Jump to content

Cannot rid of startup virus


Recommended Posts

Hey everyone,

 

I have this virus that Windows Defender has identified: hemxccape

 

From my research it is malware and dangerous.

 

I am desperate here and have tried my very best to get rid of this thing but I am no expert in this field.

 

I have installed a handful of anti-virus and anti-malware including Malwarebytes but it still persists.

 

I even tried running in safemode and removing it from my startup, but everytime I uncheck the box, it checks it right back again!

 

:(

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Hi Kevin, thank you very much for your help. Here are the two logs

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Christopher (administrator) on CHRISTOPHER-PC on 31-01-2014 15:10:31
Running from C:\Users\Christopher\Documents\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(http://yourfiledownloader.com) C:\Program Files\YourFileDownloader\YourFileUpdater.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(D-Link) C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BrowserSafeguard) C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\System32\regsvr32.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Conduit) C:\Users\Christopher\Documents\Downloads\InstallConverter_TSV437Q4Q.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default\...\Run: [ooVoo] - C\ooVoo.exe /minimized
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [ooVoo] - C\ooVoo.exe /minimized
HKU\IUSR_NMPR\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hemxccape.exe (No5666)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49208;https=127.0.0.1:49208
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope {AFEA6A75-38B2-4CF2-848D-B081FEBA3BEA} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {35D6A40A-CF99-40F1-A021-863F3F4D0733} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM - {AFEA6A75-38B2-4CF2-848D-B081FEBA3BEA} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {F0553C75-6DBD-46E4-BCF8-3EB68D75D27C} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDCS7
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - URL http://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_ca&p={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {35D6A40A-CF99-40F1-A021-863F3F4D0733} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={14294692-0E6B-49E3-ABBA-5434038B2B73}&mid=2e3a2347ec1b10a098b8c8f4ff8e3b46-15254af3ac02ab7f942bb5e99522ec245e2be1b5〈=en&ds=AVG&pr=fr&d=2011-10-13 11:25:10&v=9.0.0.18&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {F0553C75-6DBD-46E4-BCF8-3EB68D75D27C} URL =
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default
FF user.js: detected! => C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\user.js
FF DefaultSearchEngine: AVG Secure Search


FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: Ask Toolbar - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\Extensions\toolbar@ask.com [2010-02-12]
FF Extension: Garmin Communicator - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011-10-12]
FF Extension: No Name - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}-trash [2011-05-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-26]
FF Extension: Yahoo! Toolbar - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-01-25]
FF Extension: WOT - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011-11-27]
FF Extension: System Monitor Appearance Properties - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\Extensions\{E4926762-4704-97F9-4619-91D30AB74F32} [2014-01-29]
FF Extension: ImTranslator - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\l3olsah4.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-10-12]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-11]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF Extension: AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011-10-12]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\9.0.0.18\
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\9.0.0.18\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-27]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-11]

Chrome:
=======


CHR Extension: (Google Docs) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-26]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-26]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-26]
CHR Extension: (Google Search) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-26]
CHR Extension: (AVG Safe Search) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2013-12-26]
CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-12-26]
CHR Extension: (Gmail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-26]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2011-10-14]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation)
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-07-26] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] ()
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-05-24] (Hewlett-Packard)
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation)
S3 jswpsapi; C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtilVst\jswpsapi.exe [942080 2007-08-02] (Atheros Communications, Inc.)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [131512 2012-06-10] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation)
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [x]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [x]
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

S3 A3AB; C:\Windows\System32\DRIVERS\A3ABv.sys [738304 2007-06-30] (D-Link Corporation)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134736 2011-07-11] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [23120 2011-07-11] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24272 2011-07-11] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [16720 2011-10-04] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [230608 2011-10-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [40016 2011-08-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [295248 2011-07-11] (AVG Technologies CZ, s.r.o.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2014-01-20] (Windows ® Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
R3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-31 15:10 - 2014-01-31 15:10 - 00000000 ____D C:\FRST
2014-01-31 11:26 - 2014-01-31 11:26 - 00002503 _____ C:\Users\Christopher\Desktop\RKreport[0]_D_01312014_112640.txt
2014-01-31 11:26 - 2014-01-31 11:26 - 00002382 _____ C:\Users\Christopher\Desktop\RKreport[0]_S_01312014_112613.txt
2014-01-31 11:20 - 2014-01-31 11:35 - 00000000 ____D C:\Users\Christopher\Desktop\RK_Quarantine
2014-01-31 10:09 - 2014-01-31 10:09 - 00022960 _____ C:\ComboFix.txt
2014-01-31 09:55 - 2014-01-31 10:10 - 00000000 ____D C:\ComboFix
2014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Malwarebytes
2014-01-30 23:50 - 2014-01-30 23:50 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-30 23:50 - 2014-01-30 23:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-30 23:50 - 2014-01-30 23:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-30 23:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-30 23:49 - 2014-01-31 11:04 - 00000000 ____D C:\Users\Christopher\AppData\Local\VisualBeeExe
2014-01-30 23:49 - 2014-01-30 23:49 - 00001226 _____ C:\Users\Christopher\Desktop\Create Amazing Presentations.lnk
2014-01-30 23:49 - 2014-01-30 23:49 - 00001226 _____ C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-01-30 23:49 - 2014-01-30 23:49 - 00000698 _____ C:\Windows\Tasks\BrowserSafeguard Update Task.job
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\SearchProtect
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\emaze
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Program Files\Browsersafeguard
2014-01-30 23:19 - 2014-01-31 10:09 - 00000000 ____D C:\Qoobox
2014-01-30 23:19 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-30 23:19 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-30 23:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-30 23:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-30 23:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-30 23:19 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-30 23:19 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-30 23:19 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-30 23:18 - 2014-01-30 23:40 - 00000000 ____D C:\Windows\erdnt
2014-01-30 22:56 - 2014-01-30 22:56 - 00000000 ____D C:\Windows\7zS1777.tmp
2014-01-30 21:21 - 2014-01-30 21:21 - 00000938 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2014-01-30 21:21 - 2014-01-30 21:21 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-30 21:21 - 2014-01-30 21:21 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2014-01-30 15:38 - 2014-01-30 15:38 - 00000000 ____D C:\Windows\7zS5D2E.tmp
2014-01-30 13:32 - 2014-01-30 13:32 - 00000000 ____D C:\Windows\7zSEA20.tmp
2014-01-30 13:32 - 2014-01-30 13:32 - 00000000 ____D C:\Users\Christopher\AppData\Local\MFAData
2014-01-30 13:32 - 2014-01-30 13:32 - 00000000 ____D C:\Users\Christopher\AppData\Local\Avg2014
2014-01-30 13:31 - 2014-01-30 13:31 - 04435768 _____ (AVG Technologies) C:\Users\Christopher\Desktop\avg_avct_stb_all_2014_4259_cm10.exe
2014-01-30 13:28 - 2014-01-30 13:28 - 00000258 __RSH C:\ProgramData\ntuser.pol
2014-01-29 14:38 - 2014-01-29 14:38 - 00000000 ____D C:\Users\Christopher\AppData\Local\Oqics
2014-01-21 22:48 - 2014-01-21 22:48 - 00000000 ____D C:\Users\Christopher\AppData\Local\Blizzard Entertainment
2014-01-20 06:53 - 2014-01-20 06:53 - 00016128 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-01-19 22:28 - 2014-01-19 22:29 - 00000000 ____D C:\Users\Christopher\Desktop\New Folder
2014-01-18 18:31 - 2014-01-18 18:31 - 00001561 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2014-01-18 18:31 - 2014-01-18 18:31 - 00000000 ____D C:\Riot Games
2014-01-18 18:29 - 2014-01-18 18:29 - 32229024 _____ (Riot Games) C:\Users\Christopher\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-01-04 19:41 - 2014-01-04 19:48 - 00041766 _____ C:\Users\Christopher\Desktop\Bed Frame.spd

==================== One Month Modified Files and Folders =======

2014-01-31 15:10 - 2014-01-31 15:10 - 00000000 ____D C:\FRST
2014-01-31 15:09 - 2013-11-15 10:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 15:09 - 2006-11-02 07:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 15:09 - 2006-11-02 07:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 15:05 - 2013-11-15 10:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 15:05 - 2010-09-01 14:13 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Skype
2014-01-31 15:05 - 2008-04-05 17:53 - 01291222 _____ C:\Windows\WindowsUpdate.log
2014-01-31 13:09 - 2013-11-15 10:23 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 11:35 - 2014-01-31 11:20 - 00000000 ____D C:\Users\Christopher\Desktop\RK_Quarantine
2014-01-31 11:26 - 2014-01-31 11:26 - 00002503 _____ C:\Users\Christopher\Desktop\RKreport[0]_D_01312014_112640.txt
2014-01-31 11:26 - 2014-01-31 11:26 - 00002382 _____ C:\Users\Christopher\Desktop\RKreport[0]_S_01312014_112613.txt
2014-01-31 11:04 - 2014-01-30 23:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\VisualBeeExe
2014-01-31 10:10 - 2014-01-31 09:55 - 00000000 ____D C:\ComboFix
2014-01-31 10:09 - 2014-01-31 10:09 - 00022960 _____ C:\ComboFix.txt
2014-01-31 10:09 - 2014-01-30 23:19 - 00000000 ____D C:\Qoobox
2014-01-31 10:07 - 2006-11-02 05:23 - 00000215 _____ C:\Windows\system.ini
2014-01-31 09:32 - 2010-08-01 11:40 - 00000000 ____D C:\Windows\pss
2014-01-31 09:11 - 2010-02-12 18:05 - 00000000 ____D C:\Program Files\Ask.com
2014-01-31 02:02 - 2010-09-01 13:58 - 00000000 ____D C:\Windows\system32\logishrd
2014-01-31 02:02 - 2007-09-27 17:02 - 00177890 _____ C:\Windows\PFRO.log
2014-01-31 02:02 - 2007-09-27 16:30 - 00000000 ____D C:\Windows\Downloaded Installations
2014-01-31 02:02 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Malwarebytes
2014-01-30 23:50 - 2014-01-30 23:50 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-30 23:50 - 2014-01-30 23:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-30 23:50 - 2014-01-30 23:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-30 23:49 - 2014-01-30 23:49 - 00001226 _____ C:\Users\Christopher\Desktop\Create Amazing Presentations.lnk
2014-01-30 23:49 - 2014-01-30 23:49 - 00001226 _____ C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-01-30 23:49 - 2014-01-30 23:49 - 00000698 _____ C:\Windows\Tasks\BrowserSafeguard Update Task.job
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\SearchProtect
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\emaze
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Program Files\Browsersafeguard
2014-01-30 23:41 - 2006-11-02 06:18 - 00000000 __RHD C:\Users\Default
2014-01-30 23:41 - 2006-11-02 06:18 - 00000000 ___RD C:\Users\Public
2014-01-30 23:40 - 2014-01-30 23:18 - 00000000 ____D C:\Windows\erdnt
2014-01-30 23:38 - 2008-04-13 21:24 - 00000000 ____D C:\Users\Christopher
2014-01-30 23:13 - 2006-11-02 08:01 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-30 22:56 - 2014-01-30 22:56 - 00000000 ____D C:\Windows\7zS1777.tmp
2014-01-30 22:56 - 2011-02-10 19:35 - 00000000 ____D C:\ProgramData\MFAData
2014-01-30 21:21 - 2014-01-30 21:21 - 00000938 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2014-01-30 21:21 - 2014-01-30 21:21 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-30 21:21 - 2014-01-30 21:21 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2014-01-30 15:38 - 2014-01-30 15:38 - 00000000 ____D C:\Windows\7zS5D2E.tmp
2014-01-30 14:03 - 2013-09-30 20:47 - 00000000 ____D C:\Program Files\YourFileDownloader
2014-01-30 13:32 - 2014-01-30 13:32 - 00000000 ____D C:\Windows\7zSEA20.tmp
2014-01-30 13:32 - 2014-01-30 13:32 - 00000000 ____D C:\Users\Christopher\AppData\Local\MFAData
2014-01-30 13:32 - 2014-01-30 13:32 - 00000000 ____D C:\Users\Christopher\AppData\Local\Avg2014
2014-01-30 13:31 - 2014-01-30 13:31 - 04435768 _____ (AVG Technologies) C:\Users\Christopher\Desktop\avg_avct_stb_all_2014_4259_cm10.exe
2014-01-30 13:28 - 2014-01-30 13:28 - 00000258 __RSH C:\ProgramData\ntuser.pol
2014-01-30 13:05 - 2008-04-15 16:15 - 00002627 _____ C:\Users\Christopher\Desktop\Microsoft Office Word 2007.lnk
2014-01-29 19:30 - 2010-09-01 14:13 - 00002377 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-29 14:38 - 2014-01-29 14:38 - 00000000 ____D C:\Users\Christopher\AppData\Local\Oqics
2014-01-29 14:23 - 2013-11-15 10:24 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-27 12:07 - 2008-11-10 22:14 - 00000000 ____D C:\Users\Christopher\Documents\Anthony&John
2014-01-24 20:06 - 2010-07-31 21:55 - 00000000 ____D C:\Users\Christopher\Documents\StarCraft II
2014-01-21 22:48 - 2014-01-21 22:48 - 00000000 ____D C:\Users\Christopher\AppData\Local\Blizzard Entertainment
2014-01-21 20:55 - 2010-07-31 21:55 - 00000000 ____D C:\Program Files\StarCraft II
2014-01-20 06:53 - 2014-01-20 06:53 - 00016128 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-01-19 22:29 - 2014-01-19 22:28 - 00000000 ____D C:\Users\Christopher\Desktop\New Folder
2014-01-18 18:46 - 2011-03-11 20:30 - 00000000 ____D C:\Users\Christopher\AppData\Local\PMB Files
2014-01-18 18:46 - 2011-03-11 20:30 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-18 18:39 - 2013-11-02 14:59 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Riot Games
2014-01-18 18:31 - 2014-01-18 18:31 - 00001561 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2014-01-18 18:31 - 2014-01-18 18:31 - 00000000 ____D C:\Riot Games
2014-01-18 18:31 - 2013-11-02 15:02 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2014-01-18 18:29 - 2014-01-18 18:29 - 32229024 _____ (Riot Games) C:\Users\Christopher\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-01-15 13:56 - 2008-04-15 16:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 13:54 - 2013-08-16 02:10 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 13:41 - 2013-02-19 22:06 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-11 10:38 - 2013-09-28 16:13 - 00000000 ____D C:\Users\Christopher\Desktop\Recovery
2014-01-11 10:16 - 2013-09-28 16:14 - 00001385 _____ C:\Users\Christopher\Desktop\3dExtract.tmp
2014-01-11 10:16 - 2013-09-28 16:13 - 00000000 ____D C:\Users\Christopher\Desktop\SoftView Cache
2014-01-04 19:48 - 2014-01-04 19:41 - 00041766 _____ C:\Users\Christopher\Desktop\Bed Frame.spd

Some content of TEMP:
====================
C:\Users\Christopher\AppData\Local\temp\nscE1F8.exe
C:\Users\Christopher\AppData\Local\temp\System.Data.SQLite.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-31 02:17

==================== End Of Log ============================

 

Second log Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2014 01
Ran by Christopher at 2014-01-31 15:11:08
Running from C:\Users\Christopher\Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Disabled - Out of date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Disabled - Out of date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.1.377 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader 9.4.6 (Version: 9.4.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANIWZCS2 Service (Version:  - )
Apple Application Support (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (Version: 1.14.1.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
AVG 2012 (Version: 12.0.1873 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2109 - AVG Technologies) Hidden
AVG 2012 (Version: 2012.0.1873 - AVG Technologies)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (Version:  - Browsersafeguard) <==== ATTENTION
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CameraHelperMsi (Version: 13.00.1774.0 - Logitech) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Diamond Multimedia 12.10 5400-6900 & 7300 & 7700-7900 PCIe Win7-8Vista (Version: 8.0.891.0 - Diamond Multimedia)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version:  - DivX, Inc.)
DivX Setup (Version: 2.5.0.8 - DivX, LLC)
DivX Version Checker (Version: 7.1.0.9 - DivX, Inc.)
DJ_AIO_ProductContext (Version: 90.0.201.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
EAX Unified (Version:  - )
Enhanced Multimedia Keyboard Solution (Version:  - Hewlett-Packard)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
GameSpy Arcade (Version:  - )
Google Chrome (Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Hardware Diagnostic Tools (Version: 5.00.4558.05 - PC-Doctor, Inc.)
HP Active Support Library (Version: 2.0.12.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 2.1.0 - Hewlett-Packard) Hidden
HP Advisor (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (Version: 5.2.0.2296 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (Version: 9.0 - HP)
HP Easy Setup - Frontend (Version: 5.2.0.2304 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (Version: 9.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.01 (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 9.0 (Version: 9.0 - HP)
HP Update (Version: 4.000.010.008 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.1.0 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (Version:  - Intel Corporation)
Intel® Network Connections Drivers (Version:  - )
Intel® Viiv™ Software (Version: 1.6.361.6 - Intel Corporation)
Intel® Viiv™ Software (Version: 1.6.361.6 - Intel Corporation) Hidden
iTunes (Version: 10.5.0.142 - Apple Inc.)
Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java 7 Update 5 (Version: 7.0.50 - Oracle)
Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (Version: 1.3 - Riot Games) Hidden
League of Legends (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
LightScribe  1.8.15.1 (Version: 1.8.15.1 - http://www.lightscribe.com) Hidden
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5 - Symantec Corporation)
Logitech Vid (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.01.1018.0 - Logitech) Hidden
LWS Gallery (Version: 13.01.1018.0 - Logitech) Hidden
LWS Help_main (Version: 13.01.1025.0 - Logitech) Hidden
LWS Launcher (Version: 13.01.1024.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.01.1018.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.01.1018.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.00.1774.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.00.1774.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.00.1774.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.01.1022.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Works (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.6.0 - Apple Inc.)
Motorola Driver Installation 3.7.0 (Version: 3.7.0 - Motorola Inc.)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (Version: 1.0.0 - Microsoft Game Studios)
muvee autoProducer 6.0 (Version: 6.00.050 - muvee Technologies)
My HP Games (Version: HPCMPQ1804 - WildTangent)
Norton PC Checkup (Version: 2.0.2.506 - Symantec Corporation)
Norton PC Checkup (Version: 3.0.1.46.0 - NortonLive Services)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
ooVoo (Version: 2.9.0076 - ooVoo LLC.)
Opera 12.14 (Version: 12.14.1738 - Opera Software ASA)
Pando Media Booster (Version: 2.3.5.2 - Pando Networks Inc.)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Python 2.5 (Version: 2.5.150 - Martin v. Löwis)
QuickTime (Version: 7.70.80.34 - Apple Inc.)
RCA Video Converter (Version: 1.05.0200 - )
Realtek High Definition Audio Driver (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Rhapsody (Version:  - )
Rhapsody Player Engine (Version: 1.0.604 - RealNetworks)
Roller Coaster Tycoon (remove only) (Version:  - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (Version: 3.4.0 - Roxio)
Roxio Creator Copy (Version: 3.4.0 - Roxio)
Roxio Creator Data (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (Version: 3.4.0 - Roxio)
Roxio Creator Tools (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (Version: 9.0.572 - Roxio)
Safari (Version: 5.34.51.22 - Apple Inc.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snapfish Picture Mover (Version: 1.9.0.16 - HP Snapfish)
SoftPlan Educational v13 Workstation [C:\SoftPlan13] (Version:  - SoftPlan Systems Inc.)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
StarCraft (Version:  - Blizzard Entertainment)
StarCraft II (Version:  - Blizzard Entertainment)
StarCraft X-tra Editor  Version 2.5 (Version: 2.5 - Camelot Systems)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
StudySpace (Version:  - )
System Requirements Lab (Version: 4.1.71.0 - Husdawg, LLC)
System Requirements Lab CYRI (Version: 6.0.3.0 - Husdawg, LLC)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Trojan Killer (Version: 2.2.1.3 - GridinSoft LLC)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
VASSAL (3.1.12) (Version: 3.1.12 - vassalengine.org)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Weather forecast (HKCU Version:  - Opera widgets)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Wireless G WDA-1320 (Version:  - D-Link)
Xfire (remove only) (Version:  - )
Yahoo! Search Protection (Version:  - )
Yahoo! Toolbar (Version:  - )
YourFileDownloader (HKCU Version: 1.3.6 - http://www.yourfiledownloader.com/)
YouTube Downloader 2.6.1 (Version:  - BienneSoft)

==================== Restore Points  =========================

04-01-2014 00:02:23 Windows Update
04-01-2014 16:53:18 Scheduled Checkpoint
06-01-2014 04:53:14 Scheduled Checkpoint
07-01-2014 00:25:00 Scheduled Checkpoint
09-01-2014 00:31:47 Windows Update
09-01-2014 15:24:33 Scheduled Checkpoint
10-01-2014 22:11:17 Scheduled Checkpoint
11-01-2014 17:19:39 Scheduled Checkpoint
13-01-2014 16:31:28 Scheduled Checkpoint
15-01-2014 02:18:14 Windows Update
15-01-2014 18:39:03 Windows Update
16-01-2014 16:17:06 Scheduled Checkpoint
18-01-2014 23:26:54 Removed League of Legends
18-01-2014 23:30:05 Installed League of Legends
18-01-2014 23:31:13 Installed DirectX
20-01-2014 19:30:54 Scheduled Checkpoint
22-01-2014 01:41:55 Windows Update
23-01-2014 16:30:57 Scheduled Checkpoint
24-01-2014 18:38:22 Scheduled Checkpoint
28-01-2014 14:29:53 Scheduled Checkpoint
29-01-2014 02:11:09 Windows Update
30-01-2014 17:57:23 Scheduled Checkpoint
31-01-2014 14:12:13 Removed Bing Bar

==================== Hosts content: ==========================

2006-11-02 05:23 - 2014-01-31 10:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0479B4C2-2D6D-4EED-AB86-EDA159538CB9} - System32\Tasks\{D8D79150-6B56-45A8-B568-4507C4A493AF} => Firefox.exe http://ui.skype.com/ui/0/4.2.0.169.259/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {07059EC3-95A0-4DD1-87EE-42FC70E40627} - System32\Tasks\Microsoft\Windows\RestartManager\{8C390910-163E-4ec2-B26C-154339A7CF9A} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20154227-097C-49AA-83F8-1DB72FDA8875} - System32\Tasks\JavaUpdateMom => C:\Windows\system32\jusched.exe
Task: {2996E3AA-88FC-46A4-8C17-9829D0519127} - System32\Tasks\{741353D7-71C6-4ED3-9807-DA92ACF5DD6C} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C042C06-428A-4D0C-9DCA-E40EBE1F0E03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {4150C661-C3AE-40A9-B950-342F959F7C5A} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe [2013-09-30] (http://yourfiledownloader.com) <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4E48DF1E-17AF-4000-AFA5-2BD633B1328E} - System32\Tasks\JavaUpdateChristopher => C:\Windows\system32\jusched.exe
Task: {65FB6B32-C5F9-40CD-B24C-26C3188C1A04} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {701A7B29-2FB0-4AB4-AED5-EE67E3349EBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {75ACF1D1-9948-48E8-BA42-4E352FE11AFF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {817F81E1-1504-4AF1-AB0C-E603327838F1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A15B0086-FD8E-4BCB-AC2A-ABA5964695C1} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files\Norton PC Checkup 3.0\NLAppLauncher.exe [2012-06-10] (Symantec Corporation)
Task: {A425623E-5A2E-4D65-B1D3-835612C494E5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-01-03] ()
Task: {B1067549-D42A-4E55-92F3-06A45E32CDC8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B4430211-F063-4E74-948A-8D941922B2CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {BC81E3C0-61AE-432A-B308-EF306B5BC6D3} - System32\Tasks\{E41C0F87-111E-464F-9B87-A8047049B60E} => C:\Program Files\Opera\Opera.exe [2013-03-02] (Opera Software)
Task: {C54DFD35-0A2F-4130-A563-08B880D06948} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
Task: {C5E7FE65-9085-4263-95FD-677ABE9C24C8} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Mom => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {D4069691-E627-4F83-8324-68F81186BAFB} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24] (Hewlett-Packard)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BrowserSafeguard Update Task.job => C:\Program Files\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-29 14:38 - 2014-01-29 14:38 - 00024064 _____ () C:\Users\Christopher\AppData\Local\Oqics\IsPadDb8.dll
2013-06-22 18:26 - 2012-09-27 16:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2008-11-01 13:59 - 2007-08-20 16:41 - 00233472 _____ () C:\Windows\system32\WlanApp.dll
2014-01-31 15:07 - 2014-01-31 15:07 - 00229152 _____ () C:\Users\Christopher\AppData\Local\temp\nsvA959.tmp\DownloadACC.dll
2014-01-31 15:07 - 2014-01-31 15:07 - 00127776 _____ () C:\Users\Christopher\AppData\Local\temp\nsvA959.tmp\xml.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:7838B9E0

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Compact Flash  
Description: Compact Flash  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: MS/MS-Pro      
Description: MS/MS-Pro      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: SD/MMC         
Description: SD/MMC         
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: SM/xD-Picture  
Description: SM/xD-Picture  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2014 09:12:26 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service getPlusHelper since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (01/31/2014 02:01:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (01/30/2014 11:41:30 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/30/2014 11:40:47 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/30/2014 11:38:40 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/30/2014 11:15:56 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/30/2014 11:10:45 PM) (Source: MsiInstaller) (User: Christopher-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1711. SA_Error1711: StandardAction(0xC00706AF): An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

Error: (01/30/2014 11:10:45 PM) (Source: MsiInstaller) (User: Christopher-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1711. SA_Error1711: StandardAction(0xC00706AF): An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

Error: (01/30/2014 11:10:45 PM) (Source: MsiInstaller) (User: Christopher-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1711. SA_Error1711: StandardAction(0xC00706AF): An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

Error: (01/30/2014 11:10:45 PM) (Source: MsiInstaller) (User: Christopher-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1711. SA_Error1711: StandardAction(0xC00706AF): An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

System errors:
=============
Error: (01/31/2014 10:07:40 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/31/2014 10:03:21 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/31/2014 09:56:52 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/31/2014 09:55:44 AM) (Source: Service Control Manager) (User: )
Description: XAudioService1

Error: (01/31/2014 09:55:28 AM) (Source: Service Control Manager) (User: )
Description: Process Monitor1

Error: (01/31/2014 09:10:58 AM) (Source: Service Control Manager) (User: )
Description: Skype Updater1

Error: (01/31/2014 02:04:07 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/31/2014 02:03:53 AM) (Source: Service Control Manager) (User: )
Description: Search Protect by Conduit Service%%5

Error: (01/31/2014 02:03:53 AM) (Source: Service Control Manager) (User: )
Description: 11845%%2

Error: (01/30/2014 11:52:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Microsoft Office Sessions:
=========================
Error: (08/18/2010 11:19:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/01/2010 02:56:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/01/2010 02:54:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/01/2010 02:53:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/07/2010 06:23:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8171 seconds with 3660 seconds of active time.  This session ended with a crash.

Error: (02/20/2010 00:16:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9677 seconds with 3240 seconds of active time.  This session ended with a crash.

Error: (01/05/2010 11:23:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 586 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (01/03/2010 00:09:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20474 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (11/09/2009 04:55:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 141 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/04/2009 01:38:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 866 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-01-31 15:10:40.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 15:10:40.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 15:10:39.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 15:10:39.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 15:10:39.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 15:10:39.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 15:10:38.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 15:10:38.689
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 10:03:20.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-31 10:03:20.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3326.39 MB
Available physical RAM: 1997.25 MB
Total Pagefile: 6881.77 MB
Available Pagefile: 4559.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.4 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:292.24 GB) (Free:136.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:5.84 GB) (Free:0.81 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs in next reply, give update on any remaining issues or concerns...

 

Kevin

fixlist.txt

Link to post
Share on other sites

Again, thank you for your time. Here are the two logs:

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by Christopher at 2014-01-31 15:58:04 Run:1
Running from C:\Users\Christopher\Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hemxccape.exe (No5666)
C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hemxccape.exe
C:\Users\Christopher\Documents\Downloads\InstallConverter_TSV437Q4Q.exe
2014-01-30 23:49 - 2014-01-30 23:49 - 00000698 _____ C:\Windows\Tasks\BrowserSafeguard Update Task.job
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\SearchProtect
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Users\Christopher\AppData\Local\emaze
2014-01-30 23:49 - 2014-01-30 23:49 - 00000000 ____D C:\Program Files\Browsersafeguard
2014-01-30 22:56 - 2014-01-30 22:56 - 00000000 ____D C:\Windows\7zS1777.tmp
2014-01-30 15:38 - 2014-01-30 15:38 - 00000000 ____D C:\Windows\7zS5D2E.tmp
2014-01-30 13:32 - 2014-01-30 13:32 - 00000000 ____D C:\Windows\7zSEA20.tmp
2014-01-29 14:38 - 2014-01-29 14:38 - 00000000 ____D C:\Users\Christopher\AppData\Local\Oqics
C:\Users\Christopher\AppData\Local\temp\nscE1F8.exe
C:\Users\Christopher\AppData\Local\temp\System.Data.SQLite.dll
Task: {4150C661-C3AE-40A9-B950-342F959F7C5A} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe [2013-09-30] (www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\
Line Deleted : user_pref("extensions.asktb.if", "su");
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1330112724007");
Line Deleted : user_pref("extensions.asktb.last-search-timestamp", "1324784041204");
Line Deleted : user_pref("extensions.asktb.last-v", "3.14.0.100009");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.lstation", "");
Line Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Line Deleted : user_pref("extensions.asktb.o", "15150");
Line Deleted : user_pref("extensions.asktb.pstate", "");
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.sa", "NO");
Line Deleted : user_pref("extensions.asktb.search-history-queries", "hotAIL||hotmail||google");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "10/01/2012 6:35:30 PM");
Line Deleted : user_pref("extensions.enabledAddons", "{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823,{9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.11,{a0d7ccb3-21[...]
Line Deleted : user_pref("extensions.enabledItems", "toolbar@ask.com:3.13.1.18107,{9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.[...]
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [18772 octets] - [31/01/2014 16:01:07]
AdwCleaner[s0].txt - [18958 octets] - [31/01/2014 16:04:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [19019 octets] ##########

 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista Home Premium x86
Ran by Christopher on 31/01/2014 at 16:13:40.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F0553C75-6DBD-46E4-BCF8-3EB68D75D27C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F0553C75-6DBD-46E4-BCF8-3EB68D75D27C}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Christopher\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{0129DDAD-A074-4E24-A829-B4F04FDD907C}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{01339B63-CAEF-455B-ACDA-202731ADCE93}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{0295D575-D4C0-4482-9E77-790A38358F35}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{086D4B5B-BB93-459D-B531-0B2C717E3DDA}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{08ED90B8-12EA-4558-91FF-9EB633E1A10C}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{0CC26532-287B-45A5-948D-8E530D84800E}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{0D708FFF-6505-4BD5-A0BC-0A7501CF8BA0}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{0E9DF459-2007-4C86-A7E3-649F2E00007B}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{0EAD0B6F-29C5-4532-B68E-6EE2D00B4DB8}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{0EC9332D-AE1C-4879-BE00-FACFC74160DD}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{0ED67513-BB72-4735-9E75-D057739EB8E4}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{105F21EE-9D88-4FF0-A4FF-A0C25C0B54A2}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{15F705A9-F055-4FB5-B026-C87D4FC7461A}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{1DFDA27A-4FA1-4249-87E6-4B018D78FC08}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{20F95B6D-32CD-41E1-A540-33B1FDE2A552}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{21983888-2595-4190-9A07-EAE3E7F4A6FD}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{223A48B3-3492-418F-A6FB-8D97B395CC22}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{2784293A-29C9-4C78-B675-8508C1346054}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{27CE7EBD-B95F-4191-AFF7-BD404AE1E018}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{2AF01822-9983-4FA1-98E8-6CB9E9610799}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{2C710DD2-A83F-41C8-92AF-23EB4CB1C6FA}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{2F730B8B-CDA0-44DA-AAE6-92A396F8F372}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{3631FFCC-1E52-440E-A795-BEFD2D55CF8D}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{3CFA531F-A6DB-48A1-9DE5-103B2E1871C0}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{3D899EF9-0668-4BBE-9642-3485AF4B6F4A}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{3EFC95E4-7EA5-48A6-A3DA-799C73354696}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{40F810D5-66E2-40D2-AC0F-18035EB14301}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{43DEB40C-712E-4895-9A05-053A47171C1A}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{479FD5C2-1BA2-4194-BF8D-AD71B57FF603}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{49B493A0-8879-4C8C-97DF-0262BDEBA7A7}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{4A65877B-021B-4D9F-AED4-97925F09B555}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{4CF825F2-FECB-4A47-9BD3-75B4FEAAD490}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{4E8C71A5-E998-4FA8-B9B0-E861111C024C}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{50B1D568-8C8F-44DA-B5D3-58E36BB12809}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{51BE73A9-AD3F-4EA4-BA8C-8AF161137984}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{5567AABF-1EF5-4A5D-8A81-FEC98DBB323F}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{5820176E-22E1-4564-A026-5492608E9FFD}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{60598C7D-DB88-4E0F-851F-9D0D2C8E9A40}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{62569569-118A-4AC9-A801-9E5DC27D8084}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{65B51E28-69B2-480C-A636-9CA4CC7498D1}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{65F5E55E-8105-4515-88C6-169E5FA3C845}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{6F1E7833-227D-4B2E-AEF8-FF69B82B4D3A}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{71EC8217-B82A-4628-B4F9-65524E764724}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{7252B1A7-66B5-428C-A0A2-56DD65A32BA2}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{72C1802A-B2C0-4D02-8DBF-A8D06F496DC7}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{74145901-6C71-48B7-9277-CE6ECC5F9928}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{747AB2F1-4198-4DAC-89B5-3B3A7BFB5E27}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{75A79D31-5121-40F4-B4D5-95B41366FA23}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{7953FAB4-9F88-4562-92DC-CA2A36D59919}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{7AADDC63-50AC-472D-939E-F853E0DBA061}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{811ACC7E-DE46-40E5-8700-77A33875C74C}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{811FC11D-C6F8-42AF-B86F-2BF1FF403D3E}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{8579782F-15D3-4B52-AB46-002F780B0287}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{8814EE1D-F55B-4349-9709-D7ABBA430925}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{8B8A73C9-D514-4C26-897D-C3FD92833E04}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{8D4C41FD-6CC9-4B09-9199-03C0CB5CAEDC}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{9068EC3C-398F-463F-A9CF-D6B3AD68929F}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{90A2A24F-9790-4654-BB7C-152F75396BFE}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{9139D3F9-DC28-48FD-9924-0E49345F9AFA}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{92EBC9E5-01EC-494E-9F69-27948AC98B04}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{960300EC-B489-44F5-96C3-0D7C7EA790CC}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{97D7B6E2-00EE-4EF1-897F-5F9952D32D72}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{98357A2E-7D72-48B1-937D-8AF3EBCC47C7}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{990984B8-7E50-4780-9B81-8BF2977CE51A}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{9C83F95E-627C-43F7-829B-7B246FA63F95}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{9CA244EA-E446-494B-8435-E46C0B5F94A5}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{A0D5A5AB-C7C5-453E-8BAC-39031EF9088A}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{A53EA5E1-3BB8-4C6C-849D-55FCA8DB0B64}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{A5A0628F-31E2-469A-9A73-9CB7CD06EF65}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{A85BB843-B27B-4A88-A394-7E9954CA5018}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{A88FF91D-F2BA-498D-B596-911DB6C2A4A0}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{AFA2F2E7-CA2F-455A-A0D1-D37168EBDA10}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{B09E3523-3817-4F62-94AD-CAC25FC4168B}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{B25F3B24-B9F0-4A2A-BCC7-E4EDC886B7BC}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{B6D60635-0493-4976-8541-A30BA7AA1F31}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{BFD5B9BF-C3AE-4FE7-83E4-B7D39FA9B32D}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{C1D75639-DB9C-4071-96E2-079D8B04D3C4}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{C6E80760-5234-4882-AACE-00EAFF28EE3F}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{C9793286-C59D-4AC4-B681-305178C84EB1}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{CA658FB4-2656-4AA0-BBE3-B2E5EF58E5A2}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{CB486881-2486-4DD4-ABF8-12CFC0F64318}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{CEEA2A97-50B0-4A43-B756-5F6E65D9E055}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{D159D893-A84B-4C70-B645-A70FF8E8A277}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{D6A0E401-9636-461C-A757-9E0C641C11A3}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{D7AC6935-7AA8-4AB6-8A25-FAE4FCE5F4C9}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{D90A07E9-2A7F-4AA2-8C9A-B2AD29E61BBD}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{DE7801DE-4AE6-4D2A-ACF2-73743EA0AE70}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{E3921420-3E0F-47ED-A452-81DFD96B56A2}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{E45705E5-B1A4-41C1-813D-427DE63D83F5}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{EA66A6D0-D123-4E3D-BB46-9245887D9F78}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{EE15E6AF-6586-416B-B7E8-C600FBA0BE67}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{F7849A78-BCE1-4931-81BD-0D0BB59398CE}
Successfully deleted: [Empty Folder] C:\Users\Christopher\appdata\local\{F8089FA0-5BF8-4613-A6C9-3130CC3D43E2}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/01/2014 at 16:26:00.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

As soon as the Malwarebytes finishes running I'll reply again. (Takes awhile)

Link to post
Share on other sites

Do you have the Malwarebytes log, also run the following to check security set up, status of Adobe, Java, etc:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Finally,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

 

  •  

     

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

     

     

  • click on the Run ESET Online Scanner button

     

     

  • Tick the box next to YES, I accept the Terms of Use.

     

    Click Start

     

  • When asked, allow the add/on to be installed

     

    Click Start

     

  • Make sure that the option Remove found threats is unticked

     

     

  • Click on Advanced Settings, ensure the options

     

     

  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

     

    Click Scan

     

  • wait for the virus definitions to be downloaded

     

     

  • Wait for the scan to finish

     

     

 

 

When the scan is complete

 

 

  •  

     

  • If no threats were found

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • close program

     

     

  • report to me that nothing was found

     

     

 

 

If threats were found

 

 

  •  

     

  • click on "list of threats found"

     

     

  • click on "export to text file" and save it as ESET SCAN and save to the desktop

     

     

  • Click on back

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • click on finish

     

     

 

 

close program

 

copy and paste the report in next reply

 

Thanks,

 

Kevin.... ;)

Link to post
Share on other sites

Malwarebytes log

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.31.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Christopher :: CHRISTOPHER-PC [administrator]

Protection: Enabled

31/01/2014 4:29:18 PM
mbam-log-2014-01-31 (16-29-18).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 483100
Time elapsed: 3 hour(s), 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: nuste|7se_Malwarebytes -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Users\Christopher\AppData\Local\temp\CT3319613 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 20
C:\FRST\Quarantine\InstallConverter_TSV437Q4Q.exe31-01-2014_15-58-04 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nscE1F8.exe31-01-2014_15-58-05 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Christopher\AppData\Local\temp\nshBB17\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Christopher\Documents\Downloads\installer_avg-anti-virus_English.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Christopher\Documents\Downloads\Malwarebytes.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Christopher\Downloads\YoutubeDownloaderSetup.exe (PUP.Optional.DealioTB.A) -> Quarantined and deleted successfully.
C:\Users\Christopher\Downloads\YouTubeDownloaderSetup253b.exe (PUP.Optional.DealioTB.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\yourfiledownloader\uninstall.exe.vir (PUP.Optional.YourfileDownloader) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Users\Christopher\AppData\Local\temp\CT3319613\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

 

checkup log

 

 Results of screen317's Security Check version 0.99.79 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG Anti-Virus Free Edition 2012  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 JavaFX 2.1.1   
 Java 7 Update 5 
 Java SE Runtime Environment 6 Update 1
 Java version out of Date!
 Adobe Flash Player  11.9.900.170 
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 32.0.1700.102 
 Google Chrome 32.0.1700.76 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 16 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Doing the AV Eset right now will post when completed!

Link to post
Share on other sites

Eset log

 

C:\FRST\Quarantine\hemxccape.exe31-01-2014_15-58-04 Win32/Neurevt.B trojan
C:\FRST\Quarantine\Oqics31-01-2014_15-58-05\IsPadDb8.dll a variant of Win32/Sefnit.CV trojan
C:\Program Files\Perfect Uninstaller\RepairBackup\del\hemxccape.exe Win32/Neurevt.B trojan
C:\Qoobox\Quarantine\C\Users\Christopher\AppData\Local\roytyea.dll.vir a variant of Win32/TrojanProxy.Agent.NRO trojan
C:\Users\Christopher\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7a458e61-4e734040 Java/Exploit.CVE-2012-0507.BR trojan
 

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Program Files\Perfect Uninstaller\RepairBackup\del\hemxccape.exeC:\Users\Christopher\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7a458e61-4e734040:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Post OTM log, let me know if any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

The log popped up as soon as I sent that! Here it is.

 

OTM log

 

All processes killed
========== FILES ==========
C:\Program Files\Perfect Uninstaller\RepairBackup\del\hemxccape.exe moved successfully.
C:\Users\Christopher\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7a458e61-4e734040 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christopher
->Temp folder emptied: 5140919 bytes
->Temporary Internet Files folder emptied: 12363048 bytes
->Java cache emptied: 978347 bytes
->FireFox cache emptied: 53779988 bytes
->Google Chrome cache emptied: 25624272 bytes
->Apple Safari cache emptied: 32776192 bytes
->Opera cache emptied: 44241415 bytes
->Flash cache emptied: 5673 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22914 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 30236421 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 196.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 02022014_100948

Files moved on Reboot...
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hey Kevin, I have absolutely no idea how to access the cmd prompt or the Security tab

 

"1) If you can access cmd, you can reset the security settings in Vista/Windows 7 with the following command: "secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose" (no quotes.) To see what this command does, go here: How do I restore security settings to the default settings?

NOTE: If you can't access cmd when logged in, use this guide System Recovery Options. You can get to the command line when you access the System Recovery Options screen.

2) This command seems to give the ownership issue a kick up the backside, even though it seems nothing has changed. Go to Explorer, right click on C: and go to Properties.

3) Go to the Security tab and then Advanced."

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.