Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fff5ee.com Infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 Mike Tanascu

Mike Tanascu

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 06 November 2014 - 03:59 PM

Good afternoon and HELP! 

 

Father in Law's computer has a bad case of fff5ee.com.  It also says something about C:\Windows\SysWOW64\dllhost.exe.

 

Tried a few things to remove it but it seems to be sticking like glue. 

 

I will attach the two files for DDS and wait to hear back.

 

I did enable his Windows Firewall.  He has VIPRE Anti-Virus.

 

I will check for replies and responses at 2:15 each day as I work. 

 

Thanks in advance for any assistance you will be able to provide!!

 

Paula

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:51 AM

Posted 11 November 2014 - 12:11 PM

Hi Paula & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Edited by deeprybka, 11 November 2014 - 12:12 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Mike Tanascu

Mike Tanascu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 12 November 2014 - 02:55 PM

Hi Jurgen.  Thank you for your help with this malware.  I am posting the logs you requested.  I will check back tomorrow afternoon for your next instructions.

 

ESET Log:

[2014.11.12 14:25:30.432] - Begin
[2014.11.12 14:25:30.432] -
[2014.11.12 14:25:30.432] -     ....................................
[2014.11.12 14:25:30.432] -   ..::::::::::::::::::....................
[2014.11.12 14:25:30.432] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.12 14:25:30.432] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.12 14:25:30.442] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.12 14:25:30.442] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.12 14:25:30.442] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.12 14:25:30.442] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.12 14:25:30.442] -     ....................................
[2014.11.12 14:25:30.442] -
[2014.11.12 14:25:30.442] - --------------------------------------------------------------------------------
[2014.11.12 14:25:30.442] -
[2014.11.12 14:25:30.442] - INFO: OS: 6.1.7601 SP1
[2014.11.12 14:25:30.442] - INFO: Product Type: Workstation
[2014.11.12 14:25:30.442] - INFO: WoW64: True
[2014.11.12 14:25:30.442] - INFO: Machine guid: 65D845E8-CC3F-4692-81A8-223C93994FE1
[2014.11.12 14:25:30.442] -
[2014.11.12 14:25:32.902] - INFO: Scanning for system infection...
[2014.11.12 14:25:32.902] - --------------------------------------------------------------------------------
[2014.11.12 14:25:32.902] -
[2014.11.12 14:25:32.902] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.12 14:25:32.902] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.12 14:25:32.902] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.12 14:25:32.902] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.12 14:25:32.902] - INFO: Processing classes...
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}]
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{527FEB36-7FEB-EB36-7FEB-27FE527FEB36}]
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}]
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}]
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
[2014.11.12 14:25:32.902] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.12 14:25:32.902] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.12 14:25:32.912] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
[2014.11.12 14:25:32.912] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
[2014.11.12 14:25:32.912] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.12 14:25:32.912] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.12 14:25:32.912] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.12 14:25:32.912] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.12 14:25:32.912] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.12 14:25:32.912] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.12 14:25:32.912] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.12 14:25:32.912] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.12 14:25:32.912] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.12 14:25:32.912] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.12 14:25:32.912] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.12 14:25:32.912] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.12 14:25:32.912] - INFO: Win32/Poweliks found
[2014.11.12 14:26:13.766] - INFO: process: dllhost.exe, pid 3804, parent 3736
[2014.11.12 14:26:13.766] - INFO: Terminated process pid = 3804
[2014.11.12 14:26:13.766] - INFO: process: dllhost.exe, pid 2648, parent 3804
[2014.11.12 14:26:13.766] - INFO: Terminated process pid = 2648
[2014.11.12 14:26:13.766] - INFO: process: dllhost.exe, pid 4320, parent 724
[2014.11.12 14:26:13.766] - INFO: process: dllhost.exe, pid 10220, parent 2648
[2014.11.12 14:26:13.766] - INFO: Terminated process pid = 10220
[2014.11.12 14:26:13.766] - INFO: process: dllhost.exe, pid 320, parent 2648
[2014.11.12 14:26:13.776] - INFO: Terminated process pid = 320
[2014.11.12 14:26:13.776] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.12 14:26:13.776] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.12 14:26:13.776] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.12 14:26:13.776] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.12 14:26:13.776] - INFO: Processing classes...
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{527FEB36-7FEB-EB36-7FEB-27FE527FEB36}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.12 14:26:13.776] - INFO: Deleted classid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
[2014.11.12 14:26:13.776] - INFO: Processing clsid [\Registry\User\S-1-5-21-2751711370-2290575756-4155360915-1000\SOFTWARE\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
[2014.11.12 14:26:13.776] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.12 14:26:13.776] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.12 14:26:13.776] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.12 14:26:13.776] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.12 14:26:13.776] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.12 14:26:13.776] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.12 14:26:13.776] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.12 14:26:13.776] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.12 14:26:13.776] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.12 14:26:13.776] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.12 14:26:13.776] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.12 14:26:13.776] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.12 14:26:13.776] - INFO: Cleaning status: 0
[2014.11.12 14:26:20.964] - End

 

FRST.txt Scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Michael Tanascu (administrator) on MICHAELTANASCU on 12-11-2014 14:37:57
Running from C:\Users\Michael Tanascu\Downloads
Loaded Profile: Michael Tanascu (Available profiles: Michael Tanascu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [xrsfnw] => C:\ProgramData\xrsfnw.exe [118784 2014-11-12] (EZB Systems, Inc. )
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-2751711370-2290575756-4155360915-1000\...\Run: [acillao] => rundll32 "C:\Users\Michael Tanascu\AppData\Local\acillao.dll",acillao <===== ATTENTION
HKU\S-1-5-21-2751711370-2290575756-4155360915-1000\...\Run: [UitkEtuku] => regsvr32.exe "C:\ProgramData\UitkEtuku\UitkEtuku.dat"
HKU\S-1-5-21-2751711370-2290575756-4155360915-1000\...\Run: [AedfOmgi] => regsvr32.exe "C:\ProgramData\AedfOmgi\AedfOmgi.dat"
HKU\S-1-5-21-2751711370-2290575756-4155360915-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {44B51608-6317-4A08-BEA9-B37A4B014B3A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {44B51608-6317-4A08-BEA9-B37A4B014B3A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {44B51608-6317-4A08-BEA9-B37A4B014B3A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSG.dll ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Toolbar: HKU\S-1-5-21-2751711370-2290575756-4155360915-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2751711370-2290575756-4155360915-1000 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2751711370-2290575756-4155360915-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Michael Tanascu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome:
=======
CHR Profile: C:\Users\Michael Tanascu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael Tanascu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\Michael Tanascu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:37 - 2014-11-12 14:38 - 00012163 _____ () C:\Users\Michael Tanascu\Downloads\FRST.txt
2014-11-12 14:37 - 2014-11-12 14:38 - 00000000 ____D () C:\FRST
2014-11-12 14:37 - 2014-11-12 14:37 - 02116096 _____ (Farbar) C:\Users\Michael Tanascu\Downloads\FRST64.exe
2014-11-12 14:32 - 2014-11-12 14:26 - 00020950 _____ () C:\Users\Michael Tanascu\Desktop\ESETPoweliksCleaner.exe_20141112.142530.3556.log
2014-11-12 14:30 - 2014-11-12 14:30 - 00010574 _____ () C:\Users\Michael Tanascu\Downloads\ESETPoweliksCleaner.exe_20141112.143017.3304.log
2014-11-12 14:25 - 2014-11-12 14:26 - 00020950 _____ () C:\Users\Michael Tanascu\Downloads\ESETPoweliksCleaner.exe_20141112.142530.3556.log
2014-11-12 14:25 - 2014-11-12 14:25 - 00186568 _____ (ESET) C:\Users\Michael Tanascu\Downloads\ESETPoweliksCleaner.exe
2014-11-12 13:23 - 2014-11-12 13:23 - 00118784 _____ (EZB Systems, Inc. ) C:\ProgramData\xrsfnw.exe
2014-11-12 13:22 - 2014-11-12 13:22 - 00023552 _____ () C:\Users\Michael Tanascu\AppData\Local\fgrirof.dll
2014-11-10 16:22 - 2014-11-10 16:22 - 00000000 ____D () C:\ProgramData\MuneLiwxu
2014-11-10 16:21 - 2014-11-10 16:21 - 00000000 ____D () C:\ProgramData\LokeBhiqt
2014-11-10 11:29 - 2014-11-12 12:08 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Local\YkPack
2014-11-10 11:29 - 2014-11-10 16:22 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Local\ATGworks
2014-11-10 11:28 - 2014-11-10 15:46 - 00000000 ____D () C:\ProgramData\GekmUyomg
2014-11-10 11:28 - 2014-11-10 15:46 - 00000000 ____D () C:\ProgramData\FokeMeyh
2014-11-09 12:41 - 2014-11-09 12:41 - 00000000 ____D () C:\ProgramData\ModayWahic
2014-11-09 12:41 - 2014-11-09 12:41 - 00000000 ____D () C:\ProgramData\JiluStutk
2014-11-09 11:39 - 2014-11-10 11:30 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-09 11:39 - 2014-11-10 11:30 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-09 11:38 - 2014-11-10 15:46 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Roaming\FrameworkUpdate7
2014-11-09 09:49 - 2014-11-09 09:49 - 00000000 ____D () C:\ProgramData\AedfOmgi
2014-11-09 09:48 - 2014-11-09 09:48 - 00000000 ____D () C:\ProgramData\UitkEtuku
2014-11-08 18:31 - 2014-11-08 18:31 - 00003480 ____N () C:\bootsqm.dat
2014-11-06 15:49 - 2014-11-06 15:50 - 00688992 ____R (Swearware) C:\Users\Michael Tanascu\Downloads\dds.com
2014-11-06 14:59 - 2014-11-06 14:59 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Local\{AFBC8777-B885-4C5A-85F6-673B87A3DAC2}
2014-11-05 15:44 - 2014-11-05 15:44 - 32601272 _____ (Microsoft Corporation) C:\Users\Michael Tanascu\Downloads\Windows-KB890830-x64-V5.17 (1).exe
2014-11-05 15:40 - 2014-11-05 15:40 - 32601272 _____ (Microsoft Corporation) C:\Users\Michael Tanascu\Downloads\Windows-KB890830-x64-V5.17.exe
2014-11-05 15:28 - 2014-11-05 15:28 - 01706359 _____ (Thisisu) C:\Users\Michael Tanascu\Downloads\JRT.exe
2014-11-05 15:28 - 2014-11-05 15:28 - 00000000 ____D () C:\windows\ERUNT
2014-11-05 15:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-11-05 15:16 - 2014-11-05 15:37 - 00000000 ____D () C:\AdwCleaner
2014-11-05 15:16 - 2014-11-05 15:16 - 01375089 _____ () C:\Users\Michael Tanascu\Downloads\AdwCleaner.exe
2014-10-28 06:52 - 2014-10-28 20:35 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\5E952C75.sys
2014-10-24 14:47 - 2014-11-10 15:47 - 00000372 _____ () C:\windows\Tasks\HPCeeScheduleForMichael Tanascu.job
2014-10-24 14:47 - 2014-10-24 14:47 - 00003246 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMichael Tanascu
2014-10-24 14:21 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-24 14:21 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-24 14:21 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-24 14:21 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-24 14:21 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-24 14:21 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-10-24 14:21 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-24 14:21 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-24 14:21 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-24 14:21 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-24 14:21 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-24 14:21 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-24 14:21 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-24 14:21 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-24 14:21 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-24 14:21 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-10-24 14:21 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-24 14:21 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-24 14:21 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-24 14:21 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-24 14:21 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-24 14:21 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-24 14:20 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-24 14:20 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-24 14:20 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-24 14:20 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-24 14:20 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-24 14:20 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-24 14:20 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-24 14:20 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-24 14:20 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-24 14:20 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-24 14:20 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-24 14:20 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-24 14:20 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-24 14:20 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-24 14:20 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-24 14:20 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-24 14:20 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-24 14:20 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-24 14:20 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-24 14:20 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-24 14:20 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-24 14:20 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-24 14:20 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-24 14:20 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-24 14:20 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-24 14:20 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-24 14:20 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-24 14:20 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-24 14:20 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-24 14:20 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-24 14:20 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-24 14:20 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-24 14:20 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-24 14:20 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-24 14:20 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-24 14:20 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-24 14:20 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-24 14:20 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-24 14:20 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-24 14:20 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-24 14:20 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-24 14:20 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-24 14:20 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-24 14:20 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-24 14:20 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-24 14:20 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-24 14:20 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-24 14:20 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-24 14:20 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-24 14:20 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-24 14:20 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-24 14:20 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-24 14:20 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-24 14:20 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-24 14:19 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-24 14:19 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-24 14:17 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-24 14:17 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-24 14:17 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-24 14:17 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-24 14:17 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-24 14:17 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-24 14:17 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-24 14:17 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-24 14:17 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-24 14:17 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-24 14:17 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-24 14:17 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-24 14:17 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-24 14:17 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-24 14:17 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-24 14:17 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-24 14:17 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-24 14:17 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-24 14:16 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-24 14:16 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-24 14:12 - 2014-11-12 14:01 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 14:12 - 2014-10-24 14:12 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 14:12 - 2014-10-24 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 14:12 - 2014-10-24 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-24 14:12 - 2014-10-24 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 14:12 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-24 14:12 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-24 14:12 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-24 14:11 - 2014-10-24 14:11 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Michael Tanascu\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 13:24 - 2014-10-24 13:24 - 00000000 _____ () C:\Users\Michael Tanascu\AppData\Local\tiddygph.log
2014-10-24 13:24 - 2014-10-24 13:24 - 00000000 _____ () C:\Users\Michael Tanascu\AppData\Local\oqxlvlxf.log
2014-10-24 13:23 - 2014-10-24 13:25 - 00000028 _____ () C:\Users\Michael Tanascu\AppData\Local\squmhorl.log
2014-10-24 13:23 - 2014-10-24 13:23 - 00484544 _____ () C:\Users\Michael Tanascu\AppData\Local\thcadlyi.log
2014-10-24 13:23 - 2014-10-24 13:23 - 00000064 _____ () C:\ProgramData\grdkfdvm.log
2014-10-24 13:23 - 2014-10-24 13:23 - 00000054 _____ () C:\Users\Michael Tanascu\AppData\Local\snhtlkba.log
2014-10-22 16:43 - 2014-10-24 13:20 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-10-22 16:43 - 2014-10-22 16:43 - 00008542 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-22 16:43 - 2014-10-22 16:43 - 00008542 _____ () C:\Users\Michael Tanascu\Downloads\DECRYPT_INSTRUCTION.HTML
2014-10-22 16:43 - 2014-10-22 16:43 - 00008542 _____ () C:\Users\Michael Tanascu\DECRYPT_INSTRUCTION.HTML
2014-10-22 16:43 - 2014-10-22 16:43 - 00004214 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-22 16:43 - 2014-10-22 16:43 - 00004214 _____ () C:\Users\Michael Tanascu\Downloads\DECRYPT_INSTRUCTION.TXT
2014-10-22 16:43 - 2014-10-22 16:43 - 00004214 _____ () C:\Users\Michael Tanascu\DECRYPT_INSTRUCTION.TXT
2014-10-22 16:43 - 2014-10-22 16:43 - 00000276 _____ () C:\Users\Public\INSTALL_TOR.URL
2014-10-22 16:43 - 2014-10-22 16:43 - 00000276 _____ () C:\Users\Michael Tanascu\INSTALL_TOR.URL
2014-10-22 16:43 - 2014-10-22 16:43 - 00000276 _____ () C:\Users\Michael Tanascu\Downloads\INSTALL_TOR.URL
2014-10-22 16:39 - 2014-10-22 16:39 - 00008542 _____ () C:\Users\Michael Tanascu\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-22 16:39 - 2014-10-22 16:39 - 00008542 _____ () C:\Users\Michael Tanascu\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-22 16:39 - 2014-10-22 16:39 - 00008542 _____ () C:\Users\Michael Tanascu\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-22 16:39 - 2014-10-22 16:39 - 00004214 _____ () C:\Users\Michael Tanascu\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-22 16:39 - 2014-10-22 16:39 - 00004214 _____ () C:\Users\Michael Tanascu\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-22 16:39 - 2014-10-22 16:39 - 00004214 _____ () C:\Users\Michael Tanascu\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-22 16:39 - 2014-10-22 16:39 - 00000276 _____ () C:\Users\Michael Tanascu\Documents\INSTALL_TOR.URL
2014-10-22 16:39 - 2014-10-22 16:39 - 00000276 _____ () C:\Users\Michael Tanascu\AppData\Roaming\INSTALL_TOR.URL
2014-10-22 16:39 - 2014-10-22 16:39 - 00000276 _____ () C:\Users\Michael Tanascu\AppData\INSTALL_TOR.URL
2014-10-22 16:38 - 2014-10-22 16:38 - 00008542 _____ () C:\Users\Michael Tanascu\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-22 16:38 - 2014-10-22 16:38 - 00004214 _____ () C:\Users\Michael Tanascu\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-22 16:38 - 2014-10-22 16:38 - 00000276 _____ () C:\Users\Michael Tanascu\AppData\Local\INSTALL_TOR.URL
2014-10-22 16:37 - 2014-10-22 16:37 - 00008542 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-22 16:37 - 2014-10-22 16:37 - 00004214 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-22 16:37 - 2014-10-22 16:37 - 00000276 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-10-22 16:01 - 2014-10-24 13:20 - 00001368 _____ () C:\ProgramData\@system.att
2014-10-22 15:39 - 2014-10-24 13:21 - 00001104 ____H () C:\ProgramData\@system2.att
2014-10-22 15:38 - 2014-10-22 15:38 - 00000448 ____H () C:\Users\Michael Tanascu\AppData\Roaming\麽鎒駓覜
2014-10-21 10:45 - 2014-11-12 13:22 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-21 10:44 - 2014-11-12 14:28 - 00000000 ____D () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-15 07:32 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-15 07:32 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-10-15 07:30 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 07:30 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:36 - 2012-09-03 13:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 14:35 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 14:35 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 14:32 - 2009-07-14 00:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-12 14:31 - 2012-07-25 14:44 - 01661152 _____ () C:\windows\WindowsUpdate.log
2014-11-12 14:28 - 2012-12-04 15:04 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 14:28 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-12 14:28 - 2009-07-13 23:51 - 00095017 _____ () C:\windows\setupact.log
2014-11-12 14:28 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\sysprep
2014-11-12 14:23 - 2014-02-27 17:18 - 00000968 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2751711370-2290575756-4155360915-1000UA.job
2014-11-12 14:23 - 2012-08-24 11:06 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Local\CrashDumps
2014-11-12 14:14 - 2012-12-04 15:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 13:53 - 2013-11-13 10:36 - 00000000 ____D () C:\windows\Minidump
2014-11-12 13:53 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\111214-20638-01.dmp
2014-11-12 13:05 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\111214-27081-01.dmp
2014-11-11 17:23 - 2014-02-27 17:18 - 00000946 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2751711370-2290575756-4155360915-1000Core.job
2014-11-11 16:58 - 2012-07-25 13:49 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8F64B502-C0C6-4719-ACFF-6F6B8CC410F9}
2014-11-10 21:19 - 2014-02-06 11:17 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2014-11-10 17:34 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\111014-24258-01.dmp
2014-11-10 17:34 - 2010-11-20 22:47 - 00771542 _____ () C:\windows\PFRO.log
2014-11-10 15:12 - 2012-08-29 09:30 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Roaming\SoftGrid Client
2014-11-10 14:33 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\111014-23758-01.dmp
2014-11-10 12:51 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\111014-24679-01.dmp
2014-11-10 12:25 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\111014-28485-01.dmp
2014-11-09 12:15 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110914-23836-01.dmp
2014-11-09 11:25 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110914-21777-01.dmp
2014-11-09 10:53 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110914-27752-01.dmp
2014-11-09 08:48 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110914-24944-01.dmp
2014-11-08 18:32 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110814-19266-01.dmp
2014-11-06 16:18 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110614-20763-01.dmp
2014-11-06 15:21 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110614-54756-01.dmp
2014-11-06 09:38 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110614-27253-01.dmp
2014-11-06 09:25 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110614-26566-01.dmp
2014-11-06 09:15 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110614-29140-01.dmp
2014-11-06 08:56 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110614-34101-01.dmp
2014-11-05 16:40 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110514-18002-01.dmp
2014-11-05 14:29 - 2009-07-14 00:37 - 00000000 ____D () C:\windows\DigitalLocker
2014-11-05 09:08 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110514-26972-01.dmp
2014-11-05 08:57 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110514-25443-01.dmp
2014-11-05 08:48 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110514-26691-01.dmp
2014-11-05 08:34 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110514-37845-01.dmp
2014-11-04 17:38 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110414-29749-01.dmp
2014-11-04 17:10 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110414-23992-01.dmp
2014-11-04 17:10 - 2009-07-14 00:08 - 00032610 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-04 07:56 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110414-24351-01.dmp
2014-11-03 16:49 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110314-31824-01.dmp
2014-11-02 12:55 - 2012-07-28 17:06 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-02 12:54 - 2013-10-05 09:12 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-02 07:29 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\110214-35942-01.dmp
2014-10-31 11:52 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\103114-29967-01.dmp
2014-10-29 08:14 - 2012-06-07 16:36 - 00336625 ____N () C:\windows\Minidump\102914-21387-01.dmp
2014-10-26 08:17 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-25 07:26 - 2009-07-13 23:45 - 00267672 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-25 07:24 - 2014-05-06 20:56 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-24 17:47 - 2013-08-15 18:38 - 00000000 ____D () C:\windows\system32\MRT
2014-10-24 16:32 - 2012-08-03 12:00 - 00003230 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMICHAELTANASCU$
2014-10-24 16:32 - 2012-08-03 12:00 - 00000354 _____ () C:\windows\Tasks\HPCeeScheduleForMICHAELTANASCU$.job
2014-10-24 14:38 - 2012-09-03 13:31 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-24 14:38 - 2012-09-03 13:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-10-24 14:38 - 2012-06-07 15:55 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-24 14:09 - 2012-12-04 15:04 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 14:09 - 2012-12-04 15:04 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 14:03 - 2014-01-08 10:26 - 00000000 ____D () C:\Program Files (x86)\VIPRE
2014-10-24 14:03 - 2012-12-04 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-24 14:03 - 2012-07-25 13:44 - 00000000 ____D () C:\Users\Michael Tanascu
2014-10-24 14:03 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-24 14:03 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-24 14:03 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-24 14:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-24 13:40 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-10-24 13:37 - 2014-02-27 17:17 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Local\Facebook
2014-10-24 13:37 - 2013-08-17 11:14 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Local\HP
2014-10-24 13:37 - 2012-12-04 15:04 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Local\Google
2014-10-24 13:37 - 2012-08-27 17:05 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Local\Microsoft Games
2014-10-24 13:37 - 2012-06-07 15:57 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-10-24 13:37 - 2012-06-07 15:40 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-22 16:43 - 2013-02-27 18:00 - 00000000 ____D () C:\Users\Michael Tanascu\Downloads\Ultimate Air Supply
2014-10-22 16:43 - 2012-12-09 13:00 - 00000000 ____D () C:\Users\Michael Tanascu\Downloads\Looper 2012 DVDRip AC3 XViD-RemixHD
2014-10-22 16:39 - 2014-03-06 14:55 - 00000000 ____D () C:\Users\Michael Tanascu\Documents\Garmin
2014-10-22 16:39 - 2014-03-06 14:54 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Roaming\Garmin
2014-10-22 16:39 - 2014-01-08 10:24 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Roaming\VIPRE
2014-10-22 16:39 - 2012-07-25 13:52 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Roaming\Adobe
2014-10-22 16:39 - 2012-07-25 13:47 - 00000000 ____D () C:\Users\Michael Tanascu\AppData\Roaming\Hewlett-Packard
2014-10-22 16:37 - 2014-01-08 10:25 - 00000000 ____D () C:\ProgramData\VIPRE

Files to move or delete:
====================
C:\ProgramData\xrsfnw.exe

Some content of TEMP:
====================
C:\Users\Michael Tanascu\AppData\Local\Temp\AskSLib.dll
C:\Users\Michael Tanascu\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\jcvwbkhq.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\Resource.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\sp58915.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\sp64126.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\temp3850575048.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\temp3938863469.exe
C:\Users\Michael Tanascu\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-08 09:07

==================== End Of Log ============================

 

FRST Addition Scan:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Michael Tanascu at 2014-11-12 14:38:39
Running from C:\Users\Michael Tanascu\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{EC21DBC6-C760-463D-8866-BFACBB28A3E3}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710a-f Product Improvement Study (HKLM\...\{E319D46F-4F14-4867-94CD-FB203ED60AFC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
VIPRE Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Antivirus (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2751711370-2290575756-4155360915-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\vfnws.dll (Microsoft Corporation)

==================== Restore Points  =========================

24-10-2014 22:44:16 Windows Update
04-11-2014 18:23:04 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {075DE857-9A5C-4C3D-A030-CB6C4F7F29B0} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {2351B678-9D03-47B1-9CCA-DBF49A151585} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2751711370-2290575756-4155360915-1000Core => C:\Users\Michael Tanascu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-27] (Facebook Inc.)
Task: {41D73E2E-A43A-4936-BB11-1C88A9C1B4F9} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {4CDC0CA5-0272-4C6C-990A-DDA5EFDAD643} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {54FFD0D9-D796-45C9-9D20-FB5B86100ACC} - System32\Tasks\HPCeeScheduleForMichael Tanascu => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {56BAC9B2-8F7E-4860-9645-5D92547C4ED5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {7B67A0CC-58DE-42F7-843F-80F2947A61E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7D857F2C-8661-484A-BC99-8D9B6D2504EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {84E66A1F-AD09-4899-93BC-08009182BA51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-02] (Hewlett-Packard)
Task: {AA6830FC-55FA-4D73-8ECA-D33AFDAB8030} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HpWebReg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {AAB32735-621D-48A0-A4C5-8DC26373FC82} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2751711370-2290575756-4155360915-1000UA => C:\Users\Michael Tanascu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-27] (Facebook Inc.)
Task: {B513BF77-7C40-4D91-AF89-74879A073B8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-02] (Hewlett-Packard)
Task: {CBB1FC89-7078-4C3D-A501-9E87E5180E43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DABB0602-8372-4E3E-9539-B0D91088EA8E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated)
Task: {DD064B07-F691-414E-B7A9-1C68EBE90EB4} - System32\Tasks\HPCeeScheduleForMICHAELTANASCU$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EADBD8BF-A6CE-4B9A-912E-221C2682FD07} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2751711370-2290575756-4155360915-1000Core.job => C:\Users\Michael Tanascu\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2751711370-2290575756-4155360915-1000UA.job => C:\Users\Michael Tanascu\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMichael Tanascu.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForMICHAELTANASCU$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2014-01-08 10:26 - 2014-06-20 05:08 - 00192376 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-08 10:26 - 2014-06-20 05:08 - 00180088 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D75DDAB3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 24x7HelpSvc => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CalendarSynchService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPAuto => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: PackageTracer_69Service => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: 24x7HELP => "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
MSCONFIG\startupreg: Facebook Update => "C:\Users\Michael Tanascu\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PackageTracer Home Page Guard 64 bit => "C:\PROGRA~2\PACKAG~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: PackageTracer Search Scope Monitor => "C:\PROGRA~2\PACKAG~2\bar\1.bin\69srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: PackageTracer_69 Browser Plugin Loader => C:\PROGRA~2\PACKAG~2\bar\1.bin\69brmon.exe
MSCONFIG\startupreg: PCPowerSpeed => "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RebateInformer => C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
MSCONFIG\startupreg: SBAMTray => "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
MSCONFIG\startupreg: SBRegRebootCleaner => "C:\Program Files (x86)\GFI Software\VIPRE\SBRC.exe"
MSCONFIG\startupreg: SiteRanker => "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

========================= Accounts: ==========================

Administrator (S-1-5-21-2751711370-2290575756-4155360915-500 - Administrator - Disabled)
Guest (S-1-5-21-2751711370-2290575756-4155360915-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2751711370-2290575756-4155360915-1002 - Limited - Enabled)
Michael Tanascu (S-1-5-21-2751711370-2290575756-4155360915-1000 - Administrator - Enabled) => C:\Users\Michael Tanascu

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 02:23:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x000b18b2
Faulting process id: 0x1328
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 01:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x1178
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 00:54:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x157c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 00:10:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x1c20
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 00:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x3f14
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 00:02:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0xd10
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/11/2014 05:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0033f20a
Faulting process id: 0x171c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/11/2014 04:53:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (11/11/2014 04:53:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (11/11/2014 08:39:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10cc

Start Time: 01cffdb4a60813fc

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 20c73a16-69a8-11e4-8b4e-e840f2d4b1ec

System errors:
=============
Error: (11/12/2014 01:54:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/12/2014 01:53:08 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xfffffa8008259010, 0xfffff88004297ba8, 0x0000000000000000, 0x0000000000000002)C:\windows\Minidump\111214-20638-01.dmp111214-20638-01

Error: (11/12/2014 01:53:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:51:31 PM on ‎11/‎12/‎2014 was unexpected.

Error: (11/12/2014 01:06:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/12/2014 01:05:39 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xfffffa8006004390, 0xfffff880040f7ba8, 0x0000000000000000, 0x0000000000000002)C:\windows\Minidump\111214-27081-01.dmp111214-27081-01

Error: (11/12/2014 01:05:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:03:27 PM on ‎11/‎12/‎2014 was unexpected.

Error: (11/12/2014 11:48:04 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/12/2014 11:45:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The VIPRE Antivirus service hung on starting.

Error: (11/12/2014 11:42:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/11/2014 04:53:49 PM) (Source: DCOM) (EventID: 10016) (User: MichaelTanascu)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}MichaelTanascuMichael TanascuS-1-5-21-2751711370-2290575756-4155360915-1000LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (11/12/2014 02:23:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000b18b2132801cffeadfd96d8c2C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll61828bff-6aa1-11e4-bf7c-e840f2d4b1ec

Error: (11/12/2014 01:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765117801cffeaa0c7b8f99C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll5f77f13f-6a9d-11e4-bf7c-e840f2d4b1ec

Error: (11/12/2014 00:54:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c91157c01cffea0e1096bfbC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dllebe9198e-6a94-11e4-befd-e840f2d4b1ec

Error: (11/12/2014 00:10:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf1c2001cffe9b752c537eC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dlld8dc1942-6a8e-11e4-befd-e840f2d4b1ec

Error: (11/12/2014 00:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947653f1401cffe9b4ef9f643C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dlla85be078-6a8e-11e4-befd-e840f2d4b1ec

Error: (11/12/2014 00:02:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbfd1001cffe9a39190fd9C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dllbf561665-6a8d-11e4-befd-e840f2d4b1ec

Error: (11/11/2014 05:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0033f20a171c01cffdfc30a647e2C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dllc2c1969e-69ef-11e4-9cd3-e840f2d4b1ec

Error: (11/11/2014 04:53:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (11/11/2014 04:53:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (11/11/2014 08:39:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1734410cc01cffdb4a60813fc0C:\Program Files\Internet Explorer\iexplore.exe20c73a16-69a8-11e4-8b4e-e840f2d4b1ec

==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 5608.6 MB
Available physical RAM: 3992.94 MB
Total Pagefile: 11215.38 MB
Available Pagefile: 9477.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.5 GB) (Free:833.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 19370C8E)

Partition: GPT Partition Type.

==================== End Of Log ============================

 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:51 AM

Posted 12 November 2014 - 03:16 PM

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.


IDToolbyNathan.png Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.

  • Enter the IDTool directory, right-click on IDToolbyNathan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
  • Wait patiently until the cool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.

Please include that in your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Mike Tanascu

Mike Tanascu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 14 November 2014 - 02:35 PM

I have attached what the IDTool by Nathan found.  Thanks again for your help with this.

 

Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 11/14/2014 2:30:25 PM
Operating System: Windows 7
Service Pack: Service Pack 1
Version Number: 6.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]
1.|  Possible CryptoWall Flag , HKCU\Software\CD7D0BB16B8DD3186BE8DA43697E5A09\0345667899AABDEE
2.|  Possible CryptoWall Flag , C:\Users\Michael Tanascu\Documents\DECRYPT_INSTRUCTION.HTML
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:51 AM

Posted 14 November 2014 - 02:55 PM

Hi,
unfortunately your computer is badly infected. :(
The malware has also encrypted your personal files. We can try to remove the malware if you want to, but your personal files are lost. My personal recommendation would be to reformat as this is the cleaner (and faster!) solution for sure.
How do you want to proceed?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Mike Tanascu

Mike Tanascu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 15 November 2014 - 12:05 PM

Well, that is bad news.  I guess reformatting would be the logical thing to do.  The trouble is that my father in law doesn't seem to have a Windows CD for his computer.  I found Microsoft Works and a Windows XP Application Update Drive CD, but that's it.  Can we do this without the CD?

 

And thank you for trying to get rid of the malware ~



#8 Mike Tanascu

Mike Tanascu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 15 November 2014 - 12:08 PM

And you will have to walk me through reformatting.  I have no idea how to do it.  : (



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:51 AM

Posted 16 November 2014 - 01:32 PM

Hi,
you need a Windows 7 Home Premium 64bit SP1 ISO/DVD to reinstall your operating system.
 

 

have no idea how to do it.

 

It's easy...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Mike Tanascu

Mike Tanascu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 18 November 2014 - 03:04 PM

Hi there.  I am about to reinstall the operating system.  I hope this works...  I have the download on a portable drive.  I am looking for his product ID key before I start the install so I can enter it after the new install.  I am having trouble locating it.



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:51 AM

Posted 18 November 2014 - 03:25 PM

14 Free Product Key Finder Programs <- WinKeyFinder, Magical Jelly Bean Keyfinder are very good

As noted above, if you use Belarc Advisor...after it creates a profile...scroll down to "Software Licenses" near the bottom. Be careful with the log it will create for the computer's profile. Belarc logs will show IPs, various product keys and serial numbers that should be kept private so don't post it.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:51 AM

Posted 22 November 2014 - 03:10 AM

Hi,
can I close this thread? :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Mike Tanascu

Mike Tanascu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 22 November 2014 - 12:23 PM

Hi. Please don't close thread yet.  I downloaded the reinstall operating system onto a thumb drive, but when I inserted it into the computer to run, all it would do was try to copy itself onto a CD.  I couldn't get it to do anything else.  I did find his product key.  I am going to try to download the operating system again.  Maybe I did something wrong...  I also have a rescue disk from another computer with the same operating system.  Would this work on the father in law's machine?



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:51 AM

Posted 22 November 2014 - 01:08 PM

Hi.

 

With this tool you can find the windows key of the infected machine.

http://pcsupport.about.com/od/productkeysactivation/gr/winguggle.htm

 

 

I have sent you a message 7 days ago to answer your questions.
You should burn the ISO to a DVD and follow these steps:
http://www.wikihow.com/Install-Windows-7-for-Beginners


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:51 AM

Posted 27 November 2014 - 03:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users