (Conduit)

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-19] (Google)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)

R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

R2 RadioRage_4jService; C:\PROGRA~1\RADIOR~2\bar\1.bin\4jbarsvc.exe [42504 2013-06-30] (COMPANYVERS_NAME)

S2 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)

R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-08-20] (Malwarebytes Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S2 MCSTRM; No ImagePath

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [x]

S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x]

S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-20 16:13 - 2013-08-20 16:13 - 00000795 _____ C:\Windows\setupact.log

2013-08-20 16:13 - 2013-08-20 16:13 - 00000000 _____ C:\Windows\setuperr.log

2013-08-20 03:42 - 2013-08-20 03:42 - 00000000 ____D C:\Users\Test\AppData\Local\WinZip

2013-08-20 03:06 - 2013-08-20 03:06 - 00000000 ____D C:\Users\Test\AppData\Local\SearchProtect

2013-08-20 03:05 - 2013-08-20 03:05 - 00000558 _____ C:\Windows\PFRO.log

2013-08-20 02:49 - 2013-08-20 02:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-08-20 02:44 - 2013-08-20 03:06 - 00000000 ____D C:\Program Files\MyPC Backup

2013-08-20 02:44 - 2013-08-20 02:44 - 00000850 _____ C:\Users\od\Desktop\MyPC Backup.lnk

2013-08-20 02:43 - 2013-08-20 03:20 - 00000000 ____D C:\Users\od\AppData\Local\SearchProtect

2013-08-20 02:43 - 2013-08-20 02:43 - 00001710 _____ C:\Users\od\Desktop\Install HitmanPro 3 (32-bit).lnk

2013-08-20 02:43 - 2013-08-20 02:43 - 00000000 ____D C:\Program Files\SearchProtect

2013-08-20 02:38 - 2013-08-20 02:38 - 01097723 _____ C:\Users\od\AppData\Roaming\2433f433

2013-08-20 02:38 - 2013-08-20 02:38 - 01097721 _____ C:\ProgramData\2433f433

2013-08-20 02:38 - 2013-08-20 02:38 - 01097711 _____ C:\Users\od\AppData\Local\2433f433

2013-08-19 00:42 - 2013-08-19 00:42 - 00000133 _____ C:\Users\od\Documents\literotica links.txt

2013-08-18 22:50 - 2013-08-18 22:50 - 00000000 ____D C:\Users\od\AppData\Local\{3E960398-3241-47DD-9799-F21FECB594CA}

2013-08-16 01:18 - 2013-08-16 02:41 - 00000083 _____ C:\Users\od\stories to read.txt

2013-08-14 21:01 - 2013-08-14 21:01 - 00000000 ____D C:\Users\od\AppData\Local\{E8700723-F6BF-426B-8882-1CEB3F88B862}

2013-08-13 21:31 - 2013-08-13 21:31 - 00000000 ____D C:\Users\od\AppData\Local\{883C7E49-D402-4CE8-B1BE-FEEC490AD55D}

2013-08-13 20:40 - 2013-07-24 19:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-13 20:40 - 2013-07-24 19:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-13 20:40 - 2013-07-24 19:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-13 20:40 - 2013-07-24 19:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-13 20:40 - 2013-07-24 19:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-13 20:40 - 2013-07-24 19:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-08-13 20:40 - 2013-07-24 19:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-13 20:40 - 2013-07-24 19:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-13 20:40 - 2013-07-24 19:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-13 20:40 - 2013-07-24 19:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-13 20:40 - 2013-07-24 19:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-13 20:40 - 2013-07-24 19:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-08-13 20:40 - 2013-07-24 19:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-08-13 20:40 - 2013-07-24 19:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-13 20:40 - 2013-07-24 19:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-13 20:40 - 2013-07-24 19:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-13 20:38 - 2013-07-17 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-13 20:38 - 2013-07-10 02:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-13 20:38 - 2013-07-09 05:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-13 20:38 - 2013-07-07 21:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-08-13 20:38 - 2013-07-07 21:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-13 20:38 - 2013-07-04 21:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-13 20:38 - 2013-06-15 06:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll

2013-08-13 20:38 - 2013-06-15 04:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-13 20:37 - 2013-07-07 21:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-13 20:37 - 2013-07-07 21:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-13 20:37 - 2013-07-07 21:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-13 20:37 - 2013-07-07 21:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-12 13:03 - 2013-08-13 12:34 - 00024177 _____ C:\Users\od\Documents\Catherine Office resume.odt

2013-08-12 13:01 - 2013-08-12 13:01 - 00012107 _____ C:\Users\od\Documents\nordic email.odt

2013-08-12 02:40 - 2013-08-12 02:40 - 00000022 _____ C:\Users\od\rob artist west seattle.txt

2013-08-12 02:07 - 2013-08-12 02:07 - 00000383 _____ C:\Users\od\manning street.txt

2013-08-06 02:17 - 2013-08-06 02:17 - 00000325 _____ C:\Users\od\BDSM gatherin.txt

2013-08-06 01:18 - 2013-08-06 01:18 - 00000030 _____ C:\Users\od\mrmutantstories.txt

2013-08-04 03:53 - 2013-08-04 03:53 - 00000000 ____D C:\Users\od\AppData\Local\{ADF7A7C8-8098-48BB-88A8-FDAFE1C4CD62}

2013-08-01 01:25 - 2013-08-01 01:26 - 00000000 ____D C:\Users\od\AppData\Local\{CB29C3B1-49C5-4A27-AB22-AE491F3B77B3}

2013-07-28 00:49 - 2013-07-28 00:49 - 00000059 _____ C:\Users\od\Bucky.txt

2013-07-21 00:54 - 2013-07-21 00:54 - 00000432 _____ C:\Users\od\Sirlostpm.. more.txt

2013-07-21 00:41 - 2013-07-21 00:41 - 00000028 _____ C:\Users\od\chatroom_email_send.txt

2013-07-21 00:38 - 2013-07-21 00:38 - 00001406 _____ C:\Users\od\SirLost_pm.txt

==================== One Month Modified Files and Folders =======

2013-08-20 16:37 - 2010-01-28 23:00 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-20 16:30 - 2013-08-20 16:30 - 00000000 ____D C:\FRST

2013-08-20 16:15 - 2006-11-02 03:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-20 16:13 - 2013-08-20 16:13 - 00000795 _____ C:\Windows\setupact.log

2013-08-20 16:13 - 2013-08-20 16:13 - 00000000 _____ C:\Windows\setuperr.log

2013-08-20 15:20 - 2006-11-02 05:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-20 15:20 - 2006-11-02 05:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-20 11:37 - 2010-01-28 23:00 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-20 10:39 - 2008-10-24 01:12 - 01947792 _____ C:\Windows\WindowsUpdate.log

2013-08-20 09:02 - 2010-10-28 17:46 - 00000000 ____D C:\ProgramData\MFAData

2013-08-20 03:42 - 2013-08-20 03:42 - 00000000 ____D C:\Users\Test\AppData\Local\WinZip

2013-08-20 03:21 - 2013-01-24 10:42 - 00000342 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

2013-08-20 03:20 - 2013-08-20 02:43 - 00000000 ____D C:\Users\od\AppData\Local\SearchProtect

2013-08-20 03:19 - 2006-11-02 05:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-20 03:18 - 2006-11-02 05:58 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-20 03:06 - 2013-08-20 03:06 - 00000000 ____D C:\Users\Test\AppData\Local\SearchProtect

2013-08-20 03:06 - 2013-08-20 02:44 - 00000000 ____D C:\Program Files\MyPC Backup

2013-08-20 03:05 - 2013-08-20 03:05 - 00000558 _____ C:\Windows\PFRO.log

2013-08-20 02:51 - 2013-08-20 02:49 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-08-20 02:49 - 2013-05-31 14:29 - 00000872 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-20 02:49 - 2013-05-31 14:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-20 02:44 - 2013-08-20 02:44 - 00000850 _____ C:\Users\od\Desktop\MyPC Backup.lnk

2013-08-20 02:43 - 2013-08-20 02:43 - 00001710 _____ C:\Users\od\Desktop\Install HitmanPro 3 (32-bit).lnk

2013-08-20 02:43 - 2013-08-20 02:43 - 00000000 ____D C:\Program Files\SearchProtect

2013-08-20 02:42 - 2013-01-29 05:21 - 00000000 _____ C:\end

2013-08-20 02:41 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Resources

2013-08-20 02:38 - 2013-08-20 02:38 - 01097723 _____ C:\Users\od\AppData\Roaming\2433f433

2013-08-20 02:38 - 2013-08-20 02:38 - 01097721 _____ C:\ProgramData\2433f433

2013-08-20 02:38 - 2013-08-20 02:38 - 01097711 _____ C:\Users\od\AppData\Local\2433f433

2013-08-19 00:42 - 2013-08-19 00:42 - 00000133 _____ C:\Users\od\Documents\literotica links.txt

2013-08-18 22:50 - 2013-08-18 22:50 - 00000000 ____D C:\Users\od\AppData\Local\{3E960398-3241-47DD-9799-F21FECB594CA}

2013-08-18 22:50 - 2009-01-21 16:54 - 00000000 ____D C:\Users\od\Tracing

2013-08-17 23:08 - 2008-12-10 16:59 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForod.job

2013-08-16 02:41 - 2013-08-16 01:18 - 00000083 _____ C:\Users\od\stories to read.txt

2013-08-16 01:18 - 2008-12-10 16:56 - 00000000 ____D C:\Users\od

2013-08-14 21:01 - 2013-08-14 21:01 - 00000000 ____D C:\Users\od\AppData\Local\{E8700723-F6BF-426B-8882-1CEB3F88B862}

2013-08-13 21:42 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache

2013-08-13 21:42 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-08-13 21:31 - 2013-08-13 21:31 - 00000000 ____D C:\Users\od\AppData\Local\{883C7E49-D402-4CE8-B1BE-FEEC490AD55D}

2013-08-13 21:25 - 2011-11-20 18:59 - 00000314 _____ C:\Windows\Tasks\HPCeeScheduleForJim.job

2013-08-13 20:53 - 2013-07-10 22:23 - 00000000 ____D C:\Windows\system32\MRT

2013-08-13 20:49 - 2006-11-02 03:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-08-13 12:34 - 2013-08-12 13:03 - 00024177 _____ C:\Users\od\Documents\Catherine Office resume.odt

2013-08-13 00:36 - 2009-05-16 21:18 - 00087040 ____H C:\Users\od\Documents\photothumb.db

2013-08-12 13:01 - 2013-08-12 13:01 - 00012107 _____ C:\Users\od\Documents\nordic email.odt

2013-08-12 02:40 - 2013-08-12 02:40 - 00000022 _____ C:\Users\od\rob artist west seattle.txt

2013-08-12 02:07 - 2013-08-12 02:07 - 00000383 _____ C:\Users\od\manning street.txt

2013-08-10 02:01 - 2008-12-10 18:55 - 00000052 _____ C:\Windows\system32\DOErrors.log

2013-08-06 02:17 - 2013-08-06 02:17 - 00000325 _____ C:\Users\od\BDSM gatherin.txt

2013-08-06 01:18 - 2013-08-06 01:18 - 00000030 _____ C:\Users\od\mrmutantstories.txt

2013-08-04 03:53 - 2013-08-04 03:53 - 00000000 ____D C:\Users\od\AppData\Local\{ADF7A7C8-8098-48BB-88A8-FDAFE1C4CD62}

2013-08-04 01:23 - 2010-06-26 23:22 - 00000000 ___RD C:\Users\od\Documents\HOVER[1]

2013-08-04 01:14 - 2009-07-30 00:22 - 00000000 ____D C:\Users\od\Documents\Job

2013-08-04 01:11 - 2012-07-24 18:08 - 00014336 ____H C:\Users\od\photothumb.db

2013-08-04 01:01 - 2009-01-21 13:05 - 00000000 ____D C:\Users\od\Documents\My Scans

2013-08-01 03:42 - 2011-08-02 03:42 - 00001893 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-01 01:26 - 2013-08-01 01:25 - 00000000 ____D C:\Users\od\AppData\Local\{CB29C3B1-49C5-4A27-AB22-AE491F3B77B3}

2013-07-30 09:40 - 2012-10-15 19:11 - 00000764 _____ C:\Users\Public\Desktop\AVG 2013.lnk

2013-07-30 01:40 - 2011-08-02 03:42 - 00000770 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-07-30 01:39 - 2009-03-09 21:32 - 00000000 ____D C:\Program Files\CCleaner

2013-07-28 00:49 - 2013-07-28 00:49 - 00000059 _____ C:\Users\od\Bucky.txt

2013-07-24 19:40 - 2013-08-13 20:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-24 19:32 - 2013-08-13 20:40 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-24 19:30 - 2013-08-13 20:40 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-24 19:26 - 2013-08-13 20:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-24 19:26 - 2013-08-13 20:40 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-24 19:25 - 2013-08-13 20:40 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-24 19:24 - 2013-08-13 20:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-24 19:24 - 2013-08-13 20:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-24 19:23 - 2013-08-13 20:40 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-24 19:23 - 2013-08-13 20:40 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-24 19:23 - 2013-08-13 20:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-24 19:23 - 2013-08-13 20:40 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-24 19:23 - 2013-08-13 20:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-24 19:22 - 2013-08-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-24 19:22 - 2013-08-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-24 19:22 - 2013-08-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-21 00:54 - 2013-07-21 00:54 - 00000432 _____ C:\Users\od\Sirlostpm.. more.txt

2013-07-21 00:41 - 2013-07-21 00:41 - 00000028 _____ C:\Users\od\chatroom_email_send.txt

2013-07-21 00:38 - 2013-07-21 00:38 - 00001406 _____ C:\Users\od\SirLost_pm.txt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

MrCharlie · August 21, 2013

I'm not seeing the load point for the virus in the log, only found some bad folders.

Give this a try:

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Let me know......MrC

just_apparently_stupid · August 21, 2013

I'm not seeing the load point for the virus in the log, only found some bad folders.
Give this a try:
Download the attached fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.
Let me know......MrC

I hope I downloaded your file correctly. Here is the log file. Thanks again!

**********

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-08-2013

Ran by Test at 2013-08-20 18:56:31 Run:1

Running from F:\

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

C:\Users\od\AppData\Roaming\2433f433

C:\ProgramData\2433f433

C:\Users\od\AppData\Local\2433f433

*****************

Could not move "C:\Users\od\AppData\Roaming\2433f433" => Scheduled to move on reboot.

Could not move "C:\ProgramData\2433f433" => Scheduled to move on reboot.

Could not move "C:\Users\od\AppData\Local\2433f433" => Scheduled to move on reboot.

=========== Result of Scheduled Files to move ===========

"C:\Users\od\AppData\Roaming\2433f433" => File could not move.

"C:\ProgramData\2433f433" => File could not move.

"C:\Users\od\AppData\Local\2433f433" => File could not move.

==== End of Fixlog ====

MrCharlie · August 21, 2013

Any Better??? MrC

just_apparently_stupid · August 21, 2013

Any Better??? MrC

I'm scared to try.. should it be fixed?

MrCharlie · August 21, 2013

I don't know until you try it.

Like I said, I didn't see any load points for the malware....just some folders.

MrC

just_apparently_stupid · August 21, 2013

I don't know until you try it.
Like I said, I didn't see any load points for the malware....just some folders.
MrC

I did clicked on user "A" the ICE screen did not come up but it took me to the dos prompt. This is the same thing that happened with the FBI virus.. There was a way by typing something like i/exlplorer that allowed me to access that user. The only way I found to get things back to normal a jolt by Hitman. Would you happen to know what I should typle at the prompt to get me into that user login? Thanks.

just_apparently_stupid · August 21, 2013

I did clicked on user "A" the ICE screen did not come up but it took me to the dos prompt. This is the same thing that happened with the FBI virus.. There was a way by typing something like i/exlplorer that allowed me to access that user. The only way I found to get things back to normal a jolt by Hitman. Would you happen to know what I should typle at the prompt to get me into that user login? Thanks.

Ok.. let me try that again with better spelling. I clicked on user A and got "Welcome" then it went to a dos prompt. When this happened before the person who helped me gave me a line to type in at that prompt that would get me into that login and everything was fine once I was in there. I got tired of typing that line and assumed there was still something not right so I did down load a "one time" copy of Hitman and after that was able to use my computer normally. Unfortunately there was a time stamp for trial use and I cannot do that again and, as I said, I'm not in a good financial position to pay for it at this time.

Can you give me the proper words to type at the dos prompt to let me access user A so I can at least access it until I can either afford a fix or try something else? I can't find the paper I wrote it down on but it was something like: i/explorer something something.. Thank you!

just_apparently_stupid · August 21, 2013

Any Better??? MrC

please see my above comments and this additional one...

I don't know if this has anything to do with how the virus is getting in or if this is a separate malware issue, or nothing at all. A few months back I switched out one of my printer cartridges. Since then I've had a balloon pop up when i access both User A, B or C that the printer has detected a new cartridge and to click on the "align" tab in the balloon. I've clicked on align but nothing happens, though I am able to click and close the balloon.

As I think back on it, when I ran Hitman a few months back when I was "free and clear" I was able to click on the "align" tab and it worked! I thought, whew.. that issue is over with! But once I logged out and came back in the ballon popped up again with the "click here to align" which I can't do. As I said I can click "close" and it goes away. This happens even if I just exit that user without logging off. The next time I open that user login the balloon pops up. I've assumed that with Windows updates I needed to download a new driver and have been too lazy to follow up because I can just click and close the balloon. I don't know if this is a driver issue. I have an HP printer and I bought an (to my knowledge) un-recycled cartridge.

I'm not suggesting the cartridge is at fault but I did want to mention the balloon pop up as it may be symptomatic of something else? Thanks again for your help!

just_apparently_stupid · August 21, 2013

I don't know until you try it.
Like I said, I didn't see any load points for the malware....just some folders.
MrC

I've posted something new under "HELP.. something sneaky"

just_apparently_stupid · August 21, 2013

Hi. I posted yesterday under the topic ICE virus w/ Malwarebyte and Hitman expired HELP! I followed the directions (as you can see).. It seemed safe to be in my Test login but I got the Windows security alert. So, being "just apparently stupid" I clicked on it and saw that it was off and did some exploring and I'm not sure what I did, because I don't want to do it again... If it was under Internet options or Firewall exceptions I'm not sure but I clicked on an exceptions button (thinking, stupidly, that I could disable any exceptions) and BOOM! the ICE screen showed up! .

Anyway, I powered off my computer and the "you didn't shut down correctly" screen came up and I entered in safe mode.. Amazingly the Malwarebyte program was there and worked (whereas it was expired in the other mode.. don't care why, just glad it was). I ran the program and the computer restarted and I was able to access my Test account again.

I'm running Windows Vista and below is the log from Malwarebytes after this "fun" little incident...I didn't check any of the PUP boxes.. I just clicked on "fix" for whatever the Malwarebytes program had decided wasn't optional.

Any HELP is greatly appreciated... Oh and viewing the last of my dialogue from the previous post may be helpful... THANK YOU!

*********

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.20.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Test :: OD-PC [limited]

8/21/2013 12:18:46 AM
mbam-log-2013-08-21 (00-18-46).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\BackupStack (PUP.Optional.MyPCBackup) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup (PUP.Optional.MyPCBackup) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 15
C:\Users\od\AppData\Roaming\SpeedAnalysis2 (PUP.Optional.SpeedAnalysis.A) -> No action taken.
C:\Program Files\MyPC Backup (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Config (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Database (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\log (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Resources (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Resources\cache (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\x64 (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\x86 (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\~updates (PUP.Optional.MyPCBackup) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Cache (PUP.Optional.Tarma.A) -> No action taken.

Files Detected: 70
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\od\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx (PUP.Optional.SpeedAnalysis.A) -> No action taken.
C:\Program Files\MyPC Backup\pt_PT.mo (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\aff.conf (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\AlphaVSS.51.x86.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\AlphaVSS.52.x64.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\AlphaVSS.52.x86.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\AlphaVSS.60.x64.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\AlphaVSS.60.x86.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\AlphaVSS.Common.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\AWSSDK.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\BackupStack.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Configuration Updater.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Crypto32.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Crypto64.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\de_DE.mo (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\diffstack.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\es_ES.mo (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\fr_FR.mo (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\GetText.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\it_IT.mo (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\LogicNP.EZShellExtensions.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\MPCBClient.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\MPCBContextMenu.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\MPCBIconOverlays.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\MyPC Backup.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\mypcbackup.ico (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x64.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x86.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\RestartExplorer.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Service Start.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Shared Stack.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Signup Wizard.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\syncicon.ico (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\syncing.ico (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\tick.ico (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\uninst.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\UnRegisterExtensions.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Updater.exe (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Config\api.ts2 (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Database\mpcb_backup_conf.db (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Database\mpcb_file_cache.db (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Database\mpcb_queues.db (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Database\mpcb_settings.db (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Database\mpcb_sig_cache.db (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\Database\mpcb_version_queue.db (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\log\AUTH.log (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\log\LICENCE.log (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\log\REMOTING.log (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\log\REQUEST.log (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\log\SERVICE.log (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\log\UPDATER.log (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\x64\System.Data.SQLite.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll (PUP.Optional.MyPCBackup) -> No action taken.
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.ConduitSearchProtect) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\od\AppData\Roaming\File Scout\filescout.exe (Trojan.PUP.Optional.FileScout.A) -> Delete on reboot.
C:\Users\od\AppData\Local\Temp\nghynqbcqlsfogvga.dll (Backdoor.Bot) -> Delete on reboot.
c:\users\od\templates\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.
C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.
C:\Users\od\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.
C:\Users\od\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.

(end)

just_apparently_stupid · August 21, 2013

Oh.. and PLEASE PLEASE PLEASE do not think I am doing a new post because MrC wasn't helpful with my other post. He was and is! It's just that the previous post was getting long and so I directed him to this new post but made it an open forum question.

just_apparently_stupid · August 21, 2013

This post was getting long and I didn't want to confuse the issue and I wanted to post before I forgot how I did what I did... or heck maybe I already have!

MrCharlie · August 21, 2013

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

MrCharlie · August 21, 2013

If you can, just this registry key and make sure there's nothing pointing to "Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=

MrC

just_apparently_stupid · August 21, 2013

If you can, just this registry key and make sure there's nothing pointing to "Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=

MrC

I'm assuming you wanted me to send just this particular line from addition txt log. I read the log and used the find feature using different search words but could not find any place in the log referring to HKEY. Nor did I find it in the other log. I'll be happy to copy the entire log but it is long. Also I ran the program with the top standard values checked and then checked additonal txt but not the other to the left of additional txt. Does this matter? Thanks.

MrCharlie · August 21, 2013

I'm sorry, it should have been:

If you can, just find this registry key and make sure there's nothing pointing to "Shell"

You would have to go into the registry to do that and there's different users also.

If you aren't familiar with the registry, don't mess with it.

MrC

just_apparently_stupid · August 21, 2013

Sorry, I don't know registry. If you give me instructions I might be able to do it. Here is the additional text log.

***********

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2013 02
Ran by Test at 2013-08-21 12:12:51
Running from C:\Users\Test
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 2.1.5)
Acrobat.com (Version: 1.7.186)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader 9.5.5 (Version: 9.5.5)
Adobe Shockwave Player (Version: 11)
AIO_Scan (Version: 90.0.222.000)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
BufferChm (Version: 90.0.146.000)
Camera Window DS (Version: 5.2)
Camera Window DVC (Version: 5.4)
Camera Window MC (Version: 5.4)
Canon Camera Support Core Library (Version: 7.3.0.4)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4)
Canon Camera Window DS for ZoomBrowser EX (Version: 5.2)
Canon Camera Window MC 5 for ZoomBrowser EX (Version: 5.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 1.3.1.21)
Canon PhotoRecord (Version: 02.02.02000)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.1)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.14)
Canon ZoomBrowser EX (Version: 5.02.0100)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
CCleaner (Version: 4.04)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 90.0.146.000)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite Deluxe (Version: .1707)
D3DX10 (Version: 15.4.2368.0902)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.146.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_ProductContext (Version: 90.0.236.000)
DJ_AIO_Software (Version: 90.0.200.000)
DJ_AIO_Software (Version: 90.0.222.000)
DJ_AIO_Software_min (Version: 90.0.200.000)
DJ_AIO_Software_min (Version: 90.0.222.000)
DVD Play (Version: 2.4.5411)
eSupportQFolder (Version: 1.00.0000)
F4100 (Version: 90.0.222.000)
F4100_doccd (Version: 90.0.200.000)
F4100_doccd (Version: 90.0.222.000)
F4100_Help (Version: 90.0.222.000)
Google Chrome (Version: 28.0.1500.95)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Hardware Diagnostic Tools (Version: 5.1.4861.15)
HP Active Support Library (Version: 3.1.9.1)
HP Advisor (Version: 3.3.12286.3436)
HP Customer Experience Enhancements (Version: 5.6.0.2510)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Demo (Version: 1.00.0000)
HP Deskjet All-In-One Software 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Product Assistant (Version: 100.000.001.000)
HP Recovery Manager RSS (Version: 84.0.0.7)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.010.008)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
HPTCSSetup (Version: 1.0.964.2626)
Internet Explorer (Enable DEP)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 22 (Version: 6.0.220)
Java 6 Update 3 (Version: 1.6.0.30)
Java 6 Update 7 (Version: 1.6.0.70)
Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.2.2913)
Learning QuickBooks 2009
Learning QuickBooks 2009 (Version: 2007.9)
LightScribe System Software (Version: 1.18.3.2)
LightScribeTemplateLabeler (Version: 1.10.23.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 90.0.146.000)
Mavis Beacon Teaches Typing 15
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Corporation (Version: 9.0.0.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
mIRC (Version: 6.35)
MovieEdit Task (Version: 1.3.1.21)
Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)
Mozilla Maintenance Service (Version: 19.0)
MSN Toolbar (Version: 3.0.1203.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: 1.0.0.52)
MyPC Backup (Version: )
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PCIe Soft Data Fax Modem with SmartCP (Version: 7.71.00.50)
PhotoScape
PhotoStitch (Version: 3.1.14)
PictureMover (Version: 3.0.1.52)
Power2Go (Version: 5.6.4109)
PowerDirector (Version: 6.5.2926)
PSSWCORE (Version: 2.03.0000)
Python 2.5.2 (Version: 2.5.2150)
QuickBooks (Version: 19.0.4007.703)
QuickBooks Pro 2009 (Version: 19.0.4007.703)
QuickTime (Version: 7.69.80.9)
RAW Image Task 2.1 (Version: 2.1)
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
Rhapsody
Scan (Version: 9.0.0.0)
Search Protect (Version: 2.6.0.108)
Segoe UI (Version: 15.4.2271.0615)
Skype™ 5.10 (Version: 5.10.116)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 90.0.146.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SPORE Creature Creator Trial Edition (Version: 1.00.0000)
Status (Version: 90.0.146.000)
SupportSoft Assisted Service (Version: 15)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.2163)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4012)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0457)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0213)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wrapper (Version: 012.000.0127)
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update Installer for WildTangent Games App
VideoToolkit01 (Version: 110.0.171.000)
WebReg (Version: 90.0.146.000)
WildTangent Games App (HP Games) (Version: 4.0.10.17)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 17.0 (Version: 17.0.10381)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)
Zuma Deluxe

==================== Restore Points =========================

Could not list Restore Points.

==================== Hosts content: ==========================

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\HPCeeScheduleForJim.job => ?
Task: C:\Windows\Tasks\HPCeeScheduleForod.job => ?
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => ?

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2013 00:28:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 00:13:09 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/21/2013 00:12:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 07:38:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 07:02:06 PM) (Source: Application Error) (User: )
Description: Faulting application IntuitUpdateService.exe, version 4.0.7.0, time stamp 0x4fa2e7b3, faulting module imagehlp.dll_unloaded, version 0.0.0.0, time stamp 0x4f4e4011, exception code 0xc0000005, fault offset 0x76afd626,
process id 0x10b8, application start time 0xIntuitUpdateService.exe0.

Error: (08/20/2013 07:00:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 05:16:04 PM) (Source: Application Hang) (User: )
Description: The program FRST.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 91c
Start Time: 01ce9dfd3b080a59
Termination Time: 0

Error: (08/20/2013 03:19:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 03:06:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2013 11:06:58 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16502, time stamp 0x51f08c68, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x006c0064,
process id 0xb74, application start time 0xiexplore.exe0.

System errors:
=============
Error: (08/21/2013 01:56:36 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.2 on the Network Card with network address 0023543B2E60.

Error: (08/21/2013 01:55:55 AM) (Source: Dhcp) (User: )
Description: The IP address lease 24.113.103.225 for the Network Card with network address 0023543B2E60 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (08/21/2013 00:28:42 AM) (Source: Service Control Manager) (User: )
Description: PxHelp20

Error: (08/21/2013 00:28:42 AM) (Source: Service Control Manager) (User: )
Description: Photoshop Elements Device Connect%%2

Error: (08/21/2013 00:28:42 AM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (08/21/2013 00:28:42 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (08/21/2013 00:13:49 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (08/21/2013 00:13:47 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/21/2013 00:13:46 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (08/21/2013 00:13:35 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Microsoft Office Sessions:
=========================
Error: (08/21/2013 00:28:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 00:13:09 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/21/2013 00:12:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 07:38:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 07:02:06 PM) (Source: Application Error)(User: )
Description: IntuitUpdateService.exe4.0.7.04fa2e7b3imagehlp.dll_unloaded0.0.0.04f4e4011c000000576afd62610b801ce9e126c903412

Error: (08/20/2013 07:00:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 05:16:04 PM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.8.191c01ce9dfd3b080a590

Error: (08/20/2013 03:19:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 03:06:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2013 11:06:58 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1650251f08c68unknown0.0.0.000000000c0000005006c0064b7401ce9ca24d1d8b4b

CodeIntegrity Errors:
===================================
Date: 2013-08-21 12:12:33.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:12:32.667
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:12:32.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:12:31.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:12:31.263
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:12:30.779
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:12:30.327
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:12:29.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:00:10.291
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-21 12:00:09.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 1917.76 MB
Available physical RAM: 732.72 MB
Total Pagefile: 4088.01 MB
Available Pagefile: 2130.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.07 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:221.91 GB) (Free:143.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.97 GB) (Free:1.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:29.8 GB) (Free:29.76 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================

MrCharlie · August 22, 2013

That does me no good, I would need to see the FRST log.

MrC

just_apparently_stupid · August 22, 2013

I'm sorry, I thought that was the one you wanted. Sorry I misunderstood. Here is the other log.

******

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013 02
Ran by Test (ATTENTION: The logged in user is not administrator) on 21-08-2013 12:00:02
Running from C:\Users\Test
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\LifeExp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(TLC Education Properties LLC) C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe
(Hewlett-Packard Company) C:\Program Files\PictureMover\Bin\PictureMover.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Conduit) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn11\ytbb.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [DPService] - C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-11] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [hpqSRMon] - [x]
HKLM\...\Run: [intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-19] (Google)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [HPADVISOR] - [x]
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Personal Coach.lnk
ShortcutTarget: Personal Coach.lnk -> C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe (TLC Education Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\od\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\od\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.king5.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
SearchScopes: HKLM - DefaultScope {51EEC4A8-05B7-44A1-89F5-51ADBC3730C2} URL =
SearchScopes: HKLM - {BB67E9B4-E19D-4753-A3FB-5C52509D3BF9} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM - {D20B6448-844F-44E8-96EB-AEDDA205B403} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=OCId7wqOldUTFnlOuAop5JcDKi8?q={searchTerms}
SearchScopes: HKCU - {BB67E9B4-E19D-4753-A3FB-5C52509D3BF9} URL =
SearchScopes: HKCU - {D20B6448-844F-44E8-96EB-AEDDA205B403} URL =
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 24.113.0.30

Chrome:
=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [knllpfimimccdfnihbikigiagifmllol] - C:\Users\od\AppData\Local\CRE\knllpfimimccdfnihbikigiagifmllol.crx
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\od\AppData\Local\Temp\YontooLayers.crx

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [1733920 2013-08-11] (Conduit)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-19] (Google)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 RadioRage_4jService; C:\PROGRA~1\RADIOR~2\bar\1.bin\4jbarsvc.exe [42504 2013-06-30] (COMPANYVERS_NAME)
S2 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-08-20] (Malwarebytes Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 MCSTRM; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [x]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-20 23:58 - 2013-08-20 23:58 - 00001370 _____ C:\Users\Test\Documents\HP pop up 2.txt
2013-08-20 23:56 - 2013-08-20 23:56 - 00001370 _____ C:\Users\Test\Documents\HP pop up.txt
2013-08-20 17:14 - 2013-08-20 17:14 - 00034918 _____ C:\Users\Test\Documents\FRST.txt
2013-08-20 16:30 - 2013-08-20 19:38 - 00000000 ____D C:\FRST
2013-08-20 16:13 - 2013-08-20 16:13 - 00000795 _____ C:\Windows\setupact.log
2013-08-20 16:13 - 2013-08-20 16:13 - 00000000 _____ C:\Windows\setuperr.log
2013-08-20 03:42 - 2013-08-20 03:42 - 00000000 ____D C:\Users\Test\AppData\Local\WinZip
2013-08-20 03:06 - 2013-08-20 03:06 - 00000000 ____D C:\Users\Test\AppData\Local\SearchProtect
2013-08-20 03:05 - 2013-08-20 03:05 - 00000558 _____ C:\Windows\PFRO.log
2013-08-20 02:49 - 2013-08-20 02:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-08-20 02:44 - 2013-08-20 03:06 - 00000000 ____D C:\Program Files\MyPC Backup
2013-08-20 02:44 - 2013-08-20 02:44 - 00000850 _____ C:\Users\od\Desktop\MyPC Backup.lnk
2013-08-20 02:43 - 2013-08-20 03:20 - 00000000 ____D C:\Users\od\AppData\Local\SearchProtect
2013-08-20 02:43 - 2013-08-20 02:43 - 00001710 _____ C:\Users\od\Desktop\Install HitmanPro 3 (32-bit).lnk
2013-08-20 02:43 - 2013-08-20 02:43 - 00000000 ____D C:\Program Files\SearchProtect
2013-08-20 02:38 - 2013-08-20 02:38 - 01097723 _____ C:\Users\od\AppData\Roaming\2433f433
2013-08-20 02:38 - 2013-08-20 02:38 - 01097721 _____ C:\ProgramData\2433f433
2013-08-20 02:38 - 2013-08-20 02:38 - 01097711 _____ C:\Users\od\AppData\Local\2433f433
2013-08-19 00:42 - 2013-08-19 00:42 - 00000133 _____ C:\Users\od\Documents\literotica links.txt
2013-08-18 22:50 - 2013-08-18 22:50 - 00000000 ____D C:\Users\od\AppData\Local\{3E960398-3241-47DD-9799-F21FECB594CA}
2013-08-16 01:18 - 2013-08-16 02:41 - 00000083 _____ C:\Users\od\stories to read.txt
2013-08-14 21:01 - 2013-08-14 21:01 - 00000000 ____D C:\Users\od\AppData\Local\{E8700723-F6BF-426B-8882-1CEB3F88B862}
2013-08-13 21:31 - 2013-08-13 21:31 - 00000000 ____D C:\Users\od\AppData\Local\{883C7E49-D402-4CE8-B1BE-FEEC490AD55D}
2013-08-13 20:40 - 2013-07-24 19:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-13 20:40 - 2013-07-24 19:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-13 20:40 - 2013-07-24 19:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-13 20:40 - 2013-07-24 19:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-13 20:40 - 2013-07-24 19:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-13 20:40 - 2013-07-24 19:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 20:40 - 2013-07-24 19:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 20:40 - 2013-07-24 19:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-13 20:40 - 2013-07-24 19:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-13 20:40 - 2013-07-24 19:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-13 20:40 - 2013-07-24 19:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-13 20:40 - 2013-07-24 19:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 20:40 - 2013-07-24 19:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 20:40 - 2013-07-24 19:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-13 20:40 - 2013-07-24 19:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-13 20:40 - 2013-07-24 19:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 20:38 - 2013-07-17 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 20:38 - 2013-07-10 02:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 20:38 - 2013-07-09 05:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 20:38 - 2013-07-07 21:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-13 20:38 - 2013-07-07 21:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 20:38 - 2013-07-04 21:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 20:38 - 2013-06-15 06:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-13 20:38 - 2013-06-15 04:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 20:37 - 2013-07-07 21:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 20:37 - 2013-07-07 21:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 20:37 - 2013-07-07 21:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 20:37 - 2013-07-07 21:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-12 13:03 - 2013-08-13 12:34 - 00024177 _____ C:\Users\od\Documents\Catherine Office resume.odt
2013-08-12 13:01 - 2013-08-12 13:01 - 00012107 _____ C:\Users\od\Documents\nordic email.odt
2013-08-12 02:40 - 2013-08-12 02:40 - 00000022 _____ C:\Users\od\rob artist west seattle.txt
2013-08-12 02:07 - 2013-08-12 02:07 - 00000383 _____ C:\Users\od\manning street.txt
2013-08-06 02:17 - 2013-08-06 02:17 - 00000325 _____ C:\Users\od\BDSM gatherin.txt
2013-08-06 01:18 - 2013-08-06 01:18 - 00000030 _____ C:\Users\od\mrmutantstories.txt
2013-08-04 03:53 - 2013-08-04 03:53 - 00000000 ____D C:\Users\od\AppData\Local\{ADF7A7C8-8098-48BB-88A8-FDAFE1C4CD62}
2013-08-01 01:25 - 2013-08-01 01:26 - 00000000 ____D C:\Users\od\AppData\Local\{CB29C3B1-49C5-4A27-AB22-AE491F3B77B3}
2013-07-28 00:49 - 2013-07-28 00:49 - 00000059 _____ C:\Users\od\Bucky.txt

==================== One Month Modified Files and Folders =======

2013-08-21 11:59 - 2013-08-21 11:59 - 01070315 _____ (Farbar) C:\Users\Test\FRST.exe
2013-08-21 11:59 - 2013-05-31 23:13 - 00000000 ____D C:\Users\Test
2013-08-21 11:37 - 2010-01-28 23:00 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-21 11:37 - 2010-01-28 23:00 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-21 10:28 - 2006-11-02 05:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 10:28 - 2006-11-02 05:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-21 09:19 - 2010-10-28 17:46 - 00000000 ____D C:\ProgramData\MFAData
2013-08-21 04:21 - 2008-10-24 01:12 - 01966410 _____ C:\Windows\WindowsUpdate.log
2013-08-21 01:39 - 2013-01-24 10:42 - 00000342 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-08-21 00:32 - 2006-11-02 03:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 00:28 - 2006-11-02 05:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 23:58 - 2013-08-20 23:58 - 00001370 _____ C:\Users\Test\Documents\HP pop up 2.txt
2013-08-20 23:56 - 2013-08-20 23:56 - 00001370 _____ C:\Users\Test\Documents\HP pop up.txt
2013-08-20 19:47 - 2008-12-12 20:45 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-20 19:38 - 2013-08-20 16:30 - 00000000 ____D C:\FRST
2013-08-20 19:36 - 2006-11-02 05:58 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-20 17:14 - 2013-08-20 17:14 - 00034918 _____ C:\Users\Test\Documents\FRST.txt
2013-08-20 16:13 - 2013-08-20 16:13 - 00000795 _____ C:\Windows\setupact.log
2013-08-20 16:13 - 2013-08-20 16:13 - 00000000 _____ C:\Windows\setuperr.log
2013-08-20 03:42 - 2013-08-20 03:42 - 00000000 ____D C:\Users\Test\AppData\Local\WinZip
2013-08-20 03:20 - 2013-08-20 02:43 - 00000000 ____D C:\Users\od\AppData\Local\SearchProtect
2013-08-20 03:06 - 2013-08-20 03:06 - 00000000 ____D C:\Users\Test\AppData\Local\SearchProtect
2013-08-20 03:06 - 2013-08-20 02:44 - 00000000 ____D C:\Program Files\MyPC Backup
2013-08-20 03:05 - 2013-08-20 03:05 - 00000558 _____ C:\Windows\PFRO.log
2013-08-20 02:51 - 2013-08-20 02:49 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-08-20 02:49 - 2013-05-31 14:29 - 00000872 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 02:49 - 2013-05-31 14:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 02:44 - 2013-08-20 02:44 - 00000850 _____ C:\Users\od\Desktop\MyPC Backup.lnk
2013-08-20 02:43 - 2013-08-20 02:43 - 00001710 _____ C:\Users\od\Desktop\Install HitmanPro 3 (32-bit).lnk
2013-08-20 02:43 - 2013-08-20 02:43 - 00000000 ____D C:\Program Files\SearchProtect
2013-08-20 02:42 - 2013-01-29 05:21 - 00000000 _____ C:\end
2013-08-20 02:41 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Resources
2013-08-20 02:38 - 2013-08-20 02:38 - 01097723 _____ C:\Users\od\AppData\Roaming\2433f433
2013-08-20 02:38 - 2013-08-20 02:38 - 01097721 _____ C:\ProgramData\2433f433
2013-08-20 02:38 - 2013-08-20 02:38 - 01097711 _____ C:\Users\od\AppData\Local\2433f433
2013-08-19 00:42 - 2013-08-19 00:42 - 00000133 _____ C:\Users\od\Documents\literotica links.txt
2013-08-18 22:50 - 2013-08-18 22:50 - 00000000 ____D C:\Users\od\AppData\Local\{3E960398-3241-47DD-9799-F21FECB594CA}
2013-08-18 22:50 - 2009-01-21 16:54 - 00000000 ____D C:\Users\od\Tracing
2013-08-17 23:08 - 2008-12-10 16:59 - 00000310 _____ C:\Windows\Tasks\HPCeeScheduleForod.job
2013-08-16 02:41 - 2013-08-16 01:18 - 00000083 _____ C:\Users\od\stories to read.txt
2013-08-16 01:18 - 2008-12-10 16:56 - 00000000 ____D C:\Users\od
2013-08-14 21:01 - 2013-08-14 21:01 - 00000000 ____D C:\Users\od\AppData\Local\{E8700723-F6BF-426B-8882-1CEB3F88B862}
2013-08-13 21:42 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2013-08-13 21:42 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-13 21:31 - 2013-08-13 21:31 - 00000000 ____D C:\Users\od\AppData\Local\{883C7E49-D402-4CE8-B1BE-FEEC490AD55D}
2013-08-13 21:25 - 2011-11-20 18:59 - 00000314 _____ C:\Windows\Tasks\HPCeeScheduleForJim.job
2013-08-13 20:53 - 2013-07-10 22:23 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 20:49 - 2006-11-02 03:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-13 12:34 - 2013-08-12 13:03 - 00024177 _____ C:\Users\od\Documents\Catherine Office resume.odt
2013-08-13 00:36 - 2009-05-16 21:18 - 00087040 ____H C:\Users\od\Documents\photothumb.db
2013-08-12 13:01 - 2013-08-12 13:01 - 00012107 _____ C:\Users\od\Documents\nordic email.odt
2013-08-12 02:40 - 2013-08-12 02:40 - 00000022 _____ C:\Users\od\rob artist west seattle.txt
2013-08-12 02:07 - 2013-08-12 02:07 - 00000383 _____ C:\Users\od\manning street.txt
2013-08-10 02:01 - 2008-12-10 18:55 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-08-06 02:17 - 2013-08-06 02:17 - 00000325 _____ C:\Users\od\BDSM gatherin.txt
2013-08-06 01:18 - 2013-08-06 01:18 - 00000030 _____ C:\Users\od\mrmutantstories.txt
2013-08-04 03:53 - 2013-08-04 03:53 - 00000000 ____D C:\Users\od\AppData\Local\{ADF7A7C8-8098-48BB-88A8-FDAFE1C4CD62}
2013-08-04 01:23 - 2010-06-26 23:22 - 00000000 ___RD C:\Users\od\Documents\HOVER[1]
2013-08-04 01:14 - 2009-07-30 00:22 - 00000000 ____D C:\Users\od\Documents\Job
2013-08-04 01:11 - 2012-07-24 18:08 - 00014336 ____H C:\Users\od\photothumb.db
2013-08-04 01:01 - 2009-01-21 13:05 - 00000000 ____D C:\Users\od\Documents\My Scans
2013-08-01 03:42 - 2011-08-02 03:42 - 00001893 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-01 01:26 - 2013-08-01 01:25 - 00000000 ____D C:\Users\od\AppData\Local\{CB29C3B1-49C5-4A27-AB22-AE491F3B77B3}
2013-07-30 09:40 - 2012-10-15 19:11 - 00000764 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 01:40 - 2011-08-02 03:42 - 00000770 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-30 01:39 - 2009-03-09 21:32 - 00000000 ____D C:\Program Files\CCleaner
2013-07-28 00:49 - 2013-07-28 00:49 - 00000059 _____ C:\Users\od\Bucky.txt
2013-07-24 19:40 - 2013-08-13 20:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 19:32 - 2013-08-13 20:40 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-24 19:30 - 2013-08-13 20:40 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 19:26 - 2013-08-13 20:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 19:26 - 2013-08-13 20:40 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 19:25 - 2013-08-13 20:40 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-24 19:24 - 2013-08-13 20:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 19:24 - 2013-08-13 20:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 19:23 - 2013-08-13 20:40 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 19:23 - 2013-08-13 20:40 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-24 19:23 - 2013-08-13 20:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 19:23 - 2013-08-13 20:40 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-24 19:23 - 2013-08-13 20:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-24 19:22 - 2013-08-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 19:22 - 2013-08-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 19:22 - 2013-08-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Files to move or delete:
====================
C:\Users\Test\FRST.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

MrCharlie · August 22, 2013

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

just_apparently_stupid · August 22, 2013

Here it is.

********

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-08-2013
Ran by Test at 2013-08-22 13:51:15 Run:3
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\od\AppData\Roaming\2433f433
C:\ProgramData\2433f433
C:\Users\od\AppData\Local\2433f433

*****************

Could not move "C:\Users\od\AppData\Roaming\2433f433" => Scheduled to move on reboot.
Could not move "C:\ProgramData\2433f433" => Scheduled to move on reboot.
Could not move "C:\Users\od\AppData\Local\2433f433" => Scheduled to move on reboot.

=========== Result of Scheduled Files to move ===========

"C:\Users\od\AppData\Roaming\2433f433" => File could not move.
"C:\ProgramData\2433f433" => File could not move.
"C:\Users\od\AppData\Local\2433f433" => File could not move.

==== End of Fixlog ====

MrCharlie · August 22, 2013

Looks like the fix couldn't be carried out.

Can you manually delete these folders:

C:\Users\od\AppData\Roaming\2433f433
C:\ProgramData\2433f433
C:\Users\od\AppData\Local\2433f433

MrC

ICE virus w/ Maleware and Hitman expired HELP!

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information