Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced Tech Support (ATS)


  • This topic is locked This topic is locked
55 replies to this topic

#1 pigrescue

pigrescue

  • Members
  • 31 posts
  • OFFLINE
  •  

Posted 22 January 2014 - 01:24 AM

Okay,I messed up, my laptop (Toshiba L755) was infected and just after xmas I noticed my documents and pictures (everything for my 501.c.3 animal rescue) was GONE. I panicked and somehow wound up on the phone with ATS. They had me put it in safe mode and THANKFULLY (from what I saw) all my pics and docs were there!!! They did a remote in to my laptop and said it would be several hours and they would fix it, A WEEK LATER (with daily phone calls) NOTHING, and on the second day, everything was gone from safe mode too. I was furious and even tho they refunded my money, I still do not have my stuff back, I am heart broken, these docs and pics are SO important to my nonprofit work, it has been horrible... Can anyone help???



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 27 January 2014 - 01:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521662 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 pigrescue

pigrescue
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  

Posted 27 January 2014 - 04:27 PM

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.

I LOST ALL PICTURES AND DOCUMENTS ON MY LAPTOP, IN A PANIC I CALLED A COMPANY CALLED ADVANCED TECH SUPPORT, THEY DID NOTHING AND REFUNDED MY MONEY A WEEK LATER, BUT NOW I CANNOT GO BACK ANY DATE PAST THE DATE THEY WORKED ON THE LAPTOP, THIS PART DECEMBER.

  • new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the VersionEdition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

I HAVE NO IDEA WHAT ANY OF THE ABOVE MEANS!!! SORRY!

  • Please tell us if you have your original Windows CD/DVD available. I DO NOT
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.


#4 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 29 January 2014 - 02:19 PM

Hi,

 

You say that your laptop was infected. Did you try to fix this yourself by running any tools or programs?

 

Can you do this scan for me? If you need help, let me know.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #5 pigrescue

    pigrescue
    • Topic Starter

    • Members
    • 31 posts
    • OFFLINE
    •  

    Posted 29 January 2014 - 07:04 PM

    I can't wait to try it! Thank you!!!! I am really afraid Advanced Tech Support changed my laptop while trying to fix it tho... I will let you know after I try it.



    #6 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:21 AM

    Posted 29 January 2014 - 07:23 PM

    Ok. I looked at ATS a little bit, and they seem to have a less than stellar reputation.


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #7 pigrescue

    pigrescue
    • Topic Starter

    • Members
    • 31 posts
    • OFFLINE
    •  

    Posted 30 January 2014 - 01:03 PM

     
    FIRST ONE
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
    Ran by ats (administrator) on WINDYS on 30-01-2014 10:00:54
    Running from C:\Users\ats\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
    () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [] - [x]
    HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
    HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    MountPoints2: {095cbc43-27d0-11e3-8be9-e89a8f7fa1bd} - E:\VZW_Software_upgrade_assistant.exe
    MountPoints2: {23247260-ad21-11e0-97ac-806e6f6e6963} - D:\PhotoApp.exe -autorun
    MountPoints2: {32a1cdc7-5f07-11e1-90db-e89a8f7fa1bd} - E:\ToolLauncher-Bootstrap.exe
    HKU\TEMP\...\Run: [SearchProtect] - C:\Users\TEMP\AppData\Roaming\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit) <===== ATTENTION
    HKU\TEMP\...\Run: [Driver Manager] - C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe [3986296 2013-11-04] (PC Drivers Headquarters)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5EDBCF8B5102CF01
    URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
    URLSearchHook: HKLM-x32 - (No Name) - {94625830-343a-4df0-88c1-444d195064d0} - No File
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKCU - DefaultScope {26AA8CD5-6BFA-4090-806C-E4B17F54CB76} URL = 
    SearchScopes: HKCU - {26AA8CD5-6BFA-4090-806C-E4B17F54CB76} URL = 
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM-x32 - No Name - {37483b40-c254-4a72-bda4-22ee90182c1e} -  No File
    Toolbar: HKLM-x32 - No Name - {94625830-343a-4df0-88c1-444d195064d0} -  No File
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Hosts: 127.0.0.1 localhost
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{AF0FB7E9-5379-4196-9E21-03EF48FB83A2}: [NameServer]8.8.8.8,8.8.4.4
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\ats\AppData\Roaming\Mozilla\Firefox\Profiles\iushqisr.default
    FF Homepage: hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\ats\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
    FF Plugin ProgramFiles/Appdata: C:\Users\ats\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
    FF Plugin ProgramFiles/Appdata: C:\Users\ats\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
    FF Plugin ProgramFiles/Appdata: C:\Users\ats\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    FF Extension: No Name - C:\Users\ats\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-12-10]
    FF Extension: No Name - C:\Users\ats\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-12-10]
    FF Extension: No Name - C:\Users\ats\AppData\Roaming\Mozilla\Firefox\Profiles\iushqisr.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2013-12-10]
    FF Extension: No Name - C:\Users\ats\AppData\Roaming\Mozilla\Firefox\Profiles\iushqisr.default\Extensions\{94625830-343a-4df0-88c1-444d195064d0} [2013-12-10]
     
    Chrome: 
    =======
    CHR HomePage: hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48
    CHR Extension: (Google Docs) - C:\Users\ats\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-10]
    CHR Extension: (Google Drive) - C:\Users\ats\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
    CHR Extension: (YouTube) - C:\Users\ats\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
    CHR Extension: (Google Search) - C:\Users\ats\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
    CHR Extension: (Google Wallet) - C:\Users\ats\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
    CHR Extension: (Gmail) - C:\Users\ats\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]
    CHR HKLM-x32\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\Windys R & R\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx [2013-12-14]
    CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\WINDYS~1\AppData\Local\Temp\ccex.crx [2013-12-14]
    CHR HKLM-x32\...\Chrome\Extension: [nohfdhapjjlndfgjnmdlcabloeembdkj] - C:\Users\Windys R & R\AppData\Roaming\BabSolution\CR\delta2.crx [2013-12-14]
     
    ==================== Services (Whitelisted) =================
     
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
    R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-09-26] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()
    S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [89304 2013-12-08] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    U4 bdselfpr; 
    U4 vsserv; 
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-30 10:00 - 2014-01-30 10:01 - 00014629 _____ C:\Users\ats\Downloads\FRST.txt
    2014-01-30 10:00 - 2014-01-30 10:00 - 00000000 ____D C:\FRST
    2014-01-30 09:59 - 2014-01-30 10:00 - 02079744 _____ (Farbar) C:\Users\ats\Downloads\FRST64.exe
    2014-01-27 21:37 - 2014-01-30 08:46 - 00000242 _____ C:\Users\ats\Downloads\debug.log
    2014-01-21 22:50 - 2014-01-21 22:50 - 00533684 _____ C:\Users\ats\Downloads\Windy Brochure Draft.pages
    2014-01-21 17:44 - 2014-01-21 17:44 - 03326176 _____ (Microsoft Corporation) C:\Users\ats\Downloads\OutlookConnector (1).exe
    2014-01-21 17:42 - 2014-01-21 17:42 - 03326176 _____ (Microsoft Corporation) C:\Users\ats\Downloads\OutlookConnector.exe
    2014-01-18 21:48 - 2014-01-18 21:48 - 01040395 _____ C:\Users\ats\Downloads\20140112_181708.jpeg
    2014-01-18 21:47 - 2014-01-18 21:47 - 00900474 _____ C:\Users\ats\Downloads\20140112_181639.jpeg
    2014-01-18 21:45 - 2014-01-18 21:45 - 01144447 _____ C:\Users\ats\Downloads\20140112_181542.jpeg
    2014-01-18 19:23 - 2014-01-18 19:23 - 00000000 ____D C:\Users\ats\AppData\Local\CrashDumps
    2014-01-18 16:21 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
    2014-01-18 16:21 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
    2014-01-18 16:21 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
    2014-01-18 16:21 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
    2014-01-18 16:21 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
    2014-01-18 16:21 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
    2014-01-18 16:21 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
    2014-01-18 16:18 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-01-18 16:18 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-01-09 18:20 - 2014-01-09 18:20 - 00000000 ____D C:\Users\ats\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-01-06 11:23 - 2014-01-06 11:23 - 04558848 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
    2014-01-04 18:15 - 2014-01-30 09:05 - 00000000 ____D C:\Users\ats\Desktop\WRR
    2014-01-04 17:34 - 2014-01-04 17:34 - 00043450 _____ C:\Users\ats\Downloads\DSCF0748.jpeg
    2014-01-04 17:34 - 2014-01-04 17:34 - 00041908 _____ C:\Users\ats\Downloads\DSCF0747.jpeg
    2014-01-04 17:34 - 2014-01-04 17:34 - 00037960 _____ C:\Users\ats\Downloads\DSCF0750.jpeg
    2014-01-04 17:34 - 2014-01-04 17:34 - 00033863 _____ C:\Users\ats\Downloads\DSCF0746.jpeg
    2014-01-04 17:33 - 2014-01-04 17:33 - 00039051 _____ C:\Users\ats\Downloads\DSCF0744.jpeg
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-30 10:01 - 2014-01-30 10:00 - 00014629 _____ C:\Users\ats\Downloads\FRST.txt
    2014-01-30 10:00 - 2014-01-30 10:00 - 00000000 ____D C:\FRST
    2014-01-30 10:00 - 2014-01-30 09:59 - 02079744 _____ (Farbar) C:\Users\ats\Downloads\FRST64.exe
    2014-01-30 09:56 - 2009-07-13 20:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-30 09:56 - 2009-07-13 20:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-30 09:52 - 2011-07-12 23:21 - 01959709 _____ C:\windows\WindowsUpdate.log
    2014-01-30 09:49 - 2013-09-04 20:12 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-01-30 09:49 - 2013-05-05 10:35 - 00021503 _____ C:\windows\setupact.log
    2014-01-30 09:49 - 2011-07-13 00:11 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-30 09:49 - 2011-07-13 00:11 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-30 09:49 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2014-01-30 09:05 - 2014-01-04 18:15 - 00000000 ____D C:\Users\ats\Desktop\WRR
    2014-01-30 08:46 - 2014-01-27 21:37 - 00000242 _____ C:\Users\ats\Downloads\debug.log
    2014-01-29 21:47 - 2013-12-10 08:20 - 00000000 ____D C:\Users\ats\AppData\Local\Google
    2014-01-29 20:57 - 2009-07-13 20:45 - 00422256 _____ C:\windows\system32\FNTCACHE.DAT
    2014-01-28 17:34 - 2009-07-13 21:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
    2014-01-28 04:03 - 2013-12-10 09:44 - 00109688 _____ C:\Users\ats\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-01-27 21:25 - 2012-05-11 10:40 - 00000000 ____D C:\ProgramData\Microsoft Help
    2014-01-26 10:00 - 2013-12-21 19:02 - 00001843 ____H C:\Users\ats\Downloads\.picasa.ini
    2014-01-21 22:50 - 2014-01-21 22:50 - 00533684 _____ C:\Users\ats\Downloads\Windy Brochure Draft.pages
    2014-01-21 17:44 - 2014-01-21 17:44 - 03326176 _____ (Microsoft Corporation) C:\Users\ats\Downloads\OutlookConnector (1).exe
    2014-01-21 17:42 - 2014-01-21 17:42 - 03326176 _____ (Microsoft Corporation) C:\Users\ats\Downloads\OutlookConnector.exe
    2014-01-21 17:42 - 2012-06-26 19:10 - 00000000 ____D C:\Program Files (x86)\MSECache
    2014-01-18 23:33 - 2010-11-20 19:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-01-18 22:13 - 2013-07-15 06:25 - 00000000 ____D C:\windows\system32\MRT
    2014-01-18 22:11 - 2011-11-13 07:08 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-01-18 21:48 - 2014-01-18 21:48 - 01040395 _____ C:\Users\ats\Downloads\20140112_181708.jpeg
    2014-01-18 21:47 - 2014-01-18 21:47 - 00900474 _____ C:\Users\ats\Downloads\20140112_181639.jpeg
    2014-01-18 21:45 - 2014-01-18 21:45 - 01144447 _____ C:\Users\ats\Downloads\20140112_181542.jpeg
    2014-01-18 19:23 - 2014-01-18 19:23 - 00000000 ____D C:\Users\ats\AppData\Local\CrashDumps
    2014-01-18 17:05 - 2013-12-10 16:33 - 00000000 ____D C:\Users\ats\Desktop\WRR Docs
    2014-01-13 21:53 - 2013-12-22 09:53 - 00000484 _____ C:\Users\ats\Desktop\debug.log
    2014-01-09 20:11 - 2009-07-13 21:08 - 00032600 _____ C:\windows\Tasks\SCHEDLGU.TXT
    2014-01-09 18:20 - 2014-01-09 18:20 - 00000000 ____D C:\Users\ats\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-01-06 11:23 - 2014-01-06 11:23 - 04558848 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
    2014-01-04 17:34 - 2014-01-04 17:34 - 00043450 _____ C:\Users\ats\Downloads\DSCF0748.jpeg
    2014-01-04 17:34 - 2014-01-04 17:34 - 00041908 _____ C:\Users\ats\Downloads\DSCF0747.jpeg
    2014-01-04 17:34 - 2014-01-04 17:34 - 00037960 _____ C:\Users\ats\Downloads\DSCF0750.jpeg
    2014-01-04 17:34 - 2014-01-04 17:34 - 00033863 _____ C:\Users\ats\Downloads\DSCF0746.jpeg
    2014-01-04 17:33 - 2014-01-04 17:33 - 00039051 _____ C:\Users\ats\Downloads\DSCF0744.jpeg
    2014-01-01 17:44 - 2013-12-24 19:53 - 00000000 ____D C:\ProgramData\CanonIJPLM
     
    Files to move or delete:
    ====================
    C:\Users\TEMP\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Users\ats\ntuser (2).dat
     
     
    Some content of TEMP:
    ====================
    C:\Users\ats\AppData\Local\Temp\MSETUP4.EXE
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
     
    LastRegBack: 2013-12-10 04:11
     
    ==================== End Of Log ============================


    #8 pigrescue

    pigrescue
    • Topic Starter

    • Members
    • 31 posts
    • OFFLINE
    •  

    Posted 30 January 2014 - 01:04 PM

    SECOND RUN

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
    Ran by ats at 2014-01-30 10:02:09
    Running from C:\Users\ats\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
     
    ==================== Installed Programs ======================
     
    ACCOUNTS (x32 Version: 1.17 - Dan Cooperstock)
    Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
    Amazon Links (x32 Version: 2.02 - TOSHIBA Corporation)
    Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
    ArcSoft MediaImpression 2 (x32 Version: 2.0.27.846 - ArcSoft)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36 - Atheros Communications Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-PhotoPrint EX (x32 Version:  - )
    Canon Easy-WebPrint EX (x32 Version: 1.3.5.0 - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32 Version:  - )
    Canon MP Navigator EX 4.0 (x32 Version:  - )
    Canon MP495 series MP Drivers (Version:  - )
    Canon MP495 series User Registration (x32 Version:  - )
    Canon My Printer (x32 Version:  - )
    Canon Solution Menu EX (x32 Version:  - )
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
    Conexant HD Audio (Version: 8.51.1.0 - Conexant)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
    DONATION (x32 Version: 3.49 - Dan Cooperstock)
    doubleTwist (x32 Version: 3.2.2.17028 - doubleTwist Corporation)
    Doxillion Document Converter (x32 Version:  - NCH Software)
    Driver Manager (x32 Version: 8.1 - Driver Manager)
    Easy Phone Sync (x32 Version: 63 - Media Mushroom Limited)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ffdshow [rev 2527] [2008-12-19] (x32 Version: 1.0 - )
    Firebird/InterBase® ODBC driver 2.0.1.152 (x32 Version: 2.0.1.152 - Firebird Project)
    Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
    Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
    Google Earth (x32 Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
    Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
    iCare Data Recovery enterprise license 4.3 (x32 Version:  - iCare Software)
    iCloud (Version: 3.0.2.163 - Apple Inc.)
    Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (x32 Version: 8.15.10.2353 - Intel Corporation)
    Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)
    iTunes (Version: 11.1.3.8 - Apple Inc.)
    Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
    Java™ 6 Update 20 (x32 Version: 6.0.200 - Sun Microsystems, Inc.)
    Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Label@Once 1.0 (x32 Version: 1.0 - Corel)
    LibreOffice 4.0 Help Pack (English) (x32 Version: 4.0.1.2 - The Document Foundation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
    Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 9.0.1 (x86 en-US) (x32 Version: 9.0.1 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MyPC Backup  (Version:  - MyPC Backup) <==== ATTENTION
    Norton PC Checkup (x32 Version: 3.0.2.90.0 - NortonLive Services)
    novaPDF Pro v7 for DONATION (novaPDF 7.4 printer) (Version:  - Softland)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Picasa 3 (x32 Version: 3.9 - Google, Inc.)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Prism Video File Converter (x32 Version:  - NCH Software)
    QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
    Realtek USB 2.0 Reader Driver (x32 Version: 1.0.0.12 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (x32 Version: 2.00.0013 - REALTEK Semiconductor Corp.)
    Recuva (Version: 1.49 - Piriform)
    Safari (x32 Version: 5.34.57.2 - Apple Inc.)
    SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    Skype Launcher (x32 Version: 2.01 - TOSHIBA Corporation)
    Software Informer 1.1 (x32 Version:  - Informer Technologies, Inc.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    Synaptics Pointing Device Driver (Version: 15.2.11.1 - Synaptics Incorporated)
    Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (x32 Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (x32 Version: 4.02.02 - TOSHIBA CORPORATION)
    Toshiba Book Place (x32 Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Bulletin Board (x32 Version: 1.6.08.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (Version: 1.2.25.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Face Recognition (x32 Version: 3.1.8.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden
    TOSHIBA Hardware Setup (x32 Version: 4.08.06.00 - )
    TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
    TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
    Toshiba Laptop Checkup (x32 Version: 2.0.10.26 - Symantec Corporation)
    TOSHIBA Media Controller (x32 Version: 1.0.86.2 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (x32 Version: 1.0.6.1 - TOSHIBA CORPORATION)
    Toshiba Online Backup (x32 Version: 2.0.0.25 - Toshiba)
    TOSHIBA PC Health Monitor (Version: 1.7.4.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.5109 - TOSHIBA CORPORATION)
    TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
    TOSHIBA ReelTime (x32 Version: 1.7.17.64 - TOSHIBA Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.0 - TOSHIBA Corporation)
    TOSHIBA Service Station (x32 Version: 2.1.52 - TOSHIBA)
    TOSHIBA Sleep Utility (x32 Version: 1.4.2.7 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden
    TOSHIBA Supervisor Password (x32 Version: 4.08.06.00 - )
    TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
    TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.3 - TOSHIBA CORPORATION)
    ToshibaRegistration (x32 Version: 1.0.4 - Toshiba)
    Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (x32 Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (x32 Version: 1.10.1206 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (x32 Version: 2.13.1101 - Samsung Electronics Co., Ltd.)
    Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
    Watermark Express (x32 Version: 1.0 - PixelApp Studio)
    WildTangent Games (x32 Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
    Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
     
    ==================== Restore Points  =========================
     
    22-12-2013 16:44:18 Windows Update
    25-12-2013 03:16:15 Windows Update
    02-01-2014 16:03:39 Windows Update
    10-01-2014 01:48:56 Installed Verizon Wireless Software Utility Application for Android - Samsung.
    10-01-2014 02:07:12 Windows Update
    14-01-2014 05:24:22 Windows Update
    19-01-2014 00:27:47 Windows Update
    19-01-2014 06:10:52 Windows Update
    22-01-2014 01:43:07 Installed Microsoft Office Outlook Connector
    23-01-2014 04:09:09 Windows Update
    28-01-2014 03:34:23 Windows Update
     
    ==================== Hosts content: ==========================
     
    2009-07-13 18:34 - 2013-12-10 10:00 - 00000741 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File
    Task: {07669503-04E0-4E78-9142-3C3CE5298A7C} - \Adobe Flash Player Updater No Task File
    Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File
    Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File
    Task: {0E586A89-35B8-4636-8563-D84547844AFA} - \Microsoft\Windows\Media Center\StartRecording No Task File
    Task: {0FA766DD-932B-4084-A9FF-79AE4A44089D} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File
    Task: {13FEABEB-7844-43BD-864E-020DBFB3E98B} - \AdobeFlashPlayerUpdate 2 No Task File
    Task: {18DA0B84-C309-45EF-8C8A-97A1DC113FE8} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File
    Task: {1DEC0920-1F37-47B6-B678-880E3DB2EB4E} - \Microsoft\Windows\SideShow\SessionAgent No Task File
    Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File
    Task: {221DE1C1-46D7-4C8B-A009-40A3B2A682DF} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File
    Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File
    Task: {2588DC27-EAB6-4760-8BF1-5703DDBAA409} - \Microsoft\Windows\WindowsBackup\AutomaticBackup No Task File
    Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File
    Task: {2B2234B1-38C4-45C1-89AF-F7830EF4C868} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService No Task File
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File
    Task: {2F70EC75-51D6-438E-A0BE-EAE9C04234BE} - \Microsoft\Windows\Media Center\ehDRMInit No Task File
    Task: {2F9EEE9D-35EC-49C7-A66A-6052F65BEB60} - \Microsoft\Windows\Media Center\RecordingRestart No Task File
    Task: {3089006A-9FDB-4777-A1F5-4DE44CA32C13} - \Microsoft\Windows\Media Center\OCURActivate No Task File
    Task: {3DC7AD2C-5C3A-4B28-A174-782039D3EA85} - \Microsoft\Windows\Media Center\RegisterSearch No Task File
    Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File
    Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File
    Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File
    Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File
    Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File
    Task: {5E15C04F-8ACE-499C-80BB-3A915B0F2DAB} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File
    Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File
    Task: {603F2C67-3DEB-42C2-A0D6-89FD62A32D2B} - \GoogleUpdateTaskMachineUA No Task File
    Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File
    Task: {654B0B50-030E-478D-8CBF-A854332258BD} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File
    Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File
    Task: {6885E303-EFC1-40B2-A204-B13E2FD573E3} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File
    Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck No Task File
    Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File
    Task: {77EEF520-D1C4-43D9-B732-DAE7930DD9E1} - \PC Checkup 3 Weekly Scan No Task File
    Task: {78DC1F46-38AD-496D-830A-0A35D382C696} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File
    Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File
    Task: {7FED06B3-5B6A-45CC-A1EF-A8247F38DCFC} - \{8893C6E3-AC9B-4799-AC6E-73CEF95C495A} No Task File
    Task: {8047977F-A6C7-435A-AA68-1B1F59E3F43B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File
    Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File
    Task: {83E47512-2346-4FAB-B5F5-E7F7E78CEF45} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor No Task File
    Task: {8602EA65-3194-4492-AA3C-B891DE69B2BF} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File
    Task: {8C18F494-17CA-4950-A9A0-9DDFB9186EBC} - \Microsoft\Windows\Media Center\ActivateWindowsSearch No Task File
    Task: {8C71E3B5-F23A-4F19-A471-8BCBD42A02B6} - \Microsoft\Windows\Media Center\mcupdate No Task File
    Task: {906454C7-40A1-496A-9967-A22BB51BB481} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File
    Task: {92C4E121-E758-4C5B-95BE-15A4685FC5DF} - \Driver Manager-RTMScan No Task File
    Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File
    Task: {9546B037-9A1C-4ACA-842A-86CD9AAD0BBD} - \AdobeFlashPlayerUpdate No Task File
    Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File
    Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File
    Task: {9EB3ABD0-B0E6-438F-838F-A9B8FA6364E7} - \Driver Manager-RTMRules No Task File
    Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File
    Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter No Task File
    Task: {A4DAFE3D-2E85-4F1A-B354-9A793DB63613} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File
    Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications No Task File
    Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater No Task File
    Task: {AB75A816-8E33-41FF-9C2D-DBE15EAFFD2C} - \{699C8151-105F-4910-A146-3DA1E68719A9} No Task File
    Task: {ABFA22BF-ED2A-4BD1-B306-5E24B524CD8F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent No Task File
    Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File
    Task: {AE17005F-9E60-4C41-A422-1F1D2539F1F9} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File
    Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File
    Task: {B25A0EF1-F72A-493E-9813-9E77F70F8C30} - \Microsoft\Windows\SideShow\GadgetManager No Task File
    Task: {B2F37559-8B00-4290-AA56-5DD5656D0DF2} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File
    Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled No Task File
    Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File
    Task: {C3DAC4A5-6C14-4EB6-B392-BD959BF646DE} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File
    Task: {C54D9F29-7430-46BD-BC1E-27F6EBA785D0} - \Microsoft\Windows\Wininet\CacheTask No Task File
    Task: {C78C7B6F-EE6D-44D7-B4BD-6FD0A36877F9} - \Microsoft_Hardware_Launch_IPoint_exe No Task File
    Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File
    Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File
    Task: {CBAE4B96-C967-4F89-B8CB-AFA890E4DCFF} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File
    Task: {CD5E3BFD-6C44-4E50-AD92-34CAF3CEC5DC} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File
    Task: {CD6D5E58-F4A5-45ED-B6E5-8808C3D026A4} - \Apple\AppleSoftwareUpdate No Task File
    Task: {CDD51885-DA56-422D-AF9D-E226E7355365} - \EPUpdater No Task File
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File
    Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File
    Task: {D4466EA0-05E5-4309-AB5F-B031CEEF128B} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File
    Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy No Task File
    Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT No Task File
    Task: {DF6974F8-A3EA-48C6-A2E0-2D4320EC2FAA} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File
    Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File
    Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File
    Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File
    Task: {F0B20AE5-CA9C-473B-BDEB-80A51A5C3E6D} - \Driver Manager-RTMUpdater No Task File
    Task: {F4098BC1-256E-4683-B776-F935A8F26876} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File
    Task: {F58408B2-F374-4987-8A66-29545F8C3D1A} - \GoogleUpdateTaskMachineCore No Task File
    Task: {F73EEEE3-13AA-4CC7-9EA1-4B6092DED721} - \Microsoft\Windows\MobilePC\HotStart No Task File
    Task: {F77498FD-76A5-416F-8D11-2A785E9FD064} - \Microsoft\Windows\SideShow\AutoWake No Task File
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File
    Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File
    Task: {FDCDDF50-8A9F-4448-B0BE-92F912B81646} - \SidebarExecute No Task File
    Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-01-29 21:09 - 2014-01-22 21:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
    2014-01-29 21:08 - 2014-01-22 21:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
    2014-01-29 21:10 - 2014-01-22 21:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
    2014-01-29 21:10 - 2014-01-22 21:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
    2014-01-29 21:08 - 2014-01-22 21:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/30/2014 09:51:13 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/30/2014 08:12:20 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/29/2014 09:57:05 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/29/2014 09:56:30 PM) (Source: Toshiba App Place) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
       at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
       at System.Timers.Timer.set_Enabled(Boolean value)
       at SnappCloud.ActivationReminder.AraClient.PostInit()
       at SnappCloud.ActivationReminder.Program.Main(String[] args)
     
    Error: (01/29/2014 08:59:20 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/28/2014 07:34:18 PM) (Source: Toshiba App Place) (User: )
    Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
    Error Data:
     
    Stack Trace:
       at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
       at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
     
    Error: (01/28/2014 04:03:26 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2138
     
    Error: (01/28/2014 04:03:26 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2138
     
    Error: (01/28/2014 04:03:26 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (01/28/2014 04:03:25 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1092
     
     
    System errors:
    =============
    Error: (01/27/2014 09:25:19 PM) (Source: DCOM) (User: Windys)
    Description: application-specificLocalActivation{B20E899D-B079-479D-A4DC-10F758D9CD9A}{9209B1A6-964A-11D0-9372-00A0C9034910}WindysatsS-1-5-21-3685382414-2234103805-3556607005-1004LocalHost (Using LRPC)
     
    Error: (01/27/2014 07:35:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile MTP Device.
     
    Error: (01/26/2014 09:21:31 AM) (Source: DCOM) (User: Windys)
    Description: application-specificLocalActivation{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}WindysatsS-1-5-21-3685382414-2234103805-3556607005-1004LocalHost (Using LRPC)
     
    Error: (01/26/2014 09:20:39 AM) (Source: DCOM) (User: Windys)
    Description: application-specificLocalActivation{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}WindysatsS-1-5-21-3685382414-2234103805-3556607005-1004LocalHost (Using LRPC)
     
    Error: (01/26/2014 08:23:49 AM) (Source: DCOM) (User: Windys)
    Description: application-specificLocalActivation{B20E899D-B079-479D-A4DC-10F758D9CD9A}{9209B1A6-964A-11D0-9372-00A0C9034910}WindysatsS-1-5-21-3685382414-2234103805-3556607005-1004LocalHost (Using LRPC)
     
    Error: (01/26/2014 08:22:37 AM) (Source: DCOM) (User: Windys)
    Description: application-specificLocalActivation{B20E899D-B079-479D-A4DC-10F758D9CD9A}{9209B1A6-964A-11D0-9372-00A0C9034910}WindysatsS-1-5-21-3685382414-2234103805-3556607005-1004LocalHost (Using LRPC)
     
    Error: (01/26/2014 08:20:25 AM) (Source: DCOM) (User: Windys)
    Description: application-specificLocalActivation{B20E899D-B079-479D-A4DC-10F758D9CD9A}{9209B1A6-964A-11D0-9372-00A0C9034910}WindysatsS-1-5-21-3685382414-2234103805-3556607005-1004LocalHost (Using LRPC)
     
    Error: (01/26/2014 08:19:12 AM) (Source: DCOM) (User: Windys)
    Description: application-specificLocalActivation{B20E899D-B079-479D-A4DC-10F758D9CD9A}{9209B1A6-964A-11D0-9372-00A0C9034910}WindysatsS-1-5-21-3685382414-2234103805-3556607005-1004LocalHost (Using LRPC)
     
    Error: (01/26/2014 07:28:30 AM) (Source: DCOM) (User: )
    Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}
     
    Error: (01/24/2014 07:45:59 PM) (Source: Microsoft Antimalware) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
     
    New Signature Version: 
     
    Previous Signature Version: 1.165.2427.0
     
    Update Source: %NT AUTHORITY59
     
    Update Stage: 4.4.0304.00
     
    Source Path: 4.4.0304.01
     
    Signature Type: %NT AUTHORITY602
     
    Update Type: %NT AUTHORITY604
     
    User: NT AUTHORITY\SYSTEM
     
    Current Engine Version: %NT AUTHORITY605
     
    Previous Engine Version: %NT AUTHORITY606
     
    Error code: %NT AUTHORITY607
     
    Error description: %NT AUTHORITY608
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 36%
    Total physical RAM: 4043.86 MB
    Available physical RAM: 2564.51 MB
    Total Pagefile: 8085.9 MB
    Available Pagefile: 6554.41 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: (TI106139W0E) (Fixed) (Total:580.98 GB) (Free:517.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (HPPhotoDisc) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 4E59E2AF)
    Partition 1: (Active) - (Size=1 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14 GB) - (Type=17)
     
    ==================== End Of Log ============================


    #9 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:21 AM

    Posted 30 January 2014 - 01:26 PM

    Let me ask a few questions.

     

    How did your pictures disappear? Were they just gone one day? Did it happen after you ran a program or something?

     

    How many user accounts do you have on the computer? It looks like the one you are using is named ATS, possibly created by them. Do you have another account?

     

    Where were the missing files located (what folder)?

     

    I would recommend using this computer as little as possible for now in case we need to try and recover deleted files.


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #10 pigrescue

    pigrescue
    • Topic Starter

    • Members
    • 31 posts
    • OFFLINE
    •  

    Posted 30 January 2014 - 01:32 PM

    Exactly, I do think I am using ATS account. I have no idea what the other account would be, I hate to sound so uneducated about this, but I got the laptop a few years ago and just used it, you know, never a problem until I had an idiot at the house during the holidays who went on a porn website and was using the laptop like mad to watch Netflix, then one day, yes, one day, I started the laptop and no pictures, no documents, gone. I admit, I panicked and googled and sadly ended up with ATS as my help, I paid them $200, they remoted in and "worked on it" for 8 days. always telling me they would get them back, they didn't, I was ANGRY, they refunded my money and that was that. 



    #11 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:21 AM

    Posted 30 January 2014 - 01:48 PM

    Where were your files located? Were they in "My Documents" or "My Pictures"?

     

    Please download MiniToolBox, save it to your desktop and run it.
     
    Checkmark the following checkboxes:

    • List Users, Partitions and Memory size.


    • List Restore Points

     
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    Edited by Bud_91, 30 January 2014 - 01:48 PM.

    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #12 pigrescue

    pigrescue
    • Topic Starter

    • Members
    • 31 posts
    • OFFLINE
    •  

    Posted 01 February 2014 - 09:51 PM

    Results

     

    MiniToolBox by Farbar  Version: 23-01-2014
    Ran by ats (administrator) on 01-02-2014 at 18:50:59
    Running from "C:\Users\ats\Downloads"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
     
    ========================= Memory info: ===================================
     
    Percentage of memory in use: 42%
    Total physical RAM: 4043.86 MB
    Available physical RAM: 2337.09 MB
    Total Pagefile: 8085.9 MB
    Available Pagefile: 6281.01 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3970.85 MB
     
    ========================= Partitions: =====================================
     
    1 Drive c: (TI106139W0E) (Fixed) (Total:580.98 GB) (Free:517.46 GB) NTFS
    2 Drive d: (HPPhotoDisc) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS
     
    ========================= Users: ========================================
     
    User accounts for \\WINDYS
     
    Administrator            ats                      Guest                    
     
    ========================= Restore Points ==================================
     
    22-12-2013 16:44:18 Windows Update
    25-12-2013 03:16:15 Windows Update
    02-01-2014 16:03:39 Windows Update
    10-01-2014 01:48:56 Installed Verizon Wireless Software Utility Application for Android - Samsung.
    10-01-2014 02:07:12 Windows Update
    14-01-2014 05:24:22 Windows Update
    19-01-2014 00:27:47 Windows Update
    19-01-2014 06:10:52 Windows Update
    22-01-2014 01:43:07 Installed Microsoft Office Outlook Connector
    23-01-2014 04:09:09 Windows Update
    28-01-2014 03:34:23 Windows Update
    31-01-2014 07:35:47 Windows Update
     
    **** End of log ****


    #13 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:21 AM

    Posted 02 February 2014 - 08:16 PM

    Please be sure to answer all of my questions so that I can help you better.

     

    Can you tell me where the missing files were located? Were they in the "My Documents" folder, or maybe in the "My Pictures" folder?

     

    Please download the attached file to your desktop. Double-click on it to run it, then a text file will open. Please attach the text file to your next post and be sure to answer my questions. 

    Attached Files

    • Attached File  list.bat   304bytes   4 downloads

    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #14 pigrescue

    pigrescue
    • Topic Starter

    • Members
    • 31 posts
    • OFFLINE
    •  

    Posted 03 February 2014 - 03:17 PM

    Sorry Bud 91.

     

    I am at work (laptop at home) so I will download and attach file once I am home from work. 

     

    I had approx 100 word docs and PDFs saved in "my documents" folder and approx 1,000 pictures saved in "My pictures" yes. For some reason, there were approx 15 pictures that I had downloaded from email to my desktop and then transferred to "my pictures" that did not disappear. It makes no sense because I did that a lot, with many pictures, but those were the only ones that didn't disappear. It happened in one night, I used the laptop like usual in December and when done shut down. Next day when I started it, like always, it started just fine but there were no pictures or documents...as I said I panicked and made a bad choice to contact ATS. 

     

    T Y for your time on this... Janice*



    #15 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:21 AM

    Posted 06 February 2014 - 09:28 AM

    OK. I'll wait on you.


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users