Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected wih Cryptodefense ransomware, please help.

Cryptodefense ransomware

  • Please log in to reply

#1
mary58

mary58

    Member

  • Member
  • PipPipPip
  • 105 posts

Hi,

We have a computer that is infected with Cryptodefense.  Files have been encrypted by this virus.  Everytime I restart this computer, a txt document with instructions pops up. and a browser window opens with more instructions and link to where to pay to get my files back. Below is my OTL log. 

OTL logfile created on: 3/29/2014 3:56:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.71 Mb Total Physical Memory | 237.93 Mb Available Physical Memory | 23.47% Memory free
2.44 Gb Paging File | 1.36 Gb Available in Paging File | 55.71% Paging File free
Paging file location(s): c:\pagefile.sys 1521 1521 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 37.99 Gb Free Space | 38.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.48% Space Free | Partition Type: NTFS
 
Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 15:37:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2014/03/27 14:53:32 | 000,106,248 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/15 18:45:10 | 004,163,584 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 19:48:30 | 000,091,496 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
PRC - [2009/03/16 19:44:54 | 002,835,816 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
PRC - [2007/02/07 22:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/07 17:26:52 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe
PRC - [2006/11/03 15:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 15:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/13 09:31:34 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/11/15 11:08:02 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/15 11:07:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
MOD - [2006/11/03 15:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 15:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006/08/18 11:17:36 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2014/03/27 14:53:32 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/03/15 01:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/12 11:47:52 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/02/15 18:45:10 | 004,163,584 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/07 17:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)
SRV - [2006/11/07 11:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jim\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/03/29 15:27:09 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{097E47C6-8512-4084-A4CD-946856C523C9}\MpKsl0f682be9.sys -- (MpKsl0f682be9)
DRV - [2014/03/26 18:43:50 | 000,058,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2014/03/23 16:08:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/12/04 18:23:36 | 000,050,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/03/28 18:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2007/02/07 22:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/11 06:05:20 | 002,206,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006/11/20 12:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 12:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 12:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 16:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 11:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 11:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 11:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 11:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 11:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 11:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 11:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 11:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 13:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 08:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 08:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.dell.com/support/in [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cabelas.c...requestid=92544
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7BFE32BFBC-7CE5-CA03-8A50-0615902151C0%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.%25(version)s
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
FF - prefs.js..extensions.enabledAddons: %7B6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3%7D:1.4.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.4
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.8
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 22:42:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/04 10:59:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/26 13:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/26 22:29:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 22:42:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Jim\AppData\Roaming\Move Networks [2010/02/02 14:42:07 | 000,000,000 | ---D | M]
 
[2008/07/25 17:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2014/03/27 16:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions
[2014/03/22 19:32:10 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2014/03/22 19:32:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2014/03/27 16:07:33 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2014/03/22 19:32:42 | 000,000,000 | ---D | M] (Microsoft Flat Scrollbar Control 6.0 (SP4)) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{FE32BFBC-7CE5-CA03-8A50-0615902151C0}
[2014/03/22 19:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2014/03/27 13:15:20 | 000,063,388 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\[email protected]
[2014/03/27 16:07:36 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2008/03/20 14:43:48 | 000,001,502 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\xpinstall\xpinstallConfirm.css
[2014/03/22 19:32:08 | 000,001,622 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\xpinstall\xpinstallItemGeneric.png
[2014/03/23 20:50:25 | 000,001,551 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\searchplugins\swagbuckscom.xml
[2014/03/26 13:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/26 13:38:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/02 14:42:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\JIM\APPDATA\ROAMING\MOVE NETWORKS
[2009/09/02 03:02:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Microsoft Flat Scrollbar Control 6.0 (SP4) = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\4.0.4\
CHR - Extension: Google Wallet = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/03/23 17:19:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML ()
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.TXT ()
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{853E4690-CD60-4910-A6A7-58C4AF3E07A7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/29 15:37:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2014/03/28 12:22:55 | 000,000,000 | ---D | C] -- C:\Windows\Temp198C81B3-7D85-FCDE-9E0A-FB12C7B02F4D-Signatures
[2014/03/27 14:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/03/27 14:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/03/27 14:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/03/27 13:28:49 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\tdsskiller
[2014/03/27 12:24:58 | 000,000,000 | ---D | C] -- C:\Windows\TempB4F5739D-E215-85C6-81D3-C8A4351E735E-Signatures
[2014/03/26 19:40:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\EurekaLab s.a.s
[2014/03/26 13:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2014/03/26 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\Anti-Malware
[2014/03/26 13:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2014/03/26 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/03/26 13:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/03/26 12:03:01 | 000,000,000 | ---D | C] -- C:\Windows\TempF589AB41-A5F2-BF2A-6545-87EB3F0CE685-Signatures
[2014/03/23 17:27:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/23 16:49:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/23 16:49:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/23 16:49:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/23 16:47:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/23 16:22:44 | 000,000,000 | ---D | C] -- C:\found.001
[2014/03/23 14:23:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/03/22 16:53:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Odwics
[2014/03/22 16:50:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\{BD1252B4-9CB6-4B0B-AB44-972A81AF2571}
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/29 15:47:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/29 15:37:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2014/03/29 15:29:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/29 15:25:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/29 15:24:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/29 15:24:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/29 15:23:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/29 15:23:39 | 1063,718,912 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/29 15:18:47 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/03/28 15:56:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/27 14:53:32 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/03/26 14:01:11 | 000,054,682 | ---- | M] () -- C:\Users\Jim\Documents\cc_20140326_140059.reg
[2014/03/26 13:49:54 | 000,000,914 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2014/03/26 13:49:53 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014/03/26 13:39:14 | 000,000,872 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/26 13:38:59 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/26 11:48:46 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/26 11:48:46 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/25 14:46:34 | 000,321,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/23 17:19:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/03/23 16:08:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/03/23 15:53:59 | 000,005,568 | ---- | M] () -- C:\Users\Jim\AppData\Local\d3d9caps.dat
[2014/03/23 14:58:01 | 000,000,276 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job
[2014/03/22 21:05:20 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML
[2014/03/22 21:05:20 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL
[2014/03/22 20:57:53 | 000,002,777 | ---- | M] () -- C:\Users\Public\Documents\HOW_DECRYPT.HTML
[2014/03/22 20:57:53 | 000,000,133 | ---- | M] () -- C:\Users\Public\Documents\HOW_DECRYPT.URL
[2014/03/22 20:57:52 | 000,002,777 | ---- | M] () -- C:\Users\Jim\HOW_DECRYPT.HTML
[2014/03/22 20:57:52 | 000,001,878 | ---- | M] () -- C:\Users\Public\Documents\Debs dad letter.rtf
[2014/03/22 20:57:52 | 000,000,133 | ---- | M] () -- C:\Users\Jim\HOW_DECRYPT.URL
[2014/03/22 19:47:49 | 000,002,777 | ---- | M] () -- C:\Users\Jim\Documents\HOW_DECRYPT.HTML
[2014/03/22 19:47:49 | 000,000,133 | ---- | M] () -- C:\Users\Jim\Documents\HOW_DECRYPT.URL
[2014/03/22 19:47:48 | 001,331,286 | ---- | M] () -- C:\Users\Jim\Documents\yoshimoto cube.wps
[2014/03/22 19:47:42 | 000,001,110 | ---- | M] () -- C:\Users\Jim\Documents\tab backup  7 25 08.rtf
[2014/03/22 19:47:40 | 000,016,726 | ---- | M] () -- C:\Users\Jim\Documents\puma jagdmesser knife.wps
[2014/03/22 19:47:38 | 000,017,238 | ---- | M] () -- C:\Users\Jim\Documents\promotion request 2010.wps
[2014/03/22 19:47:27 | 000,004,950 | ---- | M] () -- C:\Users\Jim\Documents\freewillsovreigntyofGod.rtf
[2014/03/22 19:47:24 | 000,000,854 | ---- | M] () -- C:\Users\Jim\Documents\frank 10-09.rtf
[2014/03/22 19:47:23 | 014,564,182 | ---- | M] () -- C:\Users\Jim\Documents\DSCN2284.MOV
[2014/03/22 19:46:21 | 000,001,878 | ---- | M] () -- C:\Users\Jim\Documents\Debs dad letter.rtf
[2014/03/22 19:46:19 | 001,633,622 | ---- | M] () -- C:\Users\Jim\Documents\12 pyramids.wps
[2014/03/22 19:46:12 | 000,469,846 | ---- | M] () -- C:\Users\Jim\Desktop\Tobymac - Poetically Correct.mp3
[2014/03/22 19:46:10 | 001,760,342 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac- Ill-M-I.mp3
[2014/03/22 19:46:02 | 001,760,342 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac- Gone.mp3
[2014/03/22 19:45:55 | 001,910,870 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac -Lose My Soul.mp3
[2014/03/22 19:45:46 | 001,197,398 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac - Tru-Dog_ The Return.mp3
[2014/03/22 19:45:37 | 000,857,174 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac - Hype Man(truDog '07).mp3
[2014/03/22 19:45:30 | 001,728,342 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac - Catchafire (Whoopsi-Daisy).mp3
[2014/03/22 19:45:15 | 002,075,478 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac - Atmosphere.mp3
[2014/03/22 19:37:20 | 000,027,478 | ---- | M] () -- C:\Users\Jim\Desktop\Leadership class notes  2 min speech.wps
[2014/03/22 19:36:45 | 021,857,110 | ---- | M] () -- C:\Users\Jim\Desktop\Friday Opening Keynote Address  Carl Medearis.mp3
[2014/03/22 19:35:19 | 001,428,054 | ---- | M] () -- C:\Users\Jim\Desktop\FM Static - Definitely Maybe.mp3
[2014/03/22 19:33:37 | 001,049,942 | ---- | M] () -- C:\Users\Jim\Desktop\DSCN3115.JPG
[2014/03/22 19:33:02 | 000,025,430 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\UserTile.png
[2014/03/22 19:33:02 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.HTML
[2014/03/22 19:33:02 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.URL
[2014/03/22 19:26:17 | 000,002,777 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.HTML
[2014/03/22 19:26:17 | 000,000,133 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.URL
[2014/03/22 19:26:16 | 000,008,022 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\3nc3p73o15Y45Z05T0aagde8f0e263be81b23[1].jpg
[2014/03/22 19:11:23 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.HTML
[2014/03/22 19:11:23 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.URL
[2014/03/22 19:06:40 | 000,002,777 | ---- | M] () -- C:\ProgramData\HOW_DECRYPT.HTML
[2014/03/22 19:06:40 | 000,000,133 | ---- | M] () -- C:\ProgramData\HOW_DECRYPT.URL
[2014/03/22 18:39:33 | 000,059,904 | -H-- | M] () -- C:\Users\Jim\AppData\Roaming\zlib1.dll
[2014/03/15 12:36:45 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2014/03/27 15:59:46 | 1063,718,912 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/27 14:53:32 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/03/26 14:01:04 | 000,054,682 | ---- | C] () -- C:\Users\Jim\Documents\cc_20140326_140059.reg
[2014/03/26 13:49:54 | 000,000,914 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2014/03/26 13:49:53 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014/03/26 13:38:58 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/25 12:34:20 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/03/24 19:52:32 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/03/23 16:49:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/23 16:49:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/23 16:49:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/23 16:49:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/23 16:49:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/23 14:58:01 | 000,000,276 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job
[2014/03/22 21:05:20 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML
[2014/03/22 21:05:20 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL
[2014/03/22 20:57:53 | 000,002,777 | ---- | C] () -- C:\Users\Public\Documents\HOW_DECRYPT.HTML
[2014/03/22 20:57:53 | 000,000,133 | ---- | C] () -- C:\Users\Public\Documents\HOW_DECRYPT.URL
[2014/03/22 20:57:52 | 000,002,777 | ---- | C] () -- C:\Users\Jim\HOW_DECRYPT.HTML
[2014/03/22 20:57:52 | 000,000,133 | ---- | C] () -- C:\Users\Jim\HOW_DECRYPT.URL
[2014/03/22 19:47:49 | 000,002,777 | ---- | C] () -- C:\Users\Jim\Documents\HOW_DECRYPT.HTML
[2014/03/22 19:47:49 | 000,000,133 | ---- | C] () -- C:\Users\Jim\Documents\HOW_DECRYPT.URL
[2014/03/22 19:33:02 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.HTML
[2014/03/22 19:33:02 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.URL
[2014/03/22 19:26:17 | 000,002,777 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.HTML
[2014/03/22 19:26:17 | 000,000,133 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.URL
[2014/03/22 19:11:23 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.HTML
[2014/03/22 19:11:23 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.URL
[2014/03/22 19:06:40 | 000,002,777 | ---- | C] () -- C:\ProgramData\HOW_DECRYPT.HTML
[2014/03/22 19:06:40 | 000,000,133 | ---- | C] () -- C:\ProgramData\HOW_DECRYPT.URL
[2014/03/22 18:39:33 | 000,059,904 | -H-- | C] () -- C:\Users\Jim\AppData\Roaming\zlib1.dll
[2010/08/30 11:51:07 | 000,000,000 | ---- | C] () -- C:\Users\Jim\jagex__preferences3.dat
[2010/08/30 11:50:59 | 000,000,000 | ---- | C] () -- C:\Users\Jim\jagex_runescape_preferences2.dat
[2010/08/30 11:49:22 | 000,000,046 | ---- | C] () -- C:\Users\Jim\jagex_runescape_preferences.dat
[2009/07/03 18:06:06 | 000,002,198 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\SAS7_000.DAT
[2008/10/24 14:17:23 | 000,025,430 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\UserTile.png
[2008/10/15 13:42:26 | 000,005,568 | ---- | C] () -- C:\Users\Jim\AppData\Local\d3d9caps.dat
[2007/06/20 19:28:08 | 000,000,632 | RHS- | C] () -- C:\Users\Jim\ntuser.pol
[2007/05/27 14:43:50 | 000,000,746 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2007/03/21 13:26:28 | 000,028,672 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/03/26 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\EurekaLab s.a.s
[2007/10/06 10:43:26 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GARMIN
[2014/03/22 19:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Nuance
[2008/10/24 14:17:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PeerNetworking
[2007/05/27 14:43:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Template
[2009/11/09 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\WildTangent
[2014/03/22 16:50:39 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\{BD1252B4-9CB6-4B0B-AB44-972A81AF2571}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

 

OTL Extras logfile created on: 3/29/2014 3:56:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.71 Mb Total Physical Memory | 237.93 Mb Available Physical Memory | 23.47% Memory free
2.44 Gb Paging File | 1.36 Gb Available in Paging File | 55.71% Paging File free
Paging file location(s): c:\pagefile.sys 1521 1521 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 37.99 Gb Free Space | 38.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.48% Space Free | Partition Type: NTFS
 
Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{767C0171-B181-4C43-8A2B-66ADF14AFEC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BB9586D-67C8-430E-91B0-41DA1AA29FA7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A84DE063-ED1D-4C08-93FF-B43BC453986D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA0D1E0D-6C18-484E-8F08-668C446A8E9B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{3B6FEA29-AEFF-487B-A1FA-A6EF4399BB02}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{95D65433-D123-419E-8569-F2D6A94840FF}C:\users\jim\appdata\local\temp\3226.tmp" = protocol=6 | dir=in | app=c:\users\jim\appdata\local\temp\3226.tmp |
"UDP Query User{4B3AE5A3-FE2A-4A20-94F1-91EF06BCD219}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{BAF4F26C-55C5-4CA0-9725-9C1654D2EF97}C:\users\jim\appdata\local\temp\3226.tmp" = protocol=17 | dir=in | app=c:\users\jim\appdata\local\temp\3226.tmp |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8131E9E7-BA33-472D-99AE-231457F5027F}" = Garmin Communicator Plugin
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{99B66D96-5BB2-42DF-BF7C-432285A1E5A5}" = LEGO MINDSTORMS NXT Driver
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDE4B478-F489-444D-900C-A9812569E6D2}" = LEGO MINDSTORMS NXT Software v1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2B8DB3C-E5F0-48CA-810E-87DFD5603DC2}" = LEGO MINDSTORMS NXT - English Language Pack
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Dell Photo Printer 720" = Dell Photo Printer 720
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GraphicView 32" = GraphicView 32
"GSAK_is1" = GSAK 7.2.0.126 (Final)
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"SnowFox Total Video Converter_is1" = SnowFox Total Video Converter 2.5.1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent dell Master Uninstall" = Dell Games
"WT024486" = Wheel of Fortune
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/27/2014 3:43:45 PM | Computer Name = Jim-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials
 Upgrade. Security Essentials is not currently monitoring and helping to protect
 your computer. Please restart your computer and try again. Error code:0x8004FF80.
 
Error - 3/27/2014 4:06:00 PM | Computer Name = Jim-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 3/27/2014 6:10:12 PM | Computer Name = Jim-PC | Source = System Restore | ID = 8193
Description =
 
Error - 3/27/2014 6:58:49 PM | Computer Name = Jim-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
 
Error - 3/27/2014 7:05:15 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program osk.exe version 6.0.6002.18005 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: b78  Start Time: 01cf4a10c1f843f9  Termination Time: 15
 
Error - 3/27/2014 7:06:07 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: d30  Start Time: 01cf4a10cc0310f9  Termination Time: 0
 
Error - 3/28/2014 3:28:01 PM | Computer Name = Jim-PC | Source = MsiInstaller | ID = 11921
Description =
 
Error - 3/28/2014 3:33:24 PM | Computer Name = Jim-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials
 Upgrade. Security Essentials is not currently monitoring and helping to protect
 your computer. Please restart your computer and try again. Error code:0x8004FF80.
 
Error - 3/28/2014 7:47:00 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program osk.exe version 6.0.6002.18005 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: b10  Start Time: 01cf4add66d3b859  Termination Time: 0
 
Error - 3/29/2014 6:55:44 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: cf4  Start Time: 01cf4b9fd595abc5  Termination Time: 78
 
 
Error encountered while reading event logs.
 
< End of report >
 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Doubt we can do much for your encrypted files but we can remove the instruction that are popping up.  It appears that you have already removed the working part of the virus or perhaps it removed itself once its work was done.

 

Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML ()
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.TXT ()
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2014/03/22 21:05:20 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML
[2014/03/22 21:05:20 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL
[2014/03/22 20:57:53 | 000,002,777 | ---- | M] () -- C:\Users\Public\Documents\HOW_DECRYPT.HTML
[2014/03/22 20:57:53 | 000,000,133 | ---- | M] () -- C:\Users\Public\Documents\HOW_DECRYPT.URL
[2014/03/22 20:57:52 | 000,002,777 | ---- | M] () -- C:\Users\Jim\HOW_DECRYPT.HTML
[2014/03/22 20:57:52 | 000,000,133 | ---- | M] () -- C:\Users\Jim\HOW_DECRYPT.URL
[2014/03/22 19:47:49 | 000,002,777 | ---- | M] () -- C:\Users\Jim\Documents\HOW_DECRYPT.HTML
[2014/03/22 19:47:49 | 000,000,133 | ---- | M] () -- C:\Users\Jim\Documents\HOW_DECRYPT.URL
[2014/03/22 19:33:02 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.HTML
[2014/03/22 19:33:02 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.URL
[2014/03/22 19:26:17 | 000,002,777 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.HTML
[2014/03/22 19:26:17 | 000,000,133 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.URL
[2014/03/22 19:26:16 | 000,008,022 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\3nc3p73o15Y45Z05T0aagde8f0e263be81b23[1].jpg
[2014/03/22 19:11:23 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.HTML
[2014/03/22 19:11:23 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.URL
[2014/03/22 19:06:40 | 000,002,777 | ---- | M] () -- C:\ProgramData\HOW_DECRYPT.HTML
[2014/03/22 19:06:40 | 000,000,133 | ---- | M] () -- C:\ProgramData\HOW_DECRYPT.URL
[2014/03/22 18:39:33 | 000,059,904 | -H-- | M] () -- C:\Users\Jim\AppData\Roaming\zlib1.dll
[2014/03/22 21:05:20 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML
[2014/03/22 21:05:20 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL
[2014/03/22 20:57:53 | 000,002,777 | ---- | C] () -- C:\Users\Public\Documents\HOW_DECRYPT.HTML
[2014/03/22 20:57:53 | 000,000,133 | ---- | C] () -- C:\Users\Public\Documents\HOW_DECRYPT.URL
[2014/03/22 20:57:52 | 000,002,777 | ---- | C] () -- C:\Users\Jim\HOW_DECRYPT.HTML
[2014/03/22 20:57:52 | 000,000,133 | ---- | C] () -- C:\Users\Jim\HOW_DECRYPT.URL
[2014/03/22 19:47:49 | 000,002,777 | ---- | C] () -- C:\Users\Jim\Documents\HOW_DECRYPT.HTML
[2014/03/22 19:47:49 | 000,000,133 | ---- | C] () -- C:\Users\Jim\Documents\HOW_DECRYPT.URL
[2014/03/22 19:33:02 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.HTML
[2014/03/22 19:33:02 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.URL
[2014/03/22 19:26:17 | 000,002,777 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.HTML
[2014/03/22 19:26:17 | 000,000,133 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.URL
[2014/03/22 19:11:23 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.HTML
[2014/03/22 19:11:23 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.URL
[2014/03/22 19:06:40 | 000,002,777 | ---- | C] () -- C:\ProgramData\HOW_DECRYPT.HTML
[2014/03/22 19:06:40 | 000,000,133 | ---- | C] () -- C:\ProgramData\HOW_DECRYPT.URL
[2014/03/22 18:39:33 | 000,059,904 | -H-- | C] () -- C:\Users\Jim\AppData\Roaming\zlib1.dll
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\03292013-some number.log so look there if you don't see it.
 
Then let's check for other damage:
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
Ron
 
 

  • 0

#3
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts

Thank you for your assistance.

 

I ran the OTL fix, and am posting the log below. 

 

========== OTL ==========
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML moved successfully.
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.TXT moved successfully.
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
File C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML not found.
File C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL not found.
C:\Users\Public\Documents\HOW_DECRYPT.HTML moved successfully.
C:\Users\Public\Documents\HOW_DECRYPT.URL moved successfully.
C:\Users\Jim\HOW_DECRYPT.HTML moved successfully.
C:\Users\Jim\HOW_DECRYPT.URL moved successfully.
C:\Users\Jim\Documents\HOW_DECRYPT.HTML moved successfully.
C:\Users\Jim\Documents\HOW_DECRYPT.URL moved successfully.
C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.HTML moved successfully.
C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.URL moved successfully.
C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.HTML moved successfully.
C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.URL moved successfully.
C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\3nc3p73o15Y45Z05T0aagde8f0e263be81b23[1].jpg moved successfully.
C:\Users\Jim\AppData\Local\HOW_DECRYPT.HTML moved successfully.
C:\Users\Jim\AppData\Local\HOW_DECRYPT.URL moved successfully.
C:\ProgramData\HOW_DECRYPT.HTML moved successfully.
C:\ProgramData\HOW_DECRYPT.URL moved successfully.
C:\Users\Jim\AppData\Roaming\zlib1.dll moved successfully.
File C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML not found.
File C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL not found.
File C:\Users\Public\Documents\HOW_DECRYPT.HTML not found.
File C:\Users\Public\Documents\HOW_DECRYPT.URL not found.
File C:\Users\Jim\HOW_DECRYPT.HTML not found.
File C:\Users\Jim\HOW_DECRYPT.URL not found.
File C:\Users\Jim\Documents\HOW_DECRYPT.HTML not found.
File C:\Users\Jim\Documents\HOW_DECRYPT.URL not found.
File C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.HTML not found.
File C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.URL not found.
File C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.HTML not found.
File C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.URL not found.
File C:\Users\Jim\AppData\Local\HOW_DECRYPT.HTML not found.
File C:\Users\Jim\AppData\Local\HOW_DECRYPT.URL not found.
File C:\ProgramData\HOW_DECRYPT.HTML not found.
File C:\ProgramData\HOW_DECRYPT.URL not found.
File C:\Users\Jim\AppData\Roaming\zlib1.dll not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Franklin
->Flash cache emptied: 0 bytes
 
User: Jim
->Flash cache emptied: 86768 bytes
 
User: Mary
->Flash cache emptied: 3062 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Franklin
 
User: Jim
->Java cache emptied: 14391 bytes
 
User: Mary
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03302014_140626
 


  • 0

#4
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts

Event viewer log

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 30/03/2014 3:38:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/03/2014 9:42:34 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Font Cache Service service hung on starting.

Log: 'System' Date/Time: 30/03/2014 9:36:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:31 PM
Type: Error Category: 100
Event: 23 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=23) while initializing logging resources for channel Media Center.

Log: 'System' Date/Time: 30/03/2014 9:36:28 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:25 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:22 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:19 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:16 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:12 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:10 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:07 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:04 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:36:01 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:35:58 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:35:51 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 30/03/2014 9:35:30 PM
Type: Error Category: 0
Event: 876 Source: Application Popup
Driver DLACDBHM.SYS has been blocked from loading.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/03/2014 9:35:30 PM
Type: Warning Category: 0
Event: 5014 Source: NETw4v32
Intel® Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Log: 'System' Date/Time: 30/03/2014 9:34:39 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


  • 0

#5
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts

Event viewer Application log

 

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 30/03/2014 3:40:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/03/2014 10:27:22 PM
Type: Error Category: 16
Event: 4621 Source: Microsoft-Windows-EventSystem
The COM+ Event System could not remove the EventSystem.EventSubscription object {60B3A75E-0BAA-4F66-91AA-15F0F72D8A79}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/03/2014 10:21:01 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Sonic Solutions DLA, from vendor Sonic Solutions) has the following problem: A driver is installed that causes stability problems with your system. This driver will be disabled. Please contact the driver manufacturer for an update that is compatible with this version of Windows.

Log: 'Application' Date/Time: 30/03/2014 9:38:31 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Sonic Solutions DLA, from vendor Sonic Solutions) has the following problem: A driver is installed that causes stability problems with your system. This driver will be disabled. Please contact the driver manufacturer for an update that is compatible with this version of Windows.


  • 0

#6
mary58

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts

I did run the system scan from the cmd prompt, but was not able to access the log for that so I can't post it.


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Sorry for the delay.  Didn't get a notification email or perhaps it went to spam.

 

The device, \Device\Harddisk0\DR0, has a bad block.

 

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

 

The Windows Font Cache Service service hung on starting.

 

 

Go to "Start" or press the Start key on your keyboard.

Type "Services".

Select the windows-services-icon.png Services app.

Double-click on "Windows Presentation Foundation Font Cache 3.0.0.0".

Click the "Stop" button.

Open Windows Explorer.

Navigate to C:\Windows\ServiceProfiles\LocalService\AppData\Local

Note: AppData is a hidden folder. You may need to type it in the address bar or turn on "Show hidden files and folders" in Folder Options in the Control Panel.

Delete the "FontCache3.0.0.0.dat" file.

If other cache files appear, you may need to delete them as well.

Do not delete folders.

 

Repeat step 1, clicking the "Start" button, instead of "Stop", to rebuild the cache or reboot the computer to complete the process.

This should refresh the cached fonts and prevent the hang or blank resource issue.

 

 

Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply 

    • 0

    #8
    mary58

    mary58

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 105 posts

    Here is the JRT.txt file 

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows Vista ™ Home Premium x86
    Ran by Jim on Mon 03/31/2014 at 18:47:36.07
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

     

    ~~~ Registry Keys

     

    ~~~ Files

     

    ~~~ Folders

     

    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\ncs8rnax.default\invalidprefs.js
    Emptied folder: C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\ncs8rnax.default\minidumps [4 files]

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 03/31/2014 at 18:52:03.79
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    • 0

    #9
    mary58

    mary58

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 105 posts

    FRST.txt

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
    Ran by Jim (administrator) on JIM-PC on 31-03-2014 19:01:44
    Running from C:\Users\Jim\Desktop
    Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    ( ) C:\Windows\system32\dlbccoms.exe
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
    (Microsoft Corporation) C:\Windows\System32\wpcumi.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (SigmaTel, Inc.) C:\Windows\sttray.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
    HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
    HKLM\...\Run: [ECenter] - c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
    HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2006-10-13] (CyberLink Corp.)
    HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
    HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
    HKLM\...\Run: [DNS7reminder] - C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
    HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [SigmatelSysTrayApp] - C:\Windows\sttray.exe [303104 2007-02-07] (SigmaTel, Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-03-04] (Google Inc.)
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-15] (Google)
    AppInit_DLLs:  C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-15] (Google)
    Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
    ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
    GroupPolicyUsers\S-1-5-21-4212322857-3481637288-2254658967-1002\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cabelas.c...requestid=92544
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.dell....c=us&l=en&s=gen
    BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 20 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF SearchPlugin: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\searchplugins\swagbuckscom.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
    FF Extension: Vista-aero - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2012-07-29]
    FF Extension: Google Toolbar for Firefox - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-09-03]
    FF Extension: Fire.fm - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2014-03-27]
    FF Extension: Microsoft Flat Scrollbar Control 6.0 (SP4) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{FE32BFBC-7CE5-CA03-8A50-0615902151C0} [2014-03-22]
    FF Extension: FDislike - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\[email protected] [2014-03-27]
    FF Extension: Speed Dial - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-03-27]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-03]
    FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-12-04]
    FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-03]
    FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Jim\AppData\Roaming\Move Networks
    FF Extension: Move Media Player - C:\Users\Jim\AppData\Roaming\Move Networks [2010-01-28]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR Extension: (Microsoft Flat Scrollbar Control 6.0 (SP4)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-03-22]
    CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]

    ========================== Services (Whitelisted) =================

    R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
    R2 dlbc_device; C:\Windows\system32\dlbccoms.exe [538096 2007-02-07] ( )
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-15] (Google)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-03-27] (SurfRight B.V.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-03-26] (Emsisoft GmbH)
    R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
    S3 cleanhlp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
    R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
    S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-23] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    R1 MpKsl47f5a695; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0429E5FD-E5D0-464D-98F0-C4D06A481960}\MpKsl47f5a695.sys [39464 2014-03-31] (Microsoft Corporation)
    R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-07] (SigmaTel, Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\Jim\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2014-03-31 19:01 - 2014-03-31 19:02 - 00017391 _____ () C:\Users\Jim\Desktop\FRST.txt
    2014-03-31 19:01 - 2014-03-31 19:01 - 00000000 ____D () C:\FRST
    2014-03-31 19:00 - 2014-03-31 19:00 - 01145856 _____ (Farbar) C:\Users\Jim\Desktop\FRST.exe
    2014-03-31 18:52 - 2014-03-31 18:52 - 00000886 _____ () C:\Users\Jim\Desktop\JRT.txt
    2014-03-31 18:47 - 2014-03-31 18:47 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-31 18:43 - 2014-03-31 18:43 - 01038974 _____ (Thisisu) C:\Users\Jim\Desktop\JRT.exe
    2014-03-30 15:38 - 2014-03-30 15:40 - 00001625 _____ () C:\VEW.txt
    2014-03-30 15:32 - 2014-03-30 15:32 - 00061440 _____ ( ) C:\Users\Jim\Desktop\VEW.exe
    2014-03-30 15:15 - 2014-03-30 15:15 - 00000000 _____ () C:\Users\Jim\Desktop\New Text Document.txt
    2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\_OTL
    2014-03-29 16:12 - 2014-03-29 16:12 - 00044176 _____ () C:\Users\Jim\Desktop\Extras.Txt
    2014-03-29 16:11 - 2014-03-29 16:11 - 00082310 _____ () C:\Users\Jim\Desktop\OTL.Txt
    2014-03-29 15:37 - 2014-03-29 15:37 - 00602112 _____ (OldTimer Tools) C:\Users\Jim\Desktop\OTL.exe
    2014-03-28 12:22 - 2014-03-28 12:23 - 00000000 ____D () C:\Windows\Temp198C81B3-7D85-FCDE-9E0A-FB12C7B02F4D-Signatures
    2014-03-27 14:53 - 2014-03-27 14:53 - 00001734 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2014-03-27 14:53 - 2014-03-27 14:53 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-03-27 14:52 - 2014-03-27 15:12 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-03-27 14:50 - 2014-03-27 14:52 - 10089256 _____ (SurfRight B.V.) C:\Users\Jim\Downloads\HitmanPro.exe
    2014-03-27 14:47 - 2014-03-27 14:50 - 00002878 _____ () C:\Users\Jim\Desktop\Rkill.txt
    2014-03-27 14:46 - 2014-03-27 14:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jim\Downloads\rkill.exe
    2014-03-27 13:28 - 2014-03-27 13:28 - 00000000 ____D () C:\Users\Jim\Documents\tdsskiller
    2014-03-27 13:26 - 2014-03-27 13:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Jim\Downloads\tdsskiller.exe
    2014-03-27 12:24 - 2014-03-27 12:26 - 00000000 ____D () C:\Windows\TempB4F5739D-E215-85C6-81D3-C8A4351E735E-Signatures
    2014-03-26 19:54 - 2014-03-26 19:54 - 00006482 _____ () C:\Windows\PFRO.log
    2014-03-26 19:40 - 2014-03-26 19:40 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\EurekaLab s.a.s
    2014-03-26 14:01 - 2014-03-26 14:01 - 00054682 _____ () C:\Users\Jim\Documents\cc_20140326_140059.reg
    2014-03-26 13:49 - 2014-03-26 13:49 - 00000890 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2014-03-26 13:46 - 2014-03-31 18:34 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
    2014-03-26 13:46 - 2014-03-26 13:46 - 00000000 ____D () C:\Users\Jim\Documents\Anti-Malware
    2014-03-26 13:38 - 2014-03-26 13:38 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-03-26 13:38 - 2014-03-26 13:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-03-26 13:34 - 2014-03-26 13:34 - 00282880 _____ (Mozilla) C:\Users\Jim\Downloads\Firefox Setup Stub 28.0.exe
    2014-03-26 12:03 - 2014-03-26 12:03 - 00000000 ____D () C:\Windows\TempF589AB41-A5F2-BF2A-6545-87EB3F0CE685-Signatures
    2014-03-25 12:38 - 2014-02-22 22:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-25 12:38 - 2014-02-22 22:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-25 12:38 - 2014-02-22 22:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-25 12:38 - 2014-02-22 22:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-25 12:38 - 2014-02-22 22:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-25 12:38 - 2014-02-22 22:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-25 12:38 - 2014-02-22 22:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-03-25 12:38 - 2014-02-22 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-25 12:38 - 2014-02-22 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-25 12:38 - 2014-02-22 22:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-25 12:38 - 2014-02-22 22:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-25 12:38 - 2014-02-22 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-25 12:38 - 2014-02-22 22:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-03-25 12:38 - 2014-02-22 22:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-25 12:38 - 2014-02-22 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-03-25 12:38 - 2014-02-22 22:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-25 12:34 - 2012-06-02 07:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2014-03-25 12:33 - 2012-07-25 20:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
    2014-03-25 12:33 - 2012-07-25 20:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2014-03-25 12:33 - 2012-07-25 20:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2014-03-25 12:33 - 2012-07-25 20:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2014-03-25 12:33 - 2012-07-25 20:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2014-03-25 12:33 - 2012-07-25 20:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2014-03-25 12:33 - 2012-07-25 19:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
    2014-03-25 12:33 - 2012-07-25 19:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2014-03-25 12:33 - 2012-07-25 19:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2014-03-25 12:33 - 2009-07-14 05:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
    2014-03-24 19:59 - 2014-02-07 03:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-24 19:59 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2014-03-24 19:59 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2014-03-24 19:59 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2014-03-24 19:59 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2014-03-24 19:59 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-03-24 19:59 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2014-03-24 19:59 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2014-03-24 19:59 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2014-03-24 19:59 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2014-03-24 19:59 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-03-24 19:59 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-03-24 19:59 - 2013-06-15 06:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2014-03-24 19:59 - 2013-06-15 04:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-03-24 19:59 - 2012-05-11 08:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2014-03-24 19:58 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2014-03-24 19:58 - 2013-07-04 21:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-03-24 19:58 - 2012-09-25 09:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
    2014-03-24 19:57 - 2014-02-03 03:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-24 19:57 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-03-24 19:57 - 2013-10-29 19:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2014-03-24 19:57 - 2013-10-29 18:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2014-03-24 19:57 - 2013-10-29 17:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2014-03-24 19:57 - 2013-07-10 02:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-03-24 19:57 - 2012-11-02 03:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
    2014-03-24 19:57 - 2012-11-02 01:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
    2014-03-24 19:57 - 2012-08-21 04:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2014-03-24 19:57 - 2012-06-29 09:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
    2014-03-24 19:55 - 2012-11-19 21:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-03-24 19:54 - 2013-10-10 19:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2014-03-24 19:54 - 2013-10-10 19:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2014-03-24 19:54 - 2013-10-10 19:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
    2014-03-24 19:54 - 2013-10-10 17:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2014-03-24 19:54 - 2013-10-10 17:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2014-03-24 19:54 - 2013-10-03 05:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-03-24 19:54 - 2013-08-01 21:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2014-03-24 19:54 - 2013-07-12 02:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
    2014-03-24 19:54 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2014-03-24 19:54 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2014-03-24 19:54 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2014-03-24 19:54 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2014-03-24 19:54 - 2013-05-01 21:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2014-03-24 19:54 - 2013-05-01 21:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
    2014-03-24 19:54 - 2013-03-03 12:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-03-24 19:54 - 2012-11-21 20:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
    2014-03-24 19:54 - 2012-11-07 20:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2014-03-24 19:54 - 2012-09-28 09:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-03-24 19:54 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2014-03-24 19:54 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2014-03-24 19:53 - 2013-10-03 05:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-03-24 19:53 - 2013-04-23 21:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
    2014-03-24 19:53 - 2013-04-23 18:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
    2014-03-24 19:52 - 2013-10-22 00:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2014-03-24 19:52 - 2013-10-10 19:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2014-03-24 19:52 - 2013-10-10 19:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2014-03-24 19:52 - 2013-10-10 17:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
    2014-03-24 19:52 - 2013-07-15 21:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
    2014-03-24 19:52 - 2013-07-09 05:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-03-24 19:52 - 2013-07-07 21:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2014-03-24 19:52 - 2013-07-07 21:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-03-24 19:52 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
    2014-03-24 19:52 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2014-03-24 19:52 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2014-03-24 19:52 - 2013-03-08 20:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2014-03-24 19:52 - 2013-03-08 18:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2014-03-24 19:52 - 2012-11-02 03:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-03-24 19:51 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2014-03-24 19:51 - 2013-04-17 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2014-03-24 19:51 - 2013-03-07 20:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2014-03-24 19:51 - 2013-03-07 20:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-03-24 19:50 - 2013-07-02 19:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
    2014-03-24 19:50 - 2013-02-11 18:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
    2014-03-24 19:42 - 2014-01-30 00:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-03-24 19:30 - 2013-11-12 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-03-24 19:25 - 2013-07-07 21:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-03-24 19:25 - 2013-07-07 21:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-03-24 19:25 - 2013-07-07 21:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2014-03-23 17:31 - 2014-03-23 17:31 - 02347384 _____ (ESET) C:\Users\Jim\Downloads\esetsmartinstaller_enu.exe
    2014-03-23 17:27 - 2014-03-23 17:27 - 00013234 _____ () C:\ComboFix.txt
    2014-03-23 16:49 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-03-23 16:49 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-03-23 16:49 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-03-23 16:47 - 2014-03-23 17:27 - 00000000 ____D () C:\Qoobox
    2014-03-23 16:42 - 2014-03-23 16:44 - 05190773 ____R (Swearware) C:\Users\Jim\Downloads\ComboFix.exe
    2014-03-23 16:22 - 2014-03-23 16:22 - 00000000 ____D () C:\found.001
    2014-03-23 14:58 - 2014-03-23 14:58 - 00000276 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job
    2014-03-23 14:23 - 2014-03-23 16:08 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2014-03-22 21:05 - 2014-03-22 21:05 - 00002777 _____ () C:\Users\Public\HOW_DECRYPT.HTML
    2014-03-22 21:05 - 2014-03-22 21:05 - 00001261 _____ () C:\Users\Public\HOW_DECRYPT.TXT
    2014-03-22 21:05 - 2014-03-22 21:05 - 00000133 _____ () C:\Users\Public\HOW_DECRYPT.URL
    2014-03-22 20:57 - 2014-03-22 20:57 - 00001261 _____ () C:\Users\Public\Documents\HOW_DECRYPT.TXT
    2014-03-22 20:57 - 2014-03-22 20:57 - 00001261 _____ () C:\Users\Jim\HOW_DECRYPT.TXT
    2014-03-22 20:12 - 2014-03-22 20:12 - 00002777 _____ () C:\Users\Jim\Downloads\HOW_DECRYPT.HTML
    2014-03-22 20:12 - 2014-03-22 20:12 - 00001261 _____ () C:\Users\Jim\Downloads\HOW_DECRYPT.TXT
    2014-03-22 20:12 - 2014-03-22 20:12 - 00000133 _____ () C:\Users\Jim\Downloads\HOW_DECRYPT.URL
    2014-03-22 19:47 - 2014-03-22 19:47 - 00001261 _____ () C:\Users\Jim\Documents\HOW_DECRYPT.TXT
    2014-03-22 19:33 - 2014-03-22 19:33 - 00002777 _____ () C:\Users\Jim\AppData\HOW_DECRYPT.HTML
    2014-03-22 19:33 - 2014-03-22 19:33 - 00001261 _____ () C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.TXT
    2014-03-22 19:33 - 2014-03-22 19:33 - 00001261 _____ () C:\Users\Jim\AppData\HOW_DECRYPT.TXT
    2014-03-22 19:33 - 2014-03-22 19:33 - 00000133 _____ () C:\Users\Jim\AppData\HOW_DECRYPT.URL
    2014-03-22 19:11 - 2014-03-22 19:11 - 00001261 _____ () C:\Users\Jim\AppData\Local\HOW_DECRYPT.TXT
    2014-03-22 19:06 - 2014-03-22 19:06 - 00001261 _____ () C:\ProgramData\HOW_DECRYPT.TXT
    2014-03-22 16:53 - 2014-03-22 22:24 - 00000000 ____D () C:\Users\Jim\AppData\Local\Odwics
    2014-03-22 16:51 - 2014-03-22 16:51 - 00019353 _____ () C:\Users\Jim\Desktop\hs_err_pid25336.log
    2014-03-22 16:50 - 2014-03-22 16:50 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\{BD1252B4-9CB6-4B0B-AB44-972A81AF2571}

    ==================== One Month Modified Files and Folders =======

    2014-03-31 19:02 - 2014-03-31 19:01 - 00017391 _____ () C:\Users\Jim\Desktop\FRST.txt
    2014-03-31 19:01 - 2014-03-31 19:01 - 00000000 ____D () C:\FRST
    2014-03-31 19:00 - 2014-03-31 19:00 - 01145856 _____ (Farbar) C:\Users\Jim\Desktop\FRST.exe
    2014-03-31 18:52 - 2014-03-31 18:52 - 00000886 _____ () C:\Users\Jim\Desktop\JRT.txt
    2014-03-31 18:47 - 2014-03-31 18:47 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-31 18:47 - 2012-08-07 13:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-31 18:43 - 2014-03-31 18:43 - 01038974 _____ (Thisisu) C:\Users\Jim\Desktop\JRT.exe
    2014-03-31 18:42 - 2012-07-29 18:59 - 01466520 _____ () C:\Windows\WindowsUpdate.log
    2014-03-31 18:40 - 2010-01-05 18:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-31 18:40 - 2007-03-13 20:48 - 00000000 ____D () C:\MDT
    2014-03-31 18:37 - 2010-01-05 18:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-31 18:35 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-31 18:35 - 2006-11-02 05:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-31 18:35 - 2006-11-02 05:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-31 18:34 - 2014-03-26 13:46 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
    2014-03-31 18:34 - 2007-03-13 20:10 - 00003204 _____ () C:\Windows\bthservsdp.dat
    2014-03-31 18:34 - 2006-11-02 06:01 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-03-30 15:40 - 2014-03-30 15:38 - 00001625 _____ () C:\VEW.txt
    2014-03-30 15:32 - 2014-03-30 15:32 - 00061440 _____ ( ) C:\Users\Jim\Desktop\VEW.exe
    2014-03-30 15:15 - 2014-03-30 15:15 - 00000000 _____ () C:\Users\Jim\Desktop\New Text Document.txt
    2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\_OTL
    2014-03-30 14:06 - 2007-03-20 23:44 - 00000000 ____D () C:\Users\Jim
    2014-03-29 16:12 - 2014-03-29 16:12 - 00044176 _____ () C:\Users\Jim\Desktop\Extras.Txt
    2014-03-29 16:11 - 2014-03-29 16:11 - 00082310 _____ () C:\Users\Jim\Desktop\OTL.Txt
    2014-03-29 15:37 - 2014-03-29 15:37 - 00602112 _____ (OldTimer Tools) C:\Users\Jim\Desktop\OTL.exe
    2014-03-28 15:56 - 2012-07-29 19:01 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-03-28 15:55 - 2012-07-29 18:59 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-03-28 12:23 - 2014-03-28 12:22 - 00000000 ____D () C:\Windows\Temp198C81B3-7D85-FCDE-9E0A-FB12C7B02F4D-Signatures
    2014-03-27 15:12 - 2014-03-27 14:52 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-03-27 14:53 - 2014-03-27 14:53 - 00001734 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2014-03-27 14:53 - 2014-03-27 14:53 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-03-27 14:52 - 2014-03-27 14:50 - 10089256 _____ (SurfRight B.V.) C:\Users\Jim\Downloads\HitmanPro.exe
    2014-03-27 14:50 - 2014-03-27 14:47 - 00002878 _____ () C:\Users\Jim\Desktop\Rkill.txt
    2014-03-27 14:46 - 2014-03-27 14:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jim\Downloads\rkill.exe
    2014-03-27 13:28 - 2014-03-27 13:28 - 00000000 ____D () C:\Users\Jim\Documents\tdsskiller
    2014-03-27 13:26 - 2014-03-27 13:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Jim\Downloads\tdsskiller.exe
    2014-03-27 12:26 - 2014-03-27 12:24 - 00000000 ____D () C:\Windows\TempB4F5739D-E215-85C6-81D3-C8A4351E735E-Signatures
    2014-03-26 19:54 - 2014-03-26 19:54 - 00006482 _____ () C:\Windows\PFRO.log
    2014-03-26 19:54 - 2008-07-25 17:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-03-26 19:40 - 2014-03-26 19:40 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\EurekaLab s.a.s
    2014-03-26 19:40 - 2011-02-12 19:52 - 00000000 ____D () C:\Program Files\Defraggler
    2014-03-26 14:01 - 2014-03-26 14:01 - 00054682 _____ () C:\Users\Jim\Documents\cc_20140326_140059.reg
    2014-03-26 13:55 - 2007-11-24 22:05 - 00000000 ____D () C:\Windows\Minidump
    2014-03-26 13:49 - 2014-03-26 13:49 - 00000890 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2014-03-26 13:46 - 2014-03-26 13:46 - 00000000 ____D () C:\Users\Jim\Documents\Anti-Malware
    2014-03-26 13:38 - 2014-03-26 13:38 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-03-26 13:38 - 2014-03-26 13:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-03-26 13:38 - 2008-07-25 17:51 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-03-26 13:34 - 2014-03-26 13:34 - 00282880 _____ (Mozilla) C:\Users\Jim\Downloads\Firefox Setup Stub 28.0.exe
    2014-03-26 12:03 - 2014-03-26 12:03 - 00000000 ____D () C:\Windows\TempF589AB41-A5F2-BF2A-6545-87EB3F0CE685-Signatures
    2014-03-26 11:48 - 2006-11-02 03:33 - 00703214 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-25 16:09 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-03-25 15:19 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache
    2014-03-25 14:46 - 2006-11-02 05:47 - 00321144 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-25 14:45 - 2013-05-29 14:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-25 14:41 - 2006-11-02 05:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
    2014-03-25 14:41 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-03-25 12:55 - 2007-03-13 20:44 - 00000000 ____D () C:\Program Files\Microsoft Works
    2014-03-25 12:30 - 2006-11-02 04:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-03-24 11:51 - 2007-06-19 09:24 - 00000000 ____D () C:\Users\Mary\AppData\Local\Google
    2014-03-24 11:48 - 2007-06-19 09:24 - 00082200 _____ () C:\Users\Mary\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-24 11:47 - 2011-04-18 21:00 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\Apple Computer
    2014-03-23 17:31 - 2014-03-23 17:31 - 02347384 _____ (ESET) C:\Users\Jim\Downloads\esetsmartinstaller_enu.exe
    2014-03-23 17:27 - 2014-03-23 17:27 - 00013234 _____ () C:\ComboFix.txt
    2014-03-23 17:27 - 2014-03-23 16:47 - 00000000 ____D () C:\Qoobox
    2014-03-23 17:19 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini
    2014-03-23 16:45 - 2012-08-01 21:12 - 00000000 ____D () C:\Windows\erdnt
    2014-03-23 16:44 - 2014-03-23 16:42 - 05190773 ____R (Swearware) C:\Users\Jim\Downloads\ComboFix.exe
    2014-03-23 16:22 - 2014-03-23 16:22 - 00000000 ____D () C:\found.001
    2014-03-23 16:08 - 2014-03-23 14:23 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2014-03-23 15:53 - 2008-10-15 13:42 - 00005568 _____ () C:\Users\Jim\AppData\Local\d3d9caps.dat
    2014-03-23 15:00 - 2008-07-29 12:56 - 00001356 _____ () C:\Users\Franklin\AppData\Local\d3d9caps.dat
    2014-03-23 14:58 - 2014-03-23 14:58 - 00000276 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job
    2014-03-23 14:56 - 2007-06-02 19:55 - 00000000 ____D () C:\Users\Franklin\AppData\Roaming\Adobe
    2014-03-22 22:24 - 2014-03-22 16:53 - 00000000 ____D () C:\Users\Jim\AppData\Local\Odwics
    2014-03-22 21:05 - 2014-03-22 21:05 - 00002777 _____ () C:\Users\Public\HOW_DECRYPT.HTML
    2014-03-22 21:05 - 2014-03-22 21:05 - 00001261 _____ () C:\Users\Public\HOW_DECRYPT.TXT
    2014-03-22 21:05 - 2014-03-22 21:05 - 00000133 _____ () C:\Users\Public\HOW_DECRYPT.URL
    2014-03-22 21:05 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
    2014-03-22 20:57 - 2014-03-22 20:57 - 00001261 _____ () C:\Users\Public\Documents\HOW_DECRYPT.TXT
    2014-03-22 20:57 - 2014-03-22 20:57 - 00001261 _____ () C:\Users\Jim\HOW_DECRYPT.TXT
    2014-03-22 20:12 - 2014-03-22 20:12 - 00002777 _____ () C:\Users\Jim\Downloads\HOW_DECRYPT.HTML
    2014-03-22 20:12 - 2014-03-22 20:12 - 00001261 _____ () C:\Users\Jim\Downloads\HOW_DECRYPT.TXT
    2014-03-22 20:12 - 2014-03-22 20:12 - 00000133 _____ () C:\Users\Jim\Downloads\HOW_DECRYPT.URL
    2014-03-22 20:10 - 2010-08-06 17:54 - 02945110 _____ () C:\Users\Jim\Downloads\Tim Hawkins - A Homeschool Family.flv
    2014-03-22 19:47 - 2014-03-22 19:47 - 00001261 _____ () C:\Users\Jim\Documents\HOW_DECRYPT.TXT
    2014-03-22 19:47 - 2010-12-18 19:45 - 00001622 _____ () C:\Users\Jim\Documents\Songs from Air America.txt
    2014-03-22 19:47 - 2010-09-10 23:16 - 01331286 _____ () C:\Users\Jim\Documents\yoshimoto cube.wps
    2014-03-22 19:47 - 2010-08-29 22:00 - 00017238 _____ () C:\Users\Jim\Documents\promotion request 2010.wps
    2014-03-22 19:47 - 2010-08-29 21:17 - 00001110 _____ () C:\Users\Jim\Documents\promotionrequest2010.txt
    2014-03-22 19:47 - 2010-03-24 11:32 - 00002902 _____ () C:\Users\Jim\Documents\Origin of the names of the days.txt
    2014-03-22 19:47 - 2010-01-08 13:47 - 00003926 _____ () C:\Users\Jim\Documents\youbelongwithmetaylorswift.txt
    2014-03-22 19:47 - 2008-05-25 17:51 - 14564182 _____ () C:\Users\Jim\Documents\DSCN2284.MOV
    2014-03-22 19:47 - 2007-10-05 20:28 - 00000000 ____D () C:\Users\Jim\Documents\My Garmin
    2014-03-22 19:47 - 2007-09-29 18:58 - 00016726 _____ () C:\Users\Jim\Documents\puma jagdmesser knife.wps
    2014-03-22 19:46 - 2011-07-11 07:39 - 00002646 _____ () C:\Users\Jim\Documents\Be My Escape Relient K.txt
    2014-03-22 19:46 - 2010-01-15 21:48 - 01633622 _____ () C:\Users\Jim\Documents\12 pyramids.wps
    2014-03-22 19:46 - 2009-12-24 13:46 - 00002902 _____ () C:\Users\Jim\Documents\Christmas shoes chords.txt
    2014-03-22 19:45 - 2010-08-24 09:01 - 00000000 ____D () C:\Users\Jim\Desktop\New Folder
    2014-03-22 19:37 - 2014-02-14 14:14 - 00027478 _____ () C:\Users\Jim\Desktop\Leadership class notes  2 min speech.wps
    2014-03-22 19:37 - 2012-10-28 14:48 - 00000000 ____D () C:\Users\Jim\Desktop\KINGSTON
    2014-03-22 19:33 - 2014-03-22 19:33 - 00002777 _____ () C:\Users\Jim\AppData\HOW_DECRYPT.HTML
    2014-03-22 19:33 - 2014-03-22 19:33 - 00001261 _____ () C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.TXT
    2014-03-22 19:33 - 2014-03-22 19:33 - 00001261 _____ () C:\Users\Jim\AppData\HOW_DECRYPT.TXT
    2014-03-22 19:33 - 2014-03-22 19:33 - 00000133 _____ () C:\Users\Jim\AppData\HOW_DECRYPT.URL
    2014-03-22 19:33 - 2010-07-09 16:30 - 00000000 ____D () C:\Users\Jim\Desktop\cages
    2014-03-22 19:33 - 2009-07-03 16:45 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Nuance
    2014-03-22 19:33 - 2008-07-25 17:52 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Mozilla
    2014-03-22 19:26 - 2011-05-02 14:45 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Malwarebytes
    2014-03-22 19:25 - 2009-12-03 22:48 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\HP
    2014-03-22 19:25 - 2007-03-20 23:46 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\GTek
    2014-03-22 19:21 - 2007-05-27 09:25 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Corel
    2014-03-22 19:13 - 2010-06-21 17:38 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Apple Computer
    2014-03-22 19:11 - 2014-03-22 19:11 - 00001261 _____ () C:\Users\Jim\AppData\Local\HOW_DECRYPT.TXT
    2014-03-22 19:11 - 2007-03-26 16:41 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Adobe
    2014-03-22 19:08 - 2007-03-20 23:46 - 00000000 ____D () C:\Users\Jim\AppData\Local\Google
    2014-03-22 19:07 - 2010-06-21 17:38 - 00000000 ____D () C:\Users\Jim\AppData\Local\Apple Computer
    2014-03-22 19:06 - 2014-03-22 19:06 - 00001261 _____ () C:\ProgramData\HOW_DECRYPT.TXT
    2014-03-22 19:06 - 2013-09-22 15:08 - 00000000 ____D () C:\Users\Jim\AppData\Local\Amazon
    2014-03-22 19:06 - 2007-03-26 16:41 - 00000000 ____D () C:\Users\Jim\AppData\Local\Adobe
    2014-03-22 19:06 - 2007-03-13 20:36 - 00000000 ____D () C:\ProgramData\WildTangent
    2014-03-22 18:46 - 2008-03-04 18:54 - 00000000 ____D () C:\ProgramData\Google Updater
    2014-03-22 18:46 - 2007-05-27 09:44 - 00000000 ____D () C:\ProgramData\eBay
    2014-03-22 18:43 - 2010-06-21 17:21 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-03-22 16:51 - 2014-03-22 16:51 - 00019353 _____ () C:\Users\Jim\Desktop\hs_err_pid25336.log
    2014-03-22 16:50 - 2014-03-22 16:50 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\{BD1252B4-9CB6-4B0B-AB44-972A81AF2571}
    2014-03-15 12:36 - 2013-07-19 12:42 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-03-12 12:46 - 2013-09-22 15:10 - 00000000 ____D () C:\Users\Jim\Documents\My Kindle Content
    2014-03-12 11:47 - 2012-08-07 13:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-03-12 11:47 - 2012-08-07 13:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

    Files to move or delete:
    ====================
    C:\Users\Jim\jagex_runescape_preferences.dat
    C:\Users\Jim\jagex_runescape_preferences2.dat
    C:\Users\Jim\jagex__preferences3.dat

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-03-31 18:42

    ==================== End Of Log ============================


    • 0

    #10
    mary58

    mary58

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 105 posts

    Addition.txt

     

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
    Ran by Jim at 2014-03-31 19:03:39
    Running from C:\Users\Jim\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
    Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
    Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
    AOL Install (HKLM\...\{2357B8BC-88C9-4A72-818C-050CC4EB0778}) (Version: 1.0.0 - America Online, Inc)
    Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    C309g-m (Version: 130.0.396.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
    Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
    Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)
    Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.003.0000 - Corel)
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows2.0) (Version: 2.0 - Coupons, Inc.) <==== ATTENTION
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
    Defraggler (HKLM\...\Defraggler) (Version: 2.02 - Piriform)
    Dell Games (HKLM\...\WildTangent dell Master Uninstall) (Version: DELLTF0401 - WildTangent)
    Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version:  - Dell, Inc.)
    Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)
    Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    Documentation & Support Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
    Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
    Garmin Communicator Plugin (HKLM\...\{8131E9E7-BA33-472D-99AE-231457F5027F}) (Version: 2.2.1.0 - Garmin Ltd or its subsidiaries)
    Garmin TOPO U.S. 2008 (HKLM\...\{47BA74C5-1890-4ED2-954A-AD11186D8E26}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin Trip and Waypoint Manager v4 (HKLM\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20100830 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
    Google Updater (HKLM\...\Google Updater) (Version: 2.4.1536.6592 - Google Inc.)
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    GraphicView 32 (HKLM\...\GraphicView 32) (Version:  - )
    GSAK 7.2.0.126 (Final) (HKLM\...\GSAK_is1) (Version:  - CWE computer services)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{181AC4C7-B83C-4B5F-B566-E19BF2472429}) (Version: 13.0 - HP)
    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
    HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
    iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
    Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
    Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    LEGO MINDSTORMS NXT - English Language Pack (HKLM\...\{D2B8DB3C-E5F0-48CA-810E-87DFD5603DC2}) (Version: 1.1.100.0 - The LEGO Group)
    LEGO MINDSTORMS NXT Driver (HKLM\...\{99B66D96-5BB2-42DF-BF7C-432285A1E5A5}) (Version: 1.16.769 - LEGO)
    LEGO MINDSTORMS NXT Migration Package (HKLM\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
    LEGO MINDSTORMS NXT Software v1.1 (HKLM\...\{CDE4B478-F489-444D-900C-A9812569E6D2}) (Version: 1.1.338.0 - LEGO)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
    Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)
    Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version:  - )
    NetZeroInstallers (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
    Odyssey Client (HKLM\...\{99D42EC7-652B-4819-B3E6-6450C815E03F}) (Version: 2.00.00.00 - Funk Software)
    OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
    PS_AIO_06_C309g-m_SW_Min (Version: 130.0.396.000 - Hewlett-Packard) Hidden
    QuickSet (HKLM\...\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}) (Version: 7.2.11 - Dell Inc.)
    QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
    Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
    Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
    Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
    Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
    Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
    Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
    SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SnowFox Total Video Converter 2.5.1.0 (HKLM\...\SnowFox Total Video Converter_is1) (Version:  - )
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.1.3 - Synaptics)
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
    Turbo Lister 2 (HKLM\...\InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}) (Version: 2.0.0 - eBay)
    Turbo Lister 2 (Version: 2.0.0 - eBay) Hidden
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
    User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
    Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Wheel of Fortune (HKLM\...\WT024486) (Version: WT024486 - WildTangent)
    WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
    Yahoo! Music Jukebox (HKLM\...\{7C49EA42-5647-4051-84C2-E6404F25A931}) (Version: 2.0.1.041 - Yahoo!)

    ==================== Restore Points  =========================

    25-03-2014 18:48:37 Windows Update
    26-03-2014 18:49:48 Windows Update
    27-03-2014 19:04:07 Windows Update
    28-03-2014 19:13:01 Windows Update
    28-03-2014 22:52:46 Windows Update
    31-03-2014 00:39:11 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    2006-11-02 03:23 - 2014-03-23 17:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0561C6EC-BFD2-4A91-834F-BC7E83FDB44A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {3AA468BC-E2C2-4C63-9213-7A3F8B72D344} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05] (Google Inc.)
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
    Task: {5A8F9E4D-A525-497F-9734-61311452BE4A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {6892F449-64B5-485E-ADAA-5ED6669ACBEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05] (Google Inc.)
    Task: {9C432BEE-85AE-4E26-8A3F-9D622D6A9D25} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
    Task: {FFAFF0B0-8337-41E4-863D-F2BA48B14AAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job => C:\Windows\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2009-01-26 22:52 - 2007-01-31 23:11 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbcpp5c.dll
    2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-11-05 08:28 - 2006-11-05 08:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    2007-03-14 04:03 - 2006-11-15 11:08 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
    2007-03-14 04:03 - 2006-11-15 11:07 - 00077824 _____ () C:\Windows\System32\hccutils.DLL
    2006-11-03 15:25 - 2006-11-03 15:25 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
    2006-11-03 15:46 - 2006-11-03 15:46 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    2007-03-13 20:36 - 2006-08-18 11:17 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ==================== Faulty Device Manager Devices =============

    Name: Photosmart Premium C309g-m
    Description: Photosmart Premium C309g-m
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
      Date: 2014-03-28 15:55:01.622
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:55:00.905
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:54:59.875
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:54:59.126
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:54:34.509
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:54:33.854
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:54:33.183
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:54:32.388
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:54:31.592
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-28 15:54:30.921
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Percentage of memory in use: 92%
    Total physical RAM: 1013.71 MB
    Available physical RAM: 74.55 MB
    Total Pagefile: 2495.02 MB
    Available Pagefile: 1392.41 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1890.06 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:99.74 GB) (Free:36.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.95 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 08000000)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=100 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

    ==================== End Of Log ============================


    • 0

    Advertisements


    #11
    mary58

    mary58

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 105 posts

    And the last one.

    Thanks again for your assistance.

     

     

    Output log from Event Viewer

     

    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 31/03/2014 7:10:25 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

    Clear the Java Cache by following the instructions on
    http://www.java.com/...lugin_cache.xml

    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:

    Java 7 Update 7

    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

    If you feel you must have Java:
    Get the latest Java at:
    http://www.java.com/en/

    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

     

     

     

    Reboot and run VEW again for System and post the log.

     

    There is a program to prevent future Cryptolocker infections.

    CryptoPrevent

    http://www.foolishIT.../cryptoprevent/

    The free version does not update on its own so you should check for updated versions once in a while.

     

    There are problems with your MSE.  I would

     

    install the free Avast:
    http://files.avast.c...virus_setup.exe

     

    (Download the installer program, uninstall MSE, reboot and then right click on the installer program and Run As Admin.)

     

    Once it installs and updates let it run a boot-time scan while you sleep.

     

    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:


    Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

    Open Microsoft Paint (All Programs, Accessories,Paint).

    Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


    Go to the File Menu and choose Save As.

    Navigate to the folder where you want to save the image.  (Desktop)

    Type a file name for the image: Avast

    Select a file type. jpeg

    Click the Save button.

    Attach Avast.jpg to your Reply.

    (Start a Reply.  Click on the Browse button, point it at your desktop and click on Avast.jpg then Open.  Now click on Attach this File)

     

     

     

     


    • 0

    #13
    mary58

    mary58

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 105 posts

    I'll get to working on this tomorrow afternoon. Was out of town today.


    • 0

    #14
    mary58

    mary58

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 105 posts

    FRST fix log

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
    Ran by Jim at 2014-04-03 12:33:58 Run:1
    Running from C:\Users\Jim\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
    GroupPolicyUsers\S-1-5-21-4212322857-3481637288-2254658967-1002\User: Group Policy restriction detected <======= ATTENTION
    BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    C:\Users\Public\HOW_DECRYPT.HTML
    C:\Users\Public\HOW_DECRYPT.TXT
    C:\Users\Public\HOW_DECRYPT.URL
    C:\Users\Public\Documents\HOW_DECRYPT.TXT
    C:\Users\Jim\HOW_DECRYPT.TXT
    C:\Users\Jim\Downloads\HOW_DECRYPT.HTML
    C:\Users\Jim\Downloads\HOW_DECRYPT.TXT
    C:\Users\Jim\Downloads\HOW_DECRYPT.URL
    C:\Users\Jim\Documents\HOW_DECRYPT.TXT
    C:\Users\Jim\AppData\HOW_DECRYPT.HTML
    C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.TXT
    C:\Users\Jim\AppData\HOW_DECRYPT.TXT
    C:\Users\Jim\AppData\HOW_DECRYPT.URL
    C:\Users\Jim\AppData\Local\HOW_DECRYPT.TXT
    C:\ProgramData\HOW_DECRYPT.TXT

    *****************

    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4212322857-3481637288-2254658967-1002\User => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} => Key deleted successfully.
    HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777} => Key deleted successfully.
    C:\Users\Public\HOW_DECRYPT.HTML => Moved successfully.
    C:\Users\Public\HOW_DECRYPT.TXT => Moved successfully.
    C:\Users\Public\HOW_DECRYPT.URL => Moved successfully.
    C:\Users\Public\Documents\HOW_DECRYPT.TXT => Moved successfully.
    C:\Users\Jim\HOW_DECRYPT.TXT => Moved successfully.
    C:\Users\Jim\Downloads\HOW_DECRYPT.HTML => Moved successfully.
    C:\Users\Jim\Downloads\HOW_DECRYPT.TXT => Moved successfully.
    C:\Users\Jim\Downloads\HOW_DECRYPT.URL => Moved successfully.
    C:\Users\Jim\Documents\HOW_DECRYPT.TXT => Moved successfully.
    C:\Users\Jim\AppData\HOW_DECRYPT.HTML => Moved successfully.
    C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.TXT => Moved successfully.
    C:\Users\Jim\AppData\HOW_DECRYPT.TXT => Moved successfully.
    C:\Users\Jim\AppData\HOW_DECRYPT.URL => Moved successfully.
    C:\Users\Jim\AppData\Local\HOW_DECRYPT.TXT => Moved successfully.
    C:\ProgramData\HOW_DECRYPT.TXT => Moved successfully.

    The system needed a reboot.

    ==== End of Fixlog ====


    • 0

    #15
    mary58

    mary58

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 105 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
    Ran by Jim (administrator) on JIM-PC on 03-04-2014 12:47:53
    Running from C:\Users\Jim\Desktop
    Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    ( ) C:\Windows\system32\dlbccoms.exe
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
    (Microsoft Corporation) C:\Windows\System32\wpcumi.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (SigmaTel, Inc.) C:\Windows\sttray.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
    HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
    HKLM\...\Run: [ECenter] - c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
    HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2006-10-13] (CyberLink Corp.)
    HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
    HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
    HKLM\...\Run: [DNS7reminder] - C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
    HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [SigmatelSysTrayApp] - C:\Windows\sttray.exe [303104 2007-02-07] (SigmaTel, Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-03-04] (Google Inc.)
    HKU\S-1-5-21-4212322857-3481637288-2254658967-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-15] (Google)
    AppInit_DLLs:  C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-15] (Google)
    Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
    ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cabelas.c...requestid=92544
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.dell....c=us&l=en&s=gen
    BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Winsock: Catalog9 20 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF SearchPlugin: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\searchplugins\swagbuckscom.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
    FF Extension: Vista-aero - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2012-07-29]
    FF Extension: Google Toolbar for Firefox - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-09-03]
    FF Extension: Fire.fm - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2014-03-27]
    FF Extension: Microsoft Flat Scrollbar Control 6.0 (SP4) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{FE32BFBC-7CE5-CA03-8A50-0615902151C0} [2014-03-22]
    FF Extension: FDislike - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\[email protected] [2014-03-27]
    FF Extension: Speed Dial - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-03-27]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-03]
    FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-12-04]
    FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-03]
    FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Jim\AppData\Roaming\Move Networks
    FF Extension: Move Media Player - C:\Users\Jim\AppData\Roaming\Move Networks [2010-01-28]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR Extension: (Microsoft Flat Scrollbar Control 6.0 (SP4)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-03-22]
    CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]

    ========================== Services (Whitelisted) =================

    R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
    R2 dlbc_device; C:\Windows\system32\dlbccoms.exe [538096 2007-02-07] ( )
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-15] (Google)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-03-27] (SurfRight B.V.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-03-26] (Emsisoft GmbH)
    R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
    S3 cleanhlp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
    R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
    S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-23] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    R1 MpKsla08efefb; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B36FB85-189A-4653-82D0-52D00CDDD89A}\MpKsla08efefb.sys [39464 2014-04-03] (Microsoft Corporation)
    R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-07] (SigmaTel, Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\Jim\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2014-04-03 12:47 - 2014-04-03 12:49 - 00017053 _____ () C:\Users\Jim\Desktop\FRST.txt
    2014-03-31 19:01 - 2014-04-03 12:47 - 00000000 ____D () C:\FRST
    2014-03-31 19:00 - 2014-03-31 19:00 - 01145856 _____ (Farbar) C:\Users\Jim\Desktop\FRST.exe
    2014-03-31 18:52 - 2014-03-31 18:52 - 00000886 _____ () C:\Users\Jim\Desktop\JRT.txt
    2014-03-31 18:47 - 2014-03-31 18:47 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-31 18:43 - 2014-03-31 18:43 - 01038974 _____ (Thisisu) C:\Users\Jim\Desktop\JRT.exe
    2014-03-30 15:38 - 2014-03-31 19:10 - 00000351 _____ () C:\VEW.txt
    2014-03-30 15:32 - 2014-03-30 15:32 - 00061440 _____ ( ) C:\Users\Jim\Desktop\VEW.exe
    2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\_OTL
    2014-03-29 16:12 - 2014-03-29 16:12 - 00044176 _____ () C:\Users\Jim\Desktop\Extras.Txt
    2014-03-29 16:11 - 2014-03-29 16:11 - 00082310 _____ () C:\Users\Jim\Desktop\OTL.Txt
    2014-03-29 15:37 - 2014-03-29 15:37 - 00602112 _____ (OldTimer Tools) C:\Users\Jim\Desktop\OTL.exe
    2014-03-28 12:22 - 2014-03-28 12:23 - 00000000 ____D () C:\Windows\Temp198C81B3-7D85-FCDE-9E0A-FB12C7B02F4D-Signatures
    2014-03-27 14:53 - 2014-03-27 14:53 - 00001734 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2014-03-27 14:53 - 2014-03-27 14:53 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-03-27 14:52 - 2014-03-27 15:12 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-03-27 14:50 - 2014-03-27 14:52 - 10089256 _____ (SurfRight B.V.) C:\Users\Jim\Downloads\HitmanPro.exe
    2014-03-27 14:47 - 2014-03-27 14:50 - 00002878 _____ () C:\Users\Jim\Desktop\Rkill.txt
    2014-03-27 14:46 - 2014-03-27 14:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jim\Downloads\rkill.exe
    2014-03-27 13:28 - 2014-03-27 13:28 - 00000000 ____D () C:\Users\Jim\Documents\tdsskiller
    2014-03-27 13:26 - 2014-03-27 13:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Jim\Downloads\tdsskiller.exe
    2014-03-27 12:24 - 2014-03-27 12:26 - 00000000 ____D () C:\Windows\TempB4F5739D-E215-85C6-81D3-C8A4351E735E-Signatures
    2014-03-26 19:54 - 2014-03-26 19:54 - 00006482 _____ () C:\Windows\PFRO.log
    2014-03-26 19:40 - 2014-03-26 19:40 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\EurekaLab s.a.s
    2014-03-26 14:01 - 2014-03-26 14:01 - 00054682 _____ () C:\Users\Jim\Documents\cc_20140326_140059.reg
    2014-03-26 13:49 - 2014-03-26 13:49 - 00000890 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2014-03-26 13:46 - 2014-04-03 12:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
    2014-03-26 13:46 - 2014-03-26 13:46 - 00000000 ____D () C:\Users\Jim\Documents\Anti-Malware
    2014-03-26 13:38 - 2014-03-26 13:38 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-03-26 13:38 - 2014-03-26 13:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-03-26 13:34 - 2014-03-26 13:34 - 00282880 _____ (Mozilla) C:\Users\Jim\Downloads\Firefox Setup Stub 28.0.exe
    2014-03-26 12:03 - 2014-03-26 12:03 - 00000000 ____D () C:\Windows\TempF589AB41-A5F2-BF2A-6545-87EB3F0CE685-Signatures
    2014-03-25 12:38 - 2014-02-22 22:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-25 12:38 - 2014-02-22 22:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-25 12:38 - 2014-02-22 22:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-25 12:38 - 2014-02-22 22:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-25 12:38 - 2014-02-22 22:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-25 12:38 - 2014-02-22 22:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-25 12:38 - 2014-02-22 22:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-03-25 12:38 - 2014-02-22 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-25 12:38 - 2014-02-22 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-25 12:38 - 2014-02-22 22:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-25 12:38 - 2014-02-22 22:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-25 12:38 - 2014-02-22 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-25 12:38 - 2014-02-22 22:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-03-25 12:38 - 2014-02-22 22:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-25 12:38 - 2014-02-22 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-03-25 12:38 - 2014-02-22 22:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-25 12:34 - 2012-06-02 07:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2014-03-25 12:33 - 2012-07-25 20:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
    2014-03-25 12:33 - 2012-07-25 20:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2014-03-25 12:33 - 2012-07-25 20:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2014-03-25 12:33 - 2012-07-25 20:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2014-03-25 12:33 - 2012-07-25 20:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2014-03-25 12:33 - 2012-07-25 20:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2014-03-25 12:33 - 2012-07-25 19:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
    2014-03-25 12:33 - 2012-07-25 19:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2014-03-25 12:33 - 2012-07-25 19:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2014-03-25 12:33 - 2009-07-14 05:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
    2014-03-24 19:59 - 2014-02-07 03:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-24 19:59 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2014-03-24 19:59 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2014-03-24 19:59 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2014-03-24 19:59 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2014-03-24 19:59 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-03-24 19:59 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2014-03-24 19:59 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2014-03-24 19:59 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2014-03-24 19:59 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2014-03-24 19:59 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-03-24 19:59 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-03-24 19:59 - 2013-06-15 06:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2014-03-24 19:59 - 2013-06-15 04:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-03-24 19:59 - 2012-05-11 08:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2014-03-24 19:58 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2014-03-24 19:58 - 2013-07-04 21:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-03-24 19:58 - 2012-09-25 09:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
    2014-03-24 19:57 - 2014-02-03 03:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-24 19:57 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-03-24 19:57 - 2013-10-29 19:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2014-03-24 19:57 - 2013-10-29 18:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2014-03-24 19:57 - 2013-10-29 17:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2014-03-24 19:57 - 2013-07-10 02:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-03-24 19:57 - 2012-11-02 03:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
    2014-03-24 19:57 - 2012-11-02 01:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
    2014-03-24 19:57 - 2012-08-21 04:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2014-03-24 19:57 - 2012-06-29 09:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
    2014-03-24 19:55 - 2012-11-19 21:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-03-24 19:54 - 2013-10-10 19:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2014-03-24 19:54 - 2013-10-10 19:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2014-03-24 19:54 - 2013-10-10 19:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
    2014-03-24 19:54 - 2013-10-10 17:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2014-03-24 19:54 - 2013-10-10 17:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2014-03-24 19:54 - 2013-10-03 05:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-03-24 19:54 - 2013-08-01 21:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2014-03-24 19:54 - 2013-07-12 02:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
    2014-03-24 19:54 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2014-03-24 19:54 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2014-03-24 19:54 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2014-03-24 19:54 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2014-03-24 19:54 - 2013-05-01 21:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2014-03-24 19:54 - 2013-05-01 21:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
    2014-03-24 19:54 - 2013-03-03 12:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-03-24 19:54 - 2012-11-21 20:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
    2014-03-24 19:54 - 2012-11-07 20:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2014-03-24 19:54 - 2012-09-28 09:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-03-24 19:54 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2014-03-24 19:54 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2014-03-24 19:53 - 2013-10-03 05:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-03-24 19:53 - 2013-04-23 21:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
    2014-03-24 19:53 - 2013-04-23 18:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
    2014-03-24 19:52 - 2013-10-22 00:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2014-03-24 19:52 - 2013-10-10 19:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2014-03-24 19:52 - 2013-10-10 19:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2014-03-24 19:52 - 2013-10-10 17:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
    2014-03-24 19:52 - 2013-07-15 21:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
    2014-03-24 19:52 - 2013-07-09 05:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-03-24 19:52 - 2013-07-07 21:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2014-03-24 19:52 - 2013-07-07 21:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-03-24 19:52 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
    2014-03-24 19:52 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2014-03-24 19:52 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2014-03-24 19:52 - 2013-03-08 20:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2014-03-24 19:52 - 2013-03-08 18:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2014-03-24 19:52 - 2012-11-02 03:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-03-24 19:51 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2014-03-24 19:51 - 2013-04-17 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2014-03-24 19:51 - 2013-03-07 20:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2014-03-24 19:51 - 2013-03-07 20:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-03-24 19:50 - 2013-07-02 19:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
    2014-03-24 19:50 - 2013-02-11 18:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
    2014-03-24 19:42 - 2014-01-30 00:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-03-24 19:30 - 2013-11-12 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-03-24 19:25 - 2013-07-07 21:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-03-24 19:25 - 2013-07-07 21:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-03-24 19:25 - 2013-07-07 21:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2014-03-23 17:31 - 2014-03-23 17:31 - 02347384 _____ (ESET) C:\Users\Jim\Downloads\esetsmartinstaller_enu.exe
    2014-03-23 17:27 - 2014-03-23 17:27 - 00013234 _____ () C:\ComboFix.txt
    2014-03-23 16:49 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-03-23 16:49 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-03-23 16:49 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-03-23 16:49 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-03-23 16:47 - 2014-03-23 17:27 - 00000000 ____D () C:\Qoobox
    2014-03-23 16:42 - 2014-03-23 16:44 - 05190773 ____R (Swearware) C:\Users\Jim\Downloads\ComboFix.exe
    2014-03-23 16:22 - 2014-03-23 16:22 - 00000000 ____D () C:\found.001
    2014-03-23 14:58 - 2014-03-23 14:58 - 00000276 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job
    2014-03-23 14:23 - 2014-03-23 16:08 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2014-03-22 16:53 - 2014-03-22 22:24 - 00000000 ____D () C:\Users\Jim\AppData\Local\Odwics
    2014-03-22 16:51 - 2014-03-22 16:51 - 00019353 _____ () C:\Users\Jim\Desktop\hs_err_pid25336.log
    2014-03-22 16:50 - 2014-03-22 16:50 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\{BD1252B4-9CB6-4B0B-AB44-972A81AF2571}

    ==================== One Month Modified Files and Folders =======

    2014-04-03 12:49 - 2014-04-03 12:47 - 00017053 _____ () C:\Users\Jim\Desktop\FRST.txt
    2014-04-03 12:48 - 2012-07-29 18:59 - 01618697 _____ () C:\Windows\WindowsUpdate.log
    2014-04-03 12:47 - 2014-03-31 19:01 - 00000000 ____D () C:\FRST
    2014-04-03 12:47 - 2012-08-07 13:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-04-03 12:42 - 2007-03-13 20:48 - 00000000 ____D () C:\MDT
    2014-04-03 12:41 - 2010-01-05 18:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-03 12:38 - 2010-01-05 18:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-03 12:38 - 2007-06-20 19:28 - 00000008 __RSH () C:\Users\Jim\ntuser.pol
    2014-04-03 12:38 - 2007-03-20 23:44 - 00000000 ____D () C:\Users\Jim
    2014-04-03 12:37 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-03 12:37 - 2006-11-02 05:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-03 12:37 - 2006-11-02 05:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-03 12:36 - 2014-03-26 13:46 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
    2014-04-03 12:35 - 2007-03-13 20:10 - 00003204 _____ () C:\Windows\bthservsdp.dat
    2014-04-03 12:35 - 2006-11-02 06:01 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-04-03 12:34 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
    2014-04-03 12:34 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-03-31 19:10 - 2014-03-30 15:38 - 00000351 _____ () C:\VEW.txt
    2014-03-31 19:00 - 2014-03-31 19:00 - 01145856 _____ (Farbar) C:\Users\Jim\Desktop\FRST.exe
    2014-03-31 18:52 - 2014-03-31 18:52 - 00000886 _____ () C:\Users\Jim\Desktop\JRT.txt
    2014-03-31 18:47 - 2014-03-31 18:47 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-31 18:43 - 2014-03-31 18:43 - 01038974 _____ (Thisisu) C:\Users\Jim\Desktop\JRT.exe
    2014-03-30 15:32 - 2014-03-30 15:32 - 00061440 _____ ( ) C:\Users\Jim\Desktop\VEW.exe
    2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\_OTL
    2014-03-29 16:12 - 2014-03-29 16:12 - 00044176 _____ () C:\Users\Jim\Desktop\Extras.Txt
    2014-03-29 16:11 - 2014-03-29 16:11 - 00082310 _____ () C:\Users\Jim\Desktop\OTL.Txt
    2014-03-29 15:37 - 2014-03-29 15:37 - 00602112 _____ (OldTimer Tools) C:\Users\Jim\Desktop\OTL.exe
    2014-03-28 15:56 - 2012-07-29 19:01 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-03-28 15:55 - 2012-07-29 18:59 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-03-28 12:23 - 2014-03-28 12:22 - 00000000 ____D () C:\Windows\Temp198C81B3-7D85-FCDE-9E0A-FB12C7B02F4D-Signatures
    2014-03-27 15:12 - 2014-03-27 14:52 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-03-27 14:53 - 2014-03-27 14:53 - 00001734 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2014-03-27 14:53 - 2014-03-27 14:53 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-03-27 14:52 - 2014-03-27 14:50 - 10089256 _____ (SurfRight B.V.) C:\Users\Jim\Downloads\HitmanPro.exe
    2014-03-27 14:50 - 2014-03-27 14:47 - 00002878 _____ () C:\Users\Jim\Desktop\Rkill.txt
    2014-03-27 14:46 - 2014-03-27 14:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jim\Downloads\rkill.exe
    2014-03-27 13:28 - 2014-03-27 13:28 - 00000000 ____D () C:\Users\Jim\Documents\tdsskiller
    2014-03-27 13:26 - 2014-03-27 13:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Jim\Downloads\tdsskiller.exe
    2014-03-27 12:26 - 2014-03-27 12:24 - 00000000 ____D () C:\Windows\TempB4F5739D-E215-85C6-81D3-C8A4351E735E-Signatures
    2014-03-26 19:54 - 2014-03-26 19:54 - 00006482 _____ () C:\Windows\PFRO.log
    2014-03-26 19:54 - 2008-07-25 17:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-03-26 19:40 - 2014-03-26 19:40 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\EurekaLab s.a.s
    2014-03-26 19:40 - 2011-02-12 19:52 - 00000000 ____D () C:\Program Files\Defraggler
    2014-03-26 14:01 - 2014-03-26 14:01 - 00054682 _____ () C:\Users\Jim\Documents\cc_20140326_140059.reg
    2014-03-26 13:55 - 2007-11-24 22:05 - 00000000 ____D () C:\Windows\Minidump
    2014-03-26 13:49 - 2014-03-26 13:49 - 00000890 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2014-03-26 13:46 - 2014-03-26 13:46 - 00000000 ____D () C:\Users\Jim\Documents\Anti-Malware
    2014-03-26 13:38 - 2014-03-26 13:38 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-03-26 13:38 - 2014-03-26 13:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-03-26 13:38 - 2008-07-25 17:51 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-03-26 13:34 - 2014-03-26 13:34 - 00282880 _____ (Mozilla) C:\Users\Jim\Downloads\Firefox Setup Stub 28.0.exe
    2014-03-26 12:03 - 2014-03-26 12:03 - 00000000 ____D () C:\Windows\TempF589AB41-A5F2-BF2A-6545-87EB3F0CE685-Signatures
    2014-03-26 11:48 - 2006-11-02 03:33 - 00703214 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-25 16:09 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-03-25 15:19 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache
    2014-03-25 14:46 - 2006-11-02 05:47 - 00321144 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-25 14:45 - 2013-05-29 14:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-25 14:41 - 2006-11-02 05:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
    2014-03-25 14:41 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-03-25 12:55 - 2007-03-13 20:44 - 00000000 ____D () C:\Program Files\Microsoft Works
    2014-03-25 12:30 - 2006-11-02 04:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-03-24 11:51 - 2007-06-19 09:24 - 00000000 ____D () C:\Users\Mary\AppData\Local\Google
    2014-03-24 11:48 - 2007-06-19 09:24 - 00082200 _____ () C:\Users\Mary\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-24 11:47 - 2011-04-18 21:00 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\Apple Computer
    2014-03-23 17:31 - 2014-03-23 17:31 - 02347384 _____ (ESET) C:\Users\Jim\Downloads\esetsmartinstaller_enu.exe
    2014-03-23 17:27 - 2014-03-23 17:27 - 00013234 _____ () C:\ComboFix.txt
    2014-03-23 17:27 - 2014-03-23 16:47 - 00000000 ____D () C:\Qoobox
    2014-03-23 17:19 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini
    2014-03-23 16:45 - 2012-08-01 21:12 - 00000000 ____D () C:\Windows\erdnt
    2014-03-23 16:44 - 2014-03-23 16:42 - 05190773 ____R (Swearware) C:\Users\Jim\Downloads\ComboFix.exe
    2014-03-23 16:22 - 2014-03-23 16:22 - 00000000 ____D () C:\found.001
    2014-03-23 16:08 - 2014-03-23 14:23 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2014-03-23 15:53 - 2008-10-15 13:42 - 00005568 _____ () C:\Users\Jim\AppData\Local\d3d9caps.dat
    2014-03-23 15:00 - 2008-07-29 12:56 - 00001356 _____ () C:\Users\Franklin\AppData\Local\d3d9caps.dat
    2014-03-23 14:58 - 2014-03-23 14:58 - 00000276 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job
    2014-03-23 14:56 - 2007-06-02 19:55 - 00000000 ____D () C:\Users\Franklin\AppData\Roaming\Adobe
    2014-03-22 22:24 - 2014-03-22 16:53 - 00000000 ____D () C:\Users\Jim\AppData\Local\Odwics
    2014-03-22 20:10 - 2010-08-06 17:54 - 02945110 _____ () C:\Users\Jim\Downloads\Tim Hawkins - A Homeschool Family.flv
    2014-03-22 19:47 - 2010-12-18 19:45 - 00001622 _____ () C:\Users\Jim\Documents\Songs from Air America.txt
    2014-03-22 19:47 - 2010-09-10 23:16 - 01331286 _____ () C:\Users\Jim\Documents\yoshimoto cube.wps
    2014-03-22 19:47 - 2010-08-29 22:00 - 00017238 _____ () C:\Users\Jim\Documents\promotion request 2010.wps
    2014-03-22 19:47 - 2010-08-29 21:17 - 00001110 _____ () C:\Users\Jim\Documents\promotionrequest2010.txt
    2014-03-22 19:47 - 2010-03-24 11:32 - 00002902 _____ () C:\Users\Jim\Documents\Origin of the names of the days.txt
    2014-03-22 19:47 - 2010-01-08 13:47 - 00003926 _____ () C:\Users\Jim\Documents\youbelongwithmetaylorswift.txt
    2014-03-22 19:47 - 2008-05-25 17:51 - 14564182 _____ () C:\Users\Jim\Documents\DSCN2284.MOV
    2014-03-22 19:47 - 2007-10-05 20:28 - 00000000 ____D () C:\Users\Jim\Documents\My Garmin
    2014-03-22 19:47 - 2007-09-29 18:58 - 00016726 _____ () C:\Users\Jim\Documents\puma jagdmesser knife.wps
    2014-03-22 19:46 - 2011-07-11 07:39 - 00002646 _____ () C:\Users\Jim\Documents\Be My Escape Relient K.txt
    2014-03-22 19:46 - 2010-01-15 21:48 - 01633622 _____ () C:\Users\Jim\Documents\12 pyramids.wps
    2014-03-22 19:46 - 2009-12-24 13:46 - 00002902 _____ () C:\Users\Jim\Documents\Christmas shoes chords.txt
    2014-03-22 19:45 - 2010-08-24 09:01 - 00000000 ____D () C:\Users\Jim\Desktop\New Folder
    2014-03-22 19:37 - 2014-02-14 14:14 - 00027478 _____ () C:\Users\Jim\Desktop\Leadership class notes  2 min speech.wps
    2014-03-22 19:37 - 2012-10-28 14:48 - 00000000 ____D () C:\Users\Jim\Desktop\KINGSTON
    2014-03-22 19:33 - 2010-07-09 16:30 - 00000000 ____D () C:\Users\Jim\Desktop\cages
    2014-03-22 19:33 - 2009-07-03 16:45 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Nuance
    2014-03-22 19:33 - 2008-07-25 17:52 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Mozilla
    2014-03-22 19:26 - 2011-05-02 14:45 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Malwarebytes
    2014-03-22 19:25 - 2009-12-03 22:48 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\HP
    2014-03-22 19:25 - 2007-03-20 23:46 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\GTek
    2014-03-22 19:21 - 2007-05-27 09:25 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Corel
    2014-03-22 19:13 - 2010-06-21 17:38 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Apple Computer
    2014-03-22 19:11 - 2007-03-26 16:41 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Adobe
    2014-03-22 19:08 - 2007-03-20 23:46 - 00000000 ____D () C:\Users\Jim\AppData\Local\Google
    2014-03-22 19:07 - 2010-06-21 17:38 - 00000000 ____D () C:\Users\Jim\AppData\Local\Apple Computer
    2014-03-22 19:06 - 2013-09-22 15:08 - 00000000 ____D () C:\Users\Jim\AppData\Local\Amazon
    2014-03-22 19:06 - 2007-03-26 16:41 - 00000000 ____D () C:\Users\Jim\AppData\Local\Adobe
    2014-03-22 19:06 - 2007-03-13 20:36 - 00000000 ____D () C:\ProgramData\WildTangent
    2014-03-22 18:46 - 2008-03-04 18:54 - 00000000 ____D () C:\ProgramData\Google Updater
    2014-03-22 18:46 - 2007-05-27 09:44 - 00000000 ____D () C:\ProgramData\eBay
    2014-03-22 18:43 - 2010-06-21 17:21 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-03-22 16:51 - 2014-03-22 16:51 - 00019353 _____ () C:\Users\Jim\Desktop\hs_err_pid25336.log
    2014-03-22 16:50 - 2014-03-22 16:50 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\{BD1252B4-9CB6-4B0B-AB44-972A81AF2571}
    2014-03-15 12:36 - 2013-07-19 12:42 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-03-12 12:46 - 2013-09-22 15:10 - 00000000 ____D () C:\Users\Jim\Documents\My Kindle Content
    2014-03-12 11:47 - 2012-08-07 13:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-03-12 11:47 - 2012-08-07 13:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

    Files to move or delete:
    ====================
    C:\Users\Jim\jagex_runescape_preferences.dat
    C:\Users\Jim\jagex_runescape_preferences2.dat
    C:\Users\Jim\jagex__preferences3.dat

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-04-03 12:43

    ==================== End Of Log ============================


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Cryptodefense, ransomware

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP