Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

am not able to do anything [Solved]

Started by leahcase , Nov 18 2014 04:03 AM

  • This topic is locked This topic is locked

#61
leahcase
Posted 07 December 2014 - 05:59 PM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

not able to download    Combofix....it saids  not compatible..i have tried   both links and i could not get them to work .......


  • 0

Advertisements

#62
Essexboy
Posted 08 December 2014 - 09:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing as it works for windows 7, how is the computer at the moment ?:
  • 1

#63
Essexboy
Posted 14 December 2014 - 09:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#64
Essexboy
Posted 02 February 2015 - 08:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That may be a USB infection

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post thatDownload MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

NEXT

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#65
leahcase
Posted 02 February 2015 - 08:09 PM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.2.1.1 / Windows 7 <<<


2/2/2015 7:50:54 PM > Drive C: - scan started (OS ~920 GB, NTFS HDD )...



=> The drive is clean.


2/2/2015 7:50:55 PM > Drive D: - scan started (HP_RECOVERY ~12 GB, NTFS HDD )...



=> The drive is clean.


2/2/2015 7:51:01 PM > Drive G: - scan started (My Book ~233 GB, FAT32 HDD )...



=> The drive is clean.


2/2/2015 7:51:05 PM > Drive H: - scan started (no label ~7107 MB, FAT32 flash drive )...



=> The drive is clean.


2/2/2015 7:51:06 PM > Drive I: - scan started (MISC ~1910 MB, FAT flash drive )...



---> Note: traces of file replicators have been found!

---> Executing generic S&D routine...


>>> I:\Recycle Bin.lnk.vir - Malware > Deleted. (15.02.02. 19.51 Recycle Bin.lnk.vir.270428; MD5: c0468cff96b59b337b5a505e1f887596)

>>> I:\ACService.exe - Malware > Deleted. (15.02.02. 19.51 ACService.exe.905677; MD5: adc420616c501b45d26c0fd3ef1e54e4)

>>> I:\ACService - Copy.exe - Malware > Deleted. (15.02.02. 19.51 ACService - Copy.exe.29622; MD5: adc420616c501b45d26c0fd3ef1e54e4)


=> Malicious files : 3/3 deleted.

____________________________________________

::::: Scan duration: 40sec :::::::::::::::::
____________________________________________

2/2/2015 7:51:34 PM > Drive J: - scan started (RECOVER MEDIA ONLY ONCE ~30532 MB, NTFS flash drive )...



=> The drive is clean.


2/2/2015 7:51:39 PM > Drive K: - scan started (LEAH GENOLO ~3808 MB, FAT32 flash drive )...

>>> K:\autorun.inf > Legitimate file.


=> The drive is clean.


2/2/2015 7:51:57 PM > Drive M: - scan started (BACKUP ~30518 MB, FAT32 flash drive )...

>>> M:\autorun.inf > Legitimate file.


=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.2.1.1 / Windows 7 <<<


2/2/2015 7:58:45 PM > Drive J: - scan started (RECOVER MEDIA ONLY ONCE ~30532 MB, NTFS flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.2.1.1 / Windows 7 <<<


2/2/2015 7:59:07 PM > Drive H: - scan started (no label ~7107 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.2.1.1 / Windows 7 <<<


2/2/2015 7:58:29 PM > Drive M: - scan started (BACKUP ~30518 MB, FAT32 flash drive )...

>>> M:\autorun.inf > Legitimate file.


=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.2.1.1 / Windows 7 <<<


2/2/2015 7:59:10 PM > Drive I: - scan started (MISC ~1910 MB, FAT flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.2.1.1 / Windows 7 <<<


2/2/2015 7:59:17 PM > Drive K: - scan started (LEAH GENOLO ~3808 MB, FAT32 flash drive )...

>>> K:\autorun.inf > Legitimate file.


=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.2.1.1 / Windows 7 <<<


2/2/2015 8:05:29 PM > Drive C: - scan started (OS ~920 GB, NTFS HDD )...



=> The drive is clean.


2/2/2015 8:05:29 PM > Drive D: - scan started (HP_RECOVERY ~12 GB, NTFS HDD )...



=> The drive is clean.


2/2/2015 8:05:36 PM > Drive G: - scan started (My Book ~233 GB, FAT32 HDD )...



=> The drive is clean.


2/2/2015 8:05:36 PM > Drive H: - scan started (no label ~7107 MB, FAT32 flash drive )...



=> The drive is clean.


2/2/2015 8:05:37 PM > Drive I: - scan started (MISC ~1910 MB, FAT flash drive )...



=> The drive is clean.


2/2/2015 8:05:42 PM > Drive J: - scan started (RECOVER MEDIA ONLY ONCE ~30532 MB, NTFS flash drive )...



=> The drive is clean.


2/2/2015 8:05:43 PM > Drive K: - scan started (LEAH GENOLO ~3808 MB, FAT32 flash drive )...

>>> K:\autorun.inf > Legitimate file.


=> The drive is clean.


2/2/2015 8:06:01 PM > Drive M: - scan started (BACKUP ~30518 MB, FAT32 flash drive )...

>>> M:\autorun.inf > Legitimate file.


=> The drive is clean.
  • 0

#66
leahcase
Posted 02 February 2015 - 08:18 PM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by LEAH (administrator) on LEAH-HP on 02-02-2015 20:11:57
Running from C:\Users\LEAH\Desktop
Loaded Profiles: LEAH (Available profiles: LEAH)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ShopAtHome.com) C:\Users\LEAH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\LEAH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ShopAtHome.com) C:\Users\LEAH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [Windows Media Center] => RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\LEAH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [130232 2014-11-25] (ShopAtHome.com)
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\LEAH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2014-11-25] (ShopAtHome.com)
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-629239370-1108922991-2781443091-1000] => localhost:8080
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=agc511
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM -> {DE30B262-EFFC-49B2-B5CA-F74EDFA0CA15} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM-x32 -> {DE30B262-EFFC-49B2-B5CA-F74EDFA0CA15} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKU\S-1-5-21-629239370-1108922991-2781443091-1000 -> {0FD1DCDB-032F-4A3D-9A70-3D3346C0E879} URL = http://isearch.shopa...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-629239370-1108922991-2781443091-1000 -> {9FE26522-63FB-437F-9C62-40E7F7ACDB46} URL = https://www.flickr.c...?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-629239370-1108922991-2781443091-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-13]
FF HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [126568 2015-01-20] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-13] (AVG Technologies)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [79360 2011-06-01] (ASIX Electronics Corp.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 20:11 - 2015-02-02 20:12 - 00032599 _____ () C:\Users\LEAH\Desktop\FRST.txt
2015-02-02 20:11 - 2015-02-02 20:11 - 02131456 _____ (Farbar) C:\Users\LEAH\Desktop\FRST64.exe
2015-02-02 20:10 - 2015-02-02 20:10 - 00008696 _____ () C:\Users\LEAH\Desktop\MCShield-AllScans.txt
2015-02-02 20:05 - 2015-02-02 20:05 - 00001078 _____ () C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2015-02-02 19:50 - 2015-02-02 20:06 - 00000000 ____D () C:\ProgramData\MCShield
2015-02-02 19:50 - 2015-02-02 20:05 - 00000000 ____D () C:\Program Files (x86)\MCShield
2015-02-02 19:50 - 2015-02-02 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-02-02 19:49 - 2015-02-02 19:49 - 02856736 _____ (MyCity) C:\Users\LEAH\Desktop\MCShield-Setup.exe
2015-02-02 19:48 - 2015-02-02 19:48 - 02856736 _____ (MyCity) C:\Users\LEAH\Downloads\MCShield-Setup.exe
2015-02-01 01:03 - 2015-02-01 01:03 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-02-01 01:03 - 2015-02-01 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-01 01:03 - 2015-02-01 01:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-01 01:03 - 2015-02-01 01:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-01 01:02 - 2015-02-01 01:02 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-01 01:02 - 2015-02-01 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-01 01:02 - 2015-02-01 01:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-01 01:02 - 2015-02-01 01:02 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-01 01:02 - 2015-02-01 01:02 - 00000000 ____D () C:\Program Files\Java
2015-01-31 03:51 - 2015-01-31 03:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-31 03:32 - 2013-12-25 21:06 - 00026768 _____ () C:\Users\LEAH\Desktop\Leah CaseRESUMEWORD2SHORTER VERISON.odt
2015-01-31 02:26 - 2015-01-31 02:26 - 00000000 ____D () C:\Users\Public\Documents\sun
2015-01-31 02:18 - 2015-01-31 02:18 - 135933721 _____ () C:\Users\LEAH\Downloads\OpenOffice_Setup [1].exe
2015-01-31 01:30 - 2015-01-31 01:30 - 00002980 _____ () C:\Windows\System32\Tasks\{908D02C7-1780-4D80-A96E-AB3A93B3D1ED}
2015-01-31 01:25 - 2015-01-31 01:25 - 00000193 _____ () C:\Windows\WORDPAD.INI
2015-01-29 01:34 - 2015-01-29 01:34 - 00001687 _____ () C:\Users\LEAH\Desktop\My Scans - Shortcut.lnk
2015-01-21 19:20 - 2015-01-21 19:20 - 00000000 ____D () C:\Windows\Hewlett-Packard
2015-01-14 03:11 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 03:11 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 03:11 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 03:11 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 03:11 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 03:11 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 03:11 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 03:11 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 03:11 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 03:11 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 03:11 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 03:11 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 03:11 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 19:23 - 2015-01-13 19:23 - 00000179 _____ () C:\Users\LEAH\Desktop\Google.url
2015-01-12 15:29 - 2015-01-12 15:29 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\ShopAtHome
2015-01-12 15:29 - 2015-01-12 15:29 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar
2015-01-09 17:49 - 2015-01-09 17:49 - 00000244 _____ () C:\Users\LEAH\Desktop\Amazon Mechanical Turk - Welcome (2).url
2015-01-05 15:38 - 2015-01-05 15:38 - 00000538 _____ () C:\Users\LEAH\Desktop\LDS Living - 7 Important Things You Should Study in Addition to the Scriptures.url
2015-01-04 18:56 - 2015-01-04 18:55 - 00451026 ____R () C:\Windows\system32\Drivers\etc\hosts.20150104-185603.backup
2015-01-04 18:55 - 2015-01-04 18:54 - 00451026 ____R () C:\Windows\system32\Drivers\etc\hosts.20150104-185515.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 20:11 - 2014-08-15 15:26 - 00000000 ____D () C:\FRST
2015-02-02 20:05 - 2014-06-16 20:32 - 01660543 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 19:22 - 2013-03-12 19:32 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-02 19:22 - 2013-01-07 21:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-02 15:56 - 2014-08-11 18:06 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9DFA2F7-49D8-4BDA-88CB-519C621E9C35}
2015-02-01 09:21 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 09:21 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 09:14 - 2014-08-11 17:26 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-01 09:14 - 2011-12-17 02:41 - 00000000 ____D () C:\ProgramData\PDFC
2015-02-01 09:13 - 2014-11-16 01:00 - 00006240 _____ () C:\Windows\setupact.log
2015-02-01 09:13 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 01:08 - 2014-11-18 06:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 01:00 - 2013-01-10 11:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-01 01:00 - 2011-12-17 02:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 04:58 - 2013-01-06 21:26 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-01-31 03:55 - 2014-11-16 05:44 - 00064824 _____ () C:\Users\LEAH\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 03:53 - 2014-11-16 05:39 - 00296104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 03:52 - 2014-11-16 05:38 - 00574092 _____ () C:\Windows\PFRO.log
2015-01-31 03:52 - 2014-08-15 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-31 03:51 - 2014-08-24 21:20 - 00001835 _____ () C:\Windows\wininit.ini
2015-01-31 03:51 - 2014-08-15 12:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-31 03:20 - 2014-06-12 14:17 - 00000000 ____D () C:\Users\LEAH\Desktop\LEAH CASE RESMAUE
2015-01-31 02:24 - 2014-11-21 01:11 - 00000000 ___RD () C:\Users\LEAH\Desktop\New Briefcase
2015-01-31 02:23 - 2014-11-26 01:56 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-30 21:12 - 2013-01-06 20:44 - 00000000 ____D () C:\Users\LEAH\AppData\Local\CrashDumps
2015-01-25 00:25 - 2013-01-07 21:01 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\HpUpdate
2015-01-23 09:38 - 2014-07-11 22:53 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\DMCache
2015-01-23 09:38 - 2013-01-09 23:44 - 00000000 ____D () C:\Users\LEAH\AppData\Local\Apple Computer
2015-01-23 09:37 - 2014-08-23 03:04 - 00000000 ___RD () C:\Users\LEAH\Dropbox
2015-01-23 09:37 - 2013-03-02 14:12 - 00000000 ____D () C:\ProgramData\SmartPCScan
2015-01-23 09:37 - 2013-01-06 19:12 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-23 09:37 - 2011-12-17 02:35 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-21 19:21 - 2011-12-17 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-21 19:21 - 2011-12-17 02:31 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-01-17 15:48 - 2014-08-20 14:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-15 03:23 - 2009-07-13 20:34 - 00451075 ____R () C:\Windows\system32\Drivers\etc\hosts.20150116-201508.backup
2015-01-15 03:06 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2013-01-09 14:19 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 22:40 - 2014-11-24 16:48 - 00002010 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-13 22:28 - 2013-01-07 22:55 - 00205136 _____ () C:\Windows\hpwins26.dat
2015-01-13 22:28 - 2013-01-07 22:55 - 00007689 _____ () C:\ProgramData\hpzinstall.log
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-11-26 16:31 - 2014-12-17 13:34 - 1836584 _____ (BeFrugal.com                                                ) C:\Users\LEAH\AppData\Roaming\BeFrugal.com-Install.exe
2014-06-12 09:39 - 2014-11-23 00:51 - 0000097 _____ () C:\Users\LEAH\AppData\Roaming\WB.CFG
2014-08-15 12:09 - 2014-08-15 12:09 - 0000327 _____ () C:\Users\LEAH\AppData\Local\LMIR0001.tmp_r.bat
2013-01-07 22:55 - 2015-01-13 22:28 - 0007689 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\LEAH\jobq.dat

Some content of TEMP:
====================
C:\Users\LEAH\AppData\Local\Temp\bdbcabfcgcd.exe
C:\Users\LEAH\AppData\Local\Temp\bdbcabfcghb.exe
C:\Users\LEAH\AppData\Local\Temp\insHv12.exe
C:\Users\LEAH\AppData\Local\Temp\VSTStubSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-31 06:18

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by LEAH at 2015-02-02 20:12:56
Running from C:\Users\LEAH\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
FamilySearch Indexing 3.17.7 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.17.7 - FamilySearch)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Download Manager (HKLM-x32\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickShare (HKLM-x32\...\{063C68D3-B0B7-4FBC-AE78-A81906C11888}) (Version: 10.165.60.13189 - Linkury Inc.) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
ShopAtHome.com Helper (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\ShopAtHome.com Helper) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\ShopAtHome.com Toolbar) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unchecky v0.3.6 (HKLM-x32\...\Unchecky) (Version: 0.3.6 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
videos MediaPlay-Air (HKLM-x32\...\videos MediaPlay-Air) (Version: 1.34.7.29 - enter) <==== ATTENTION
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
weDownload Manager (HKLM-x32\...\weDownload Manager) (Version: 1.29.153.0 - weDownload) <==== ATTENTION
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-629239370-1108922991-2781443091-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\vcamp110d.dll No File

==================== Restore Points  =========================

25-01-2015 19:00:03 Windows Backup
27-01-2015 02:44:22 Windows Update
30-01-2015 04:02:24 Windows Update
31-01-2015 01:39:45 Installed OpenOffice 4.1.1
31-01-2015 04:55:41 Removed OpenOffice.org 3.4.1
31-01-2015 04:57:02 Removed OpenOffice.org 3.4.1
01-02-2015 19:00:04 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-02-01 09:14 - 00451075 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C7EA0FD-7285-4C80-9943-3BD6B7D81D36} - System32\Tasks\{908D02C7-1780-4D80-A96E-AB3A93B3D1ED} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {1B07E940-CCEC-4A0F-A950-6E3456973190} - System32\Tasks\{FE90A798-363B-41BC-B002-E2BBB9C59536} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {264BAED9-FEAB-4FB9-A7D0-8B9D021EF30B} - System32\Tasks\{4CB9516C-3831-4A88-9B1B-6DDC48B59BF1} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-11-21] (Malwarebytes Corporation)
Task: {393B4F8B-0BAF-4F37-A54C-71B192797D8A} - System32\Tasks\{493445C6-BF12-4A4A-B1D9-9FE3CE9510FB} => C:\Users\LEAH\Desktop\mbam-setup-2.0.2.1012 (2).exe
Task: {42B8FC1C-1FE4-42D6-9544-26DADCF7E265} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {49498BC4-E0A0-4EF0-97B0-C8BDAA752EC8} - System32\Tasks\{D01D8908-5375-44DF-A105-8D03876CF021} => C:\Users\LEAH\Desktop\mbam-setup-2.0.2.1012 (2).exe
Task: {6090FC54-A322-44F7-941A-D934DE287DD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {7C94BDDC-EB79-4287-B176-2C997076693A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: {861E73C1-2067-4BBB-92A8-F02F2905F07E} - System32\Tasks\{33ECF48C-FF93-4F02-BC47-2D66A381F819} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-11-21] (Malwarebytes Corporation)
Task: {8CAB1C1C-7377-4E58-94B2-46D25950788F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {937738D7-E59D-483E-B103-FF1846150A31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9F73D8F0-BAA8-439D-A342-738BBF13FC8C} - \{927C330E-D5AF-4C6F-823A-EBFBED91EDCB} No Task File <==== ATTENTION
Task: {9F888ADB-89C9-404A-950A-CF8DB5604191} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B0AAD1D6-306A-4F18-ACA5-9F6B2A498B52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {C4381A08-8FE7-4F4C-A1FE-7CAE6642E42D} - System32\Tasks\{D31BE2FF-8791-4084-9C84-D5C535F39145} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {CB93E69C-981F-43DD-AA8C-F051DE3D39C9} - System32\Tasks\{E49E27E2-E1B2-4853-AFB2-0DAE1C0E4197} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {DA5A44CB-8BC3-41FF-A937-B2E94B1F6B12} - System32\Tasks\{07E4CAC6-BF2B-460D-86AC-0ECDECF1D0F7} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {DDA0C6E3-72B8-4547-BE34-ECFD14BFEC51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E5201DBC-9983-4AB1-B69F-DAD9B323DFCA} - System32\Tasks\{C6E515D5-FCC3-4057-80EF-D7D676AE478A} => pcalua.exe -a "C:\Users\LEAH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZFHGBSC\LMSetup.exe" -d C:\Users\LEAH\Desktop
Task: {EBA62374-416C-4CE6-A4BD-663FA4947479} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F4E0C83E-FCCF-4867-A1B7-4ACFB312FF55} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {FC1FCB41-F994-46C0-839E-22B2C6F93153} - \{6ED07F91-F516-4CB3-96BC-1067883196B0} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLEAH.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2011-06-30 02:14 - 2011-06-30 02:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 16:20 - 2011-03-14 16:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-01-31 13:55 - 2015-01-31 13:55 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15013101\algo.dll
2015-02-02 13:18 - 2015-02-02 13:18 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020201\algo.dll
2014-11-24 16:47 - 2014-11-24 16:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-20 19:28 - 2015-01-20 19:28 - 00058880 _____ () C:\Program Files (x86)\Unchecky\bin\collector.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iYogi Support Dock => "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-629239370-1108922991-2781443091-500 - Administrator - Disabled)
Guest (S-1-5-21-629239370-1108922991-2781443091-501 - Administrator - Disabled)
LEAH (S-1-5-21-629239370-1108922991-2781443091-1000 - Administrator - Enabled) => C:\Users\LEAH

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 07:22:34 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (01/31/2015 01:40:37 AM) (Source: MsiInstaller) (EventID: 1013) (User: LEAH-HP)
Description: Product: OpenOffice.org 3.4 -- Please exit OpenOffice.org 3.4 and the OpenOffice.org 3.4 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice.org 3.4 open.

Error: (01/30/2015 09:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: Flash32_15_0_0_239.ocx, version: 15.0.0.239, time stamp: 0x546d16a5
Exception code: 0xc0000005
Fault offset: 0x00007027
Faulting process id: 0x9c8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/06/2015 10:03:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: Flash32_15_0_0_239.ocx, version: 15.0.0.239, time stamp: 0x546d16a5
Exception code: 0xc0000005
Fault offset: 0x0064d888
Faulting process id: 0x7ee0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/24/2014 04:47:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary isahotgp.

System Error:
The system cannot find the file specified.
.

Error: (11/24/2014 04:42:51 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <10, 0x80070005, "">.

Error: (11/23/2014 08:42:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service vtIPwA since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/23/2014 08:42:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service MaintainerSvc3.35.6688013 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/23/2014 07:00:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service vtIPwA since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/23/2014 07:00:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service MaintainerSvc3.35.6688013 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

System errors:
=============
Error: (02/01/2015 09:13:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:12:48 AM on ‎2/‎1/‎2015 was unexpected.

Error: (02/01/2015 00:39:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/01/2015 00:39:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/31/2015 05:53:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/31/2015 03:51:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/31/2015 00:59:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:21:14 AM on ‎1/‎31/‎2015 was unexpected.

Error: (01/25/2015 09:20:54 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/23/2015 10:45:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/23/2015 10:45:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/23/2015 09:42:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Microsoft Office Sessions:
=========================
Error: (02/01/2015 07:22:34 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)

Error: (01/31/2015 01:40:37 AM) (Source: MsiInstaller) (EventID: 1013) (User: LEAH-HP)
Description: Product: OpenOffice.org 3.4 -- Please exit OpenOffice.org 3.4 and the OpenOffice.org 3.4 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice.org 3.4 open.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/30/2015 09:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccFlash32_15_0_0_239.ocx15.0.0.239546d16a5c0000005000070279c801d03ccccc5f24c8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_239.ocx02b9b713-a8f7-11e4-916e-3860770f2ad2

Error: (01/06/2015 10:03:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccFlash32_15_0_0_239.ocx15.0.0.239546d16a5c00000050064d8887ee001d0292ccaf90497C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_239.ocx225dcb3a-9622-11e4-bb11-3860770f2ad2

Error: (11/24/2014 04:47:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary isahotgp.

System Error:
The system cannot find the file specified.

Error: (11/24/2014 04:42:51 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 100x80070005

Error: (11/23/2014 08:42:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service vtIPwA since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (11/23/2014 08:42:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service MaintainerSvc3.35.6688013 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (11/23/2014 07:00:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service vtIPwA since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (11/23/2014 07:00:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service MaintainerSvc3.35.6688013 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

CodeIntegrity Errors:
===================================
  Date: 2014-11-24 11:36:43.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-24 11:36:43.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-18 17:56:28.663
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-18 17:56:28.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD E2-3200 APU with Radeon™ HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 3570.82 MB
Available physical RAM: 2068.7 MB
Total Pagefile: 7139.83 MB
Available Pagefile: 5255.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.68 GB) (Free:859.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.74 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (My Book) (Fixed) (Total:232.83 GB) (Free:211.34 GB) FAT32
Drive h: () (Removable) (Total:6.94 GB) (Free:6.94 GB) FAT32
Drive i: (MISC) (Removable) (Total:1.87 GB) (Free:1.5 GB) FAT
Drive j: (RECOVER MEDIA ONLY ONCE) (Removable) (Total:29.82 GB) (Free:19.48 GB) NTFS
Drive k: (LEAH GENOLO) (Removable) (Total:3.72 GB) (Free:2.08 GB) FAT32
Drive m: (BACKUP) (Removable) (Total:29.8 GB) (Free:0 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7482C7C6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: 8F9C798A)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 0806D320)
Partition 1: (Active) - (Size=29.8 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7.5 GB) (Disk ID: 7933CD6C)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=510 MB) - (Type=82)

========================================================
Disk: 6 (Size: 1.9 GB) (Disk ID: 0C6B0413)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

========================================================
Disk: 7 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#67
leahcase
Posted 02 February 2015 - 08:29 PM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-02-02 20:20:18
-----------------------------
20:20:18.833 OS Version: Windows x64 6.1.7601 Service Pack 1
20:20:18.833 Number of processors: 2 586 0x100
20:20:18.833 ComputerName: LEAH-HP UserName: LEAH
20:20:21.095 Initialize success
20:20:21.127 VM: initialized successfully
20:20:21.127 VM: Amd CPU BiosDisabled
20:20:24.652 AVAST engine defs: 15020201
20:20:33.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
20:20:33.781 Disk 0 Vendor: ST310005 HP64 Size: 953869MB BusType: 11
20:20:33.874 Disk 0 MBR read successfully
20:20:33.890 Disk 0 MBR scan
20:20:33.890 Disk 0 Windows 7 default MBR code
20:20:33.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:20:33.906 Disk 0 default boot code
20:20:33.921 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941748 MB offset 206848
20:20:33.952 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12019 MB offset 1928908485
20:20:33.999 Disk 0 scanning C:\Windows\system32\drivers
20:20:42.876 Service scanning
20:20:57.040 Modules scanning
20:20:57.056 Disk 0 trace - called modules:
20:20:57.072 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:20:57.072 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041e3060]
20:20:57.072 3 CLASSPNP.SYS[fffff8800180e43f] -> nt!IofCallDriver -> [0xfffffa80040a3ac0]
20:20:57.087 5 amd_xata.sys[fffff880010718f7] -> nt!IofCallDriver -> \Device\00000058[0xfffffa800409f9c0]
20:20:58.164 AVAST engine scan C:\Windows
20:21:00.644 AVAST engine scan C:\Windows\system32
20:23:16.669 AVAST engine scan C:\Windows\system32\drivers
20:23:29.399 AVAST engine scan C:\Users\LEAH
20:25:20.486 AVAST engine scan C:\ProgramData
20:26:39.313 Disk 0 statistics 3665896/0/0 @ 7.62 MB/s
20:26:39.329 Scan finished successfully
20:27:11.855 Disk 0 MBR has been saved successfully to "C:\Users\LEAH\Desktop\MBR.dat"
20:27:11.855 The log file has been saved successfully to "C:\Users\LEAH\Desktop\aswMBR.txt"


Thank you for your help..
  • 0

#68
leahcase
Posted 02 February 2015 - 09:28 PM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
p…::¦Ñú§9_3ýºw–óxô…üŽã2¶¶&Y
.‘¸X.5¿f…c.. this is what pulls up when I open it up on open office.... all of my data is like that......
  • 0

#69
leahcase
Posted 02 February 2015 - 09:29 PM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
ú·4&%ÜT§œájÁÀ2·†–©¸G¶Ì›ù1ÇÁÖ‘âÖCêŽ?#„cEŸƒ¤2¢ jµ›qˆ‹:H<ï@ï­à«\bar‰y2\öÓ²?·°;DE8¢R¢×x:‰ú<¬Ô•äí¤¥&%ÂÄ|ñ°š‚.”¥ˆV*® @¦$ÐÃÒׯ¢p½Y±®â
  • 0

#70
leahcase
Posted 02 February 2015 - 09:40 PM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
I found this while I was trying to bring up something from my thumb drive....


What happened to your files?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia...._(cryptosystem)

What does this mean?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work
with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.


For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.http://paytordmbdekm...pacho.com/Nv2mL
2.http://paytordmbdekm...botor.com/Nv2mL
3.http://paytordmbdekm...vetor.com/Nv2mL
4.http://paytordmbdekm...vsusd.com/Nv2mL

If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torprojec...browser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: paytordmbdekmizq.onion/Nv2mL
4. Follow the instructions on the site.

IMPORTANT INFORMATION:

Your Personal PAGE: http://paytordmbdekm...pacho.com/Nv2mL
Your Personal PAGE(using TOR): paytordmbdekmizq.onion/Nv2mL
Your personal code (if you open the site (or TOR 's) directly): Nv2mL
  • 0

Advertisements

#71
Essexboy
Posted 03 February 2015 - 09:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Your files have been encrypted by ransomeware, yet I see no sign of that on your system. So I will run an additional tool to check it out

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-629239370-1108922991-2781443091-1000] => localhost:8080
FF Plugin HKU\S-1-5-21-629239370-1108922991-2781443091-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-13] (AVG Technologies)
2015-01-31 01:30 - 2015-01-31 01:30 - 00002980 _____ () C:\Windows\System32\Tasks\{908D02C7-1780-4D80-A96E-AB3A93B3D1ED}
2014-11-26 16:31 - 2014-12-17 13:34 - 1836584 _____ (BeFrugal.com ) C:\Users\LEAH\AppData\Roaming\BeFrugal.com-Install.exe
CustomCLSID: HKU\S-1-5-21-629239370-1108922991-2781443091-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\vcamp110d.dll No File
Task: {9F73D8F0-BAA8-439D-A342-738BBF13FC8C} - \{927C330E-D5AF-4C6F-823A-EBFBED91EDCB} No Task File <==== ATTENTION
Task: {E5201DBC-9983-4AB1-B69F-DAD9B323DFCA} - System32\Tasks\{C6E515D5-FCC3-4057-80EF-D7D676AE478A} => pcalua.exe -a "C:\Users\LEAH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZFHGBSC\LMSetup.exe" -d C:\Users\LEAH\Desktop
Task: {FC1FCB41-F994-46C0-839E-22B2C6F93153} - \{6ED07F91-F516-4CB3-96BC-1067883196B0} No Task File <==== ATTENTION
C:\Users\LEAH\jobq.dat
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

IDToolbyNathan.png Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
  • Enter the IDTool directory, right-click on IDToolbyNathan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • IDTool needs Microsoft .NET Framework environment to work properly, so if prompted to download & install it please agree
  • Wait patiently until the tool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience
Please include that contents in your next reply.
  • 0

#72
leahcase
Posted 03 February 2015 - 09:53 AM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by LEAH at 2015-02-03 09:26:54 Run:4
Running from C:\Users\LEAH\Desktop
Loaded Profiles: LEAH (Available profiles: LEAH)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-629239370-1108922991-2781443091-1000] => localhost:8080
FF Plugin HKU\S-1-5-21-629239370-1108922991-2781443091-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-13] (AVG Technologies)
2015-01-31 01:30 - 2015-01-31 01:30 - 00002980 _____ () C:\Windows\System32\Tasks\{908D02C7-1780-4D80-A96E-AB3A93B3D1ED}
2014-11-26 16:31 - 2014-12-17 13:34 - 1836584 _____ (BeFrugal.com ) C:\Users\LEAH\AppData\Roaming\BeFrugal.com-Install.exe
CustomCLSID: HKU\S-1-5-21-629239370-1108922991-2781443091-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\vcamp110d.dll No File
Task: {9F73D8F0-BAA8-439D-A342-738BBF13FC8C} - \{927C330E-D5AF-4C6F-823A-EBFBED91EDCB} No Task File <==== ATTENTION
Task: {E5201DBC-9983-4AB1-B69F-DAD9B323DFCA} - System32\Tasks\{C6E515D5-FCC3-4057-80EF-D7D676AE478A} => pcalua.exe -a "C:\Users\LEAH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZFHGBSC\LMSetup.exe" -d C:\Users\LEAH\Desktop
Task: {FC1FCB41-F994-46C0-839E-22B2C6F93153} - \{6ED07F91-F516-4CB3-96BC-1067883196B0} No Task File <==== ATTENTION
C:\Users\LEAH\jobq.dat
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Windows\System32\Tasks\{908D02C7-1780-4D80-A96E-AB3A93B3D1ED} => Moved successfully.
C:\Users\LEAH\AppData\Roaming\BeFrugal.com-Install.exe => Moved successfully.
"HKU\S-1-5-21-629239370-1108922991-2781443091-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F73D8F0-BAA8-439D-A342-738BBF13FC8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F73D8F0-BAA8-439D-A342-738BBF13FC8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{927C330E-D5AF-4C6F-823A-EBFBED91EDCB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5201DBC-9983-4AB1-B69F-DAD9B323DFCA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5201DBC-9983-4AB1-B69F-DAD9B323DFCA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C6E515D5-FCC3-4057-80EF-D7D676AE478A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6E515D5-FCC3-4057-80EF-D7D676AE478A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC1FCB41-F994-46C0-839E-22B2C6F93153}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC1FCB41-F994-46C0-839E-22B2C6F93153}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6ED07F91-F516-4CB3-96BC-1067883196B0}" => Key deleted successfully.
C:\Users\LEAH\jobq.dat => Moved successfully.
EmptyTemp: => Removed 58.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog 09:27:32 ====


  • 0

#73
leahcase
Posted 03 February 2015 - 10:06 AM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

I am not  able to download  IDTool..when I save it to my desktop and I go to reopen it or unzip I am not able to do anything...it does not install at all


  • 0

#74
leahcase
Posted 03 February 2015 - 10:11 AM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

now I can go to the website and download it from there.. if you want me to..


  • 0

#75
leahcase
Posted 03 February 2015 - 10:12 AM

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

sorry it didn't work..


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP