CreateRestorePoint: CustomCLSID: HKU\S-1-5-21-4206780712-3926510040-12088971-1010_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> \\?\globalroot\Device\HarddiskVolume3\Users\LaTondya.BabyGurl-LP\AppData\Local\Temp\snpmxng\sxuopeb\wow.dll () Task: {0ECAFA73-B9B3-4898-BBEE-8BEB2B13FD9A} - System32\Tasks\4391 => Wscript.exe C:\Users\me\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {13AAC62F-4294-4BBD-88A4-EDBDA3813824} - System32\Tasks\4973 => Wscript.exe C:\Users\BabyGurl\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {2CCF675C-2E80-4971-8E74-D705E2F63576} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {58588FDB-6FC4-4984-8EF7-DE062BB1B6C2} - System32\Tasks\4977 => Wscript.exe C:\Users\LaTondya\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {677A9D8B-EA0E-4B01-AC63-05374880293F} - System32\Tasks\4782 => Wscript.exe C:\Users\TABY&T~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {85F31EF4-006D-49CA-8002-57559A9A3B2D} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION Task: {95CF0D04-1FED-492C-92DA-2327A7F9B7B5} - System32\Tasks\4777 => Wscript.exe C:\Users\Rabbit\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {BE1CE09F-2C55-4732-A513-0EA07F4FCBF8} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\39DE7F5A-E00E-604B-9BB9-6CB8E4D7446D\Runner.exe Task: {D4880ED6-36B1-40B6-8007-B9AC62EEC064} - System32\Tasks\Runner IC => %LOCALAPPDATA%\39DE7F5A-E00E-604B-9BB9-6CB8E4D7446D\Runner.exe Task: {F5ED9847-6079-44B6-B04D-06891C9947FD} - \Security Center Update - 2730793548 No Task File <==== ATTENTION HKLM-x32\...\Run: [Babylon Client] => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3589712 2013-02-26] (Babylon Ltd.) HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\ShopAtHome HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\Run: [iLivid] => "C:\Users\LaTondya.BabyGurl-LP\AppData\Local\iLivid\iLivid.exe" -autorun HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\Run: [Locdrv32] => rundll32.exe "C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\Locdrv32\Locdrv32.dll",sens2Music eTracespl <===== ATTENTION HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log C:\Program Files (x86)\LiveSupport HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\Run: [TornTv Downloader] => C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup C:\Program Files (x86)\TornTV.com HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\MountPoints2: {1a579d51-6111-11df-808d-806e6f6e6963} - D:\Autorun.exe HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\MountPoints2: {f66afc33-d4be-11e3-83cc-a4badbba932d} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-4206780712-3926510040-12088971-1010\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\LaTondya.BabyGurl-LP\AppData\Local\Temp\snpmxng\sxuopeb\wow.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-4206780712-3926510040-12088971-1011\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-4206780712-3926510040-12088971-1011\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-4206780712-3926510040-12088971-1011\...\MountPoints2: {1a579d51-6111-11df-808d-806e6f6e6963} - D:\Autorun.exe HKU\S-1-5-21-4206780712-3926510040-12088971-1011\...\MountPoints2: {dc2b05f7-ae1e-11e4-b407-a4badbba932d} - F:\windows\AutoRun.exe HKU\S-1-5-21-4206780712-3926510040-12088971-1011\...\MountPoints2: {f66afc33-d4be-11e3-83cc-a4badbba932d} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) ShortcutTarget: IMVU.lnk -> C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File) Startup: C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk ShortcutTarget: TornTvDownloader.lnk -> C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe (No File) ShortcutTarget: IMVU.lnk -> C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File) Startup: C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk ShortcutTarget: TornTvDownloader.lnk -> C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe (No File) Startup: C:\Users\taby & tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-4206780712-3926510040-12088971-1005\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION URLSearchHook: HKLM-x32 - Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms} SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebs...or={searchTerms} SearchScopes: HKLM-x32 -> {8D7BCC95-4B3A-4597-B533-7B32EBE22488} URL = http://www.searchcan...&q={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms} SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1060933 SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=US&unqvl=45 SearchScopes: HKLM-x32 -> {d3f22a84-2a84-49eb-91e6-5dadaaf0165d} URL = http://search.tb.ask...or={searchTerms} BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {27a220b7-bb43-4faf-b27b-f803d18eea28} -> No File BHO-x32: Softonic-Eng7 Toolbar -> {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -> C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll [2010-06-03] (Conduit Ltd.) BHO-x32: getsav-in 5.0 -> {9133AA62-14E2-45B3-8AD9-DC08A3520492} -> C:\Users\LaTondya\AppData\Local\getsav-in\ie\getsav-in_1373060702.dll No File BHO-x32: Babylon IE plugin -> {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2013-02-26] (Babylon Ltd.) BHO-x32: No Name -> {9D425283-D487-4337-BAB6-AB8354A81457} -> No File Toolbar: HKLM-x32 - Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll [2010-06-03] (Conduit Ltd.) Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-4206780712-3926510040-12088971-1010 -> No Name - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No File Toolbar: HKU\S-1-5-21-4206780712-3926510040-12088971-1010 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-4206780712-3926510040-12088971-1011 -> No Name - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No File CHR Plugin: (Conduit Chrome Plugin) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.19.2.5_0\plugins/ConduitChromeApiPlugin.dll (Conduit) CHR Plugin: (Conduit Radio Plugin) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.19.2.5_0\plugins/np-cwmp.dll (Conduit) CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.19.2.5_0\plugins/ChromeApproveTBPlugin.dll (Conduit) CHR Plugin: (Conduit Chrome Plugin) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.19.2.5_0\search/plugins/npConduitNewTabPlugin.dll (Conduit Ltd.) CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\NP5aStub.dll No File CHR Extension: (greiatsAver) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfalnkpopgglemdpfjfffajfkjdbhkaa [2014-01-11] CHR Extension: (SNT) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cclgjbbjhhgmnkdgbnjlaodefmcdilkn [2014-01-11] CHR Extension: (GreatSaver) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgplokkdpdcomkhneebomolempgcmnhe [2014-01-11] CHR Extension: (Babylon Translator) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2013-09-10] CHR Extension: (SNT) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmimebhheiphkmkbknlkadgkbagdbedo [2014-01-11] CHR Extension: (SNT) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpafmnadaefofbchcjbdpppimoigolcc [2014-01-11] CHR Extension: (ebeenikkcpgaekfgbnflbaaihalfifkk) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebeenikkcpgaekfgbnflbaaihalfifkk [2014-10-16] CHR Extension: (SNT) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdndcabolagcbmaifdjidbcepllmobd [2014-01-11] CHR Extension: (grEatsaverr) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fackjiognabojlmgochcgcjhmhakanep [2014-01-11] CHR Extension: (Save Best) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoecifcadmambfikillppkoafmgachp [2014-01-11] CHR Extension: (gecgipfabdickgidpmbicneamekgbaej) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej [2014-10-16] CHR Extension: (YTBookMarrk) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\giabaeiibgbpegcfnfminbkaepfacphm [2014-01-11] CHR Extension: (graeaTsaVer) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmheoknenicchoefacdikhepkibdinol [2014-01-11] CHR Extension: (WhiteSmoke New) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-09-11] CHR Extension: (No Name) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-09-15] CHR Extension: (Isaveero) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljmeiphajcekhdikgbaooakapocfidc [2014-03-06] CHR Extension: (YoutubeAdblocker) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhclmcfedjlcgonhbjefpmacbmcphno [2014-01-11] CHR Extension: (No Name) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopdmcnionefjjnmchkiimificckpkif [2013-12-25] CHR Extension: (No Name) - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcnejclmmchoalpmbkapikeclpkhipml [2014-02-03] CHR HKU\S-1-5-21-4206780712-3926510040-12088971-1010\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-08] CHR HKU\S-1-5-21-4206780712-3926510040-12088971-1010\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-09-08] CHR HKU\S-1-5-21-4206780712-3926510040-12088971-1010\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-12-24] CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2013-04-11] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\Object\chromeaddon.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-08] CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-09-08] CHR HKLM-x32\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Program Files (x86)\Browser Plugin\gplplugin.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\LaTondya.BabyGurl-LP\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-12-24] U3 a5l7ua7n; C:\Windows\System32\Drivers\a5l7ua7n.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) C:\Windows\System32\Drivers\a5l7ua7n.sys S1 dpnnuydj; \??\C:\Windows\system32\drivers\dpnnuydj.sys [X] S1 givctqds; \??\C:\Windows\system32\drivers\givctqds.sys [X] S1 kcjxvrso; \??\C:\Windows\system32\drivers\kcjxvrso.sys [X] 2014-09-28 14:57 - 2014-09-28 14:57 - 1927064 _____ (CinemaHDTube PlusV28.09) C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\FRJBVR.exe 2014-09-28 14:53 - 2014-09-28 14:53 - 1479080 _____ (esc) C:\Users\LaTondya.BabyGurl-LP\AppData\Roaming\GSEV.exe 2013-07-13 08:08 - 2013-07-13 08:08 - 2019282 _____ () C:\ProgramData\2433f433 2011-04-01 20:02 - 2011-04-01 20:09 - 0013012 ___SH () C:\ProgramData\584h2ryd3gr 2011-04-01 00:59 - 2011-04-01 02:47 - 0012294 ___SH () C:\ProgramData\7a3d8u8784tdd04w7i4a1pj Cmd: wevtutil cl application Cmd: wevtutil cl system Cmd: wevtutil cl security EmptyTemp: