Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware


  • Please log in to reply
11 replies to this topic

#1 BugBaron

BugBaron

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 21 December 2014 - 12:35 PM

OS is Windows 7.

 

Problems

Multiple malware.  Those found are:

Powessere.A!reg

Fleercivet.A

Cryptowall.Trace

Ransom:Win32:Crowti

with website https://paytordmbdekmizq.torsona.com/1xifeUx  which I did not click on.  I am not paying.

Agent4.CCMY

Gamarue.I

Downloader: Generic14.DXK

and others.

 

Location of malware seems to be in App Data, Startup...

 

Effect of malware

  • Made my personal documents unreadable.  Effects MS word, MS Excel, Photos, Videos...  I was able to restore to readable documents most files that were in folders.  Individual documents, photos etc had no restore points.
  • I made the mistake of using my desktop as a file storage spot and none of those are restorable.
  • My registry has been hidden.  All I can find of it is HKEY.  HKCU etc. does not appear.

In permissions there is an unknown account and it has a red question mark on it.  Is this a problem?

In "Safe Mode" when I try to open a file it says it is an unlicensed version.  This is a Toshiba laptop and MS Office was installed when I purchased it new.

I believe some remote entity has full control of my computer.

 

All I want to do is to get my files back and then I want to do a DOD clean wipe and reinstall.

 

I believe my readable files are still somewhere in my hard drive, but how to access them.  Do you know any way to get my files back?

 

Please Help. 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 26 December 2014 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


All you need to know about CryptoWall
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

We can clean what the infection has left on your computer but will not be able to restore your files. It's all in the text of the link about.

If you want to continue please execute this.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 BugBaron

BugBaron
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 28 December 2014 - 04:44 AM

Thanks so very much.  Just what I was afraid of.  I will tell you that the folders that I was able to restore to an earlier date were restored from this location:


\\localhost\C$\@GMT-2014.10.29-02.41.08\Users\Username\Documents\Filename
 
If you have configured in your control panel to receive immediate topic reply notifications, you may receive an email for each reply made to this topic.
I don't know what this means and how to do it.
 
Okay, so I ran Farbar and will paste it here.
 
=======================================================================
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by VLK (ATTENTION: The logged in user is not administrator) on LOUISE on 27-12-2014 18:08:36
Running from C:\Users\VLK\Desktop\Farbar
Loaded Profile: VLK (Available profiles: Hercules & VLK & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(FUJIFILM Corporation) C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\VLK\Desktop\Farbar\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2010-10-18] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-07] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-11-16] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597416 2010-11-16] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [35440 2010-09-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2010-11-02] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\...\Run: [AVG-Secure-Search-Update_1014av] => C:\Users\VLK\AppData\Roaming\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe [2774040 2014-09-23] ()
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\...\CurrentVersion\Windows: [Load] C:\Users\VLK\LOCALS~1\Temp\msrskn.cmd <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
Startup: C:\Users\Hercules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\VLK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portal.tds.net/
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> {164B5A4D-4A1D-4FFA-95F5-BC716C2C2085} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS490
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> {B28ECEC8-7460-4A91-AD29-95D44A78C5D1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> {E4C46D59-3921-4104-AAFA-52A040D5E00C} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.170.153.146
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-07]
CHR Extension: (YouTube) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-26]
CHR Extension: (Google Search) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-26]
CHR Extension: (Skype Click to Call) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-09]
CHR Extension: (Bing) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-26]
CHR HKU\S-1-5-21-4265981194-3699158001-637453515-1004\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-07] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [115056 2010-10-20] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 18:03 - 2014-12-27 18:08 - 00000000 ____D () C:\Users\VLK\Desktop\Farbar
2014-12-27 17:59 - 2014-12-27 17:59 - 02122752 _____ (Farbar) C:\Users\VLK\Downloads\FRST64 (1).exe
2014-12-23 19:19 - 2014-12-23 19:20 - 00030958 _____ () C:\Users\VLK\Downloads\Addition.txt
2014-12-23 19:18 - 2014-12-23 19:20 - 00081442 _____ () C:\Users\VLK\Downloads\FRST.txt
2014-12-23 19:17 - 2014-12-27 18:08 - 00000000 ____D () C:\FRST
2014-12-23 19:16 - 2014-12-23 19:16 - 02122240 _____ (Farbar) C:\Users\VLK\Downloads\FRST64.exe
2014-12-23 07:07 - 2014-12-23 07:07 - 00003288 ____N () C:\bootsqm.dat
2014-12-23 06:53 - 2014-12-23 07:59 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\Iryctify
2014-12-23 06:42 - 2014-12-23 06:42 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-12-23 04:53 - 2014-12-23 08:08 - 00000000 ____D () C:\Users\VLK\Documents\Desktop 5-14-14
2014-12-23 04:44 - 2014-12-27 17:26 - 00000000 ____D () C:\Users\VLK\Desktop\New Documents Save
2014-12-18 22:30 - 2014-12-18 22:30 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\TuneUp Software
2014-12-18 20:46 - 2014-12-18 21:46 - 00017017 _____ () C:\Users\Hercules\Desktop\avgrep.txt
2014-12-18 17:08 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 17:08 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-16 20:48 - 2014-12-16 20:48 - 00000000 ____D () C:\Users\Guest\Documents\Guest Documents Clean
2014-12-16 20:33 - 2014-12-23 08:00 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG2015
2014-12-16 20:33 - 2014-12-16 20:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2015
2014-12-11 08:31 - 2014-12-11 08:31 - 00000323 _____ () C:\Users\VLK\Desktop\Bing.url
2014-12-10 20:24 - 2014-12-27 14:24 - 00000520 _____ () C:\windows\Tasks\AVG_SYS_TASK_1014av.job
2014-12-10 20:24 - 2014-12-27 14:24 - 00000388 _____ () C:\windows\Tasks\AVG_SYS_TASK_1014av_DELETE.job
2014-12-10 20:24 - 2014-12-23 08:08 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\Avg_Update_1014av
2014-12-10 20:24 - 2014-12-23 08:00 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2014-12-10 20:19 - 2014-12-23 08:08 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\AVG2015
2014-12-10 20:19 - 2014-12-10 20:28 - 00000000 ____D () C:\Users\VLK\AppData\Local\Avg2015
2014-12-10 20:18 - 2014-12-23 07:21 - 00000000 ____D () C:\Users\Hercules\AppData\Roaming\AVG2015
2014-12-10 20:17 - 2014-12-23 08:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-10 20:17 - 2014-12-21 11:03 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-10 20:17 - 2014-12-17 11:31 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-10 20:17 - 2014-12-10 20:17 - 00000000 ___HD () C:\$AVG
2014-12-10 20:17 - 2014-12-10 20:17 - 00000000 ____D () C:\Users\Hercules\AppData\Roaming\TuneUp Software
2014-12-10 20:15 - 2014-12-23 07:19 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-10 20:10 - 2014-12-27 17:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-10 20:10 - 2014-12-18 20:46 - 00000000 ____D () C:\Users\Hercules\AppData\Local\Avg2015
2014-12-10 20:10 - 2014-12-10 20:10 - 00000000 ____D () C:\Users\Hercules\AppData\Local\MFAData
2014-12-09 22:29 - 2014-12-23 08:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-12-09 22:29 - 2014-12-23 08:00 - 00000000 ____D () C:\Program Files\Recuva
2014-12-09 22:29 - 2014-12-09 22:29 - 00001669 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-12-09 22:28 - 2014-12-09 22:28 - 04210920 _____ (Piriform Ltd) C:\Users\Hercules\Downloads\rcsetup151 (2).exe
2014-12-09 22:28 - 2014-12-09 22:28 - 04210920 _____ (Piriform Ltd) C:\Users\Hercules\Downloads\rcsetup151 (1).exe
2014-12-09 22:27 - 2014-12-09 22:28 - 04210920 _____ (Piriform Ltd) C:\Users\Hercules\Downloads\rcsetup151.exe
2014-12-09 20:15 - 2014-12-09 20:15 - 00000000 __SHD () C:\Users\Hercules\AppData\Local\EmieBrowserModeList
2014-12-09 19:25 - 2014-12-09 19:25 - 00000000 __SHD () C:\Users\VLK\AppData\Local\EmieBrowserModeList
2014-12-09 19:18 - 2014-12-23 08:11 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-09 17:56 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-09 17:56 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-09 17:56 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-09 17:56 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-09 17:56 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-09 17:56 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-09 17:56 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-09 17:56 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-09 15:42 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-12-09 15:42 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-12-09 15:42 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-12-09 15:42 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-12-09 15:42 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-12-09 15:40 - 2014-12-09 15:40 - 00000000 __SHD () C:\Users\Hercules\AppData\Local\EmieUserList
2014-12-09 15:40 - 2014-12-09 15:40 - 00000000 __SHD () C:\Users\Hercules\AppData\Local\EmieSiteList
2014-12-09 15:34 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-09 15:34 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-09 15:34 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-09 15:34 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-09 15:34 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-09 15:34 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-09 15:34 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-09 15:34 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-09 15:34 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-09 15:34 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-09 15:34 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-09 15:34 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-09 15:34 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-09 15:34 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-09 15:34 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-09 15:34 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-09 15:34 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-09 15:34 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-09 15:34 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-09 15:34 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-09 15:34 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 15:34 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-09 15:34 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-09 15:34 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-09 15:34 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-09 15:34 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-09 15:34 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-09 15:34 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-09 15:34 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-09 15:34 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-09 15:34 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-09 15:34 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-09 15:34 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-09 15:34 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-09 15:34 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-09 15:34 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-09 15:34 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-09 15:34 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-09 15:34 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-09 15:34 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 15:34 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-09 15:34 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-09 15:34 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-09 15:34 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-09 15:34 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-09 15:34 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-09 15:34 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-09 15:34 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-09 15:34 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-09 15:34 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-09 15:34 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-09 15:34 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-09 15:34 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-09 15:34 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-09 15:34 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-09 15:34 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:34 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-09 15:34 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-12-09 15:34 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-12-09 15:34 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-12-09 15:34 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-12-09 15:32 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-12-09 15:32 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-12-09 15:31 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-12-09 15:31 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-12-09 15:31 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-12-09 15:31 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-12-09 15:31 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-09 15:31 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-09 15:31 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-09 15:31 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-09 15:31 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-12-09 15:31 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-12-09 15:31 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-12-09 15:31 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-12-09 15:31 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-09 15:31 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-12-09 15:31 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-09 15:31 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-09 15:31 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-09 15:31 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-12-09 15:31 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-12-09 15:31 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-12-09 15:31 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-12-09 15:31 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-09 15:31 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-09 15:31 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 15:31 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-09 15:31 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-09 15:31 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-12-09 15:31 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-12-09 15:31 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 15:31 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-12-09 15:31 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-09 15:31 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-12-09 15:31 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-12-09 15:31 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-12-09 15:31 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-12-09 15:31 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-12-09 15:31 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-12-09 15:31 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-12-09 15:31 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-12-09 15:31 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-12-09 15:31 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-12-09 15:31 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-12-09 15:29 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-12-09 15:29 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-12-09 15:29 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-12-09 15:29 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-12-09 15:29 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-12-09 15:28 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-12-09 15:28 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-12-09 14:57 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-09 14:57 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-09 13:37 - 2014-12-09 13:37 - 00000000 ____D () C:\Users\VLK\Desktop\LiveContent
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-12-05 22:48 - 2014-12-05 22:51 - 00022450 _____ () C:\Users\VLK\Documents\Where.odt
2014-12-05 20:19 - 2014-12-23 07:50 - 00000000 ____D () C:\Users\VLK\Documents\AAA Good Files
2014-12-03 22:06 - 2014-12-03 22:06 - 00000000 ____D () C:\Users\VLK\Documents\New folder (2)
2014-11-27 20:56 - 2014-12-23 07:50 - 00000000 ____D () C:\Users\VLK\Documents\Penny
2014-11-27 20:56 - 2014-12-05 21:29 - 00000000 ____D () C:\Users\VLK\Documents\Watching you
2014-11-27 20:56 - 2014-12-05 19:56 - 00000000 ____D () C:\Users\VLK\Documents\Local Host
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\White Noise
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Wendell
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Websites
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Vixen LA
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Vita Cost Order 4-1-14
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Vintage
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\vincent Scoccia
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Vancouver Light Rail
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Vancouver Clinic
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Unclaimed
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Track
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\TP Ny
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Tinctures
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\TDAmeritrade
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Survival
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Statehood
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Start small business
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Stan
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\ST6
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Shopping
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Sex Trafficking
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Sewing
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Self Improvement
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Seibler New Lot
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Security
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Satellite Tracker
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Sandy Hook
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Rhonda
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Retirement Benefits
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Repair and Service Companies
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Religion
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Recycle things
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Quest Lab
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Prayers
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Poems
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Plants
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Philosophy and Psychology
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Pest
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\PERS 2 RETIREMENT PLAN
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\People Found
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Ouachita Parish Property
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Origin of words and phrases
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Online Orders
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\OneNote Notebooks
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Nostalgia
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Neighbors
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Natural Gas in Louisiana
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\My Location
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Movies to see
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Montagna F. Joseph
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Miss M
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Mindfullness
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Microbes
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Medication
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Math
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Mark
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Love
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Louise Medical claims
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Louise Aetna Claims 2012
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Louise
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Losers and Luv
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Libyan attack 9-12-12
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Legal Search
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Legal
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\LaCenter Property
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\La Pine Road
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Koprek John obit
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Justin
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Jobs Get one
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Jack
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\J L Koprek LLC
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\IRS
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\How to DIY
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\household helps
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\HOTCO LLC
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Home Repairs
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Home Remedies
2014-11-27 20:56 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Hitler
2014-11-27 20:55 - 2014-12-23 07:50 - 00000000 ____D () C:\Users\VLK\Documents\CEU Handouts
2014-11-27 20:55 - 2014-12-06 13:02 - 00000000 ____D () C:\Users\VLK\Documents\Computer
2014-11-27 20:55 - 2014-11-30 12:06 - 00000000 ____D () C:\Users\VLK\Documents\Corel DVD MovieFactory
2014-11-27 20:55 - 2014-11-27 20:56 - 00000000 ____D () C:\Users\VLK\Documents\Gov
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Genealogy
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Friends
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Forms for Re-use
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Foreclosure WA
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\For Sale items
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Financial Info General
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Fax
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Family Info
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Evelyn
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Ethical Medicine Project
2014-11-27 20:55 - 2014-11-27 20:55 - 00000000 ____D () C:\Users\VLK\Documents\Elo's Preschool
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 17:14 - 2010-12-28 16:52 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 17:13 - 2013-01-11 23:15 - 01359802 _____ () C:\windows\WindowsUpdate.log
2014-12-27 17:13 - 2012-08-24 17:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 14:31 - 2009-07-13 20:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 14:31 - 2009-07-13 20:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 14:29 - 2009-07-13 21:13 - 00006210 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-27 14:24 - 2014-11-02 17:28 - 00005668 _____ () C:\windows\setupact.log
2014-12-27 14:24 - 2010-12-28 16:52 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 14:24 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-23 12:06 - 2012-07-16 12:27 - 00086160 _____ () C:\Users\Hercules\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 12:01 - 2012-07-16 12:25 - 00000000 ____D () C:\Users\Hercules
2014-12-23 11:59 - 2012-07-17 22:29 - 00086160 _____ () C:\Users\VLK\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 11:56 - 2009-07-13 21:08 - 00032626 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-23 08:14 - 2012-07-17 20:48 - 00000000 ____D () C:\Users\VLK
2014-12-23 08:14 - 2012-07-15 21:01 - 00000000 ____D () C:\Users\Jack
2014-12-23 08:11 - 2014-05-06 08:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-23 08:11 - 2012-07-16 14:02 - 00000000 ____D () C:\Users\Guest
2014-12-23 08:11 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache
2014-12-23 08:11 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-23 08:08 - 2014-11-02 19:13 - 00000000 ____D () C:\windows\erdnt
2014-12-23 08:08 - 2014-11-02 18:16 - 00000000 ____D () C:\windows\Minidump
2014-12-23 08:08 - 2012-08-24 17:25 - 00000000 ____D () C:\windows\system32\Macromed
2014-12-23 08:08 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-23 08:08 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\servicing
2014-12-23 08:08 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-23 08:00 - 2014-11-02 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2014-12-23 08:00 - 2013-03-13 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-23 08:00 - 2013-03-13 00:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-23 08:00 - 2012-12-07 23:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype
2014-12-23 08:00 - 2012-08-10 12:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-23 08:00 - 2012-07-21 21:59 - 00000000 ____D () C:\Users\VLK\AppData\Local\Microsoft Help
2014-12-23 08:00 - 2012-07-21 21:17 - 00000000 ____D () C:\Users\Hercules\AppData\Local\Microsoft Help
2014-12-23 08:00 - 2012-07-21 21:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-23 08:00 - 2012-07-16 14:34 - 00000000 ____D () C:\Users\Guest\AppData\Local\TOSHIBA_Corporation
2014-12-23 08:00 - 2012-07-16 14:02 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-23 08:00 - 2012-07-16 14:02 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-23 08:00 - 2012-07-16 14:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Toshiba
2014-12-23 08:00 - 2010-12-28 16:52 - 00000000 ____D () C:\ProgramData\Toshiba
2014-12-23 08:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-23 07:59 - 2013-03-13 00:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-23 07:59 - 2012-10-26 13:27 - 00000000 ____D () C:\Program Files (x86)\FinePixViewer
2014-12-23 07:58 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\registration
2014-12-23 07:54 - 2010-12-28 16:49 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-12-23 07:54 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-12-23 07:54 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-12-23 07:54 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-12-23 07:54 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-12-23 07:54 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\SysWOW64\WindowsPowerShell
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Web
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Vss
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\spp
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\Speech
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\NetworkList
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\Msdtc
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\InstallShield
2014-12-23 07:54 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\IME
2014-12-23 07:53 - 2012-07-17 20:26 - 00000000 ____D () C:\windows\system32\SPReview
2014-12-23 07:53 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\winrm
2014-12-23 07:53 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\WCN
2014-12-23 07:53 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\slmgr
2014-12-23 07:53 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-12-23 07:53 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\system32\WindowsPowerShell
2014-12-23 07:53 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\system32\WinBioPlugIns
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\com
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\sysprep
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\spp
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\spool
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\Speech
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\SMI
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\oobe
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\NetworkList
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\MUI
2014-12-23 07:53 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\Msdtc
2014-12-23 07:52 - 2012-07-17 20:25 - 00000000 ____D () C:\windows\system32\EventProviders
2014-12-23 07:52 - 2012-06-26 15:19 - 00000000 ____D () C:\windows\system32\Drivers\NortonPCCheckupx64
2014-12-23 07:52 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\Performance
2014-12-23 07:52 - 2009-07-13 20:45 - 00000000 ____D () C:\windows\Setup
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\IME
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\Dism
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\com
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Speech
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\security
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\schemas
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Resources
2014-12-23 07:52 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PLA
2014-12-23 07:51 - 2009-07-13 19:20 - 00000000 __RSD () C:\windows\Media
2014-12-23 07:51 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\IME
2014-12-23 07:51 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Help
2014-12-23 07:51 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Globalization
2014-12-23 07:50 - 2013-08-20 00:37 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\Opera Software
2014-12-23 07:50 - 2012-10-26 13:37 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\FUJIFILM
2014-12-23 07:50 - 2012-07-17 22:52 - 00000000 ____D () C:\Users\VLK\AppData\Local\TOSHIBA_Corporation
2014-12-23 07:50 - 2012-07-17 22:29 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\Adobe
2014-12-23 07:50 - 2012-07-17 20:48 - 00000000 ___RD () C:\Users\VLK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-23 07:50 - 2012-07-17 20:48 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\Intel
2014-12-23 07:50 - 2012-07-17 20:48 - 00000000 ____D () C:\Users\VLK\AppData\Local\Toshiba
2014-12-23 07:50 - 2012-06-26 15:01 - 00000000 ____D () C:\windows\Downloaded Installations
2014-12-23 07:50 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Branding
2014-12-23 07:21 - 2014-11-08 21:36 - 00000000 ____D () C:\Users\Hercules\AppData\Local\Microsoft Games
2014-12-23 07:21 - 2014-11-02 19:13 - 00000000 ____D () C:\Qoobox
2014-12-23 07:21 - 2014-11-02 19:07 - 00000000 ____D () C:\Users\Hercules\Desktop\TrendMicro AntiThreat Toolkit
2014-12-23 07:21 - 2014-04-05 19:12 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-12-23 07:21 - 2012-12-07 23:39 - 00000000 ____D () C:\ProgramData\Skype
2014-12-23 07:21 - 2012-12-07 23:10 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Opera
2014-12-23 07:21 - 2012-12-07 23:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Opera
2014-12-23 07:21 - 2012-12-07 22:46 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-12-23 07:21 - 2012-07-31 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-23 07:21 - 2012-07-20 20:29 - 00000000 ____D () C:\Users\VLK\AppData\Local\Microsoft Games
2014-12-23 07:21 - 2012-07-17 22:28 - 00000000 ____D () C:\Users\VLK\AppData\Local\Google
2014-12-23 07:21 - 2012-07-17 21:07 - 00000000 ____D () C:\Users\Hercules\AppData\Local\Google
2014-12-23 07:21 - 2012-07-16 14:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-12-23 07:21 - 2012-07-16 14:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Games
2014-12-23 07:21 - 2012-07-16 14:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Intel
2014-12-23 07:21 - 2012-07-16 14:00 - 00000000 ____D () C:\Users\Hercules\AppData\Local\TOSHIBA_Corporation
2014-12-23 07:21 - 2012-07-16 12:26 - 00000000 ____D () C:\Users\Hercules\AppData\Local\Toshiba
2014-12-23 07:21 - 2012-07-16 12:25 - 00000000 ___RD () C:\Users\Hercules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-23 07:21 - 2012-07-16 12:25 - 00000000 ____D () C:\Users\Hercules\AppData\Roaming\Intel
2014-12-23 07:21 - 2012-06-26 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2014-12-23 07:21 - 2012-06-26 15:20 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-23 07:21 - 2012-06-26 15:16 - 00000000 ____D () C:\ProgramData\Norton
2014-12-23 07:21 - 2012-06-26 15:01 - 00000000 ____D () C:\ProgramData\win7_64
2014-12-23 07:21 - 2012-06-26 15:01 - 00000000 ____D () C:\ProgramData\win7_32
2014-12-23 07:21 - 2012-06-26 15:01 - 00000000 ____D () C:\ProgramData\vista64
2014-12-23 07:21 - 2012-06-26 15:01 - 00000000 ____D () C:\ProgramData\vista32
2014-12-23 07:21 - 2010-12-28 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-12-23 07:21 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-23 07:21 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-23 07:21 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-23 07:20 - 2013-01-11 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-23 07:20 - 2012-07-17 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-12-23 07:20 - 2012-06-26 15:12 - 00000000 ____D () C:\ProgramData\Intel
2014-12-23 07:20 - 2012-06-26 15:09 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-12-23 07:20 - 2012-06-26 15:07 - 00000000 ____D () C:\Program Files\Synaptics
2014-12-23 07:20 - 2012-06-26 15:04 - 00000000 ____D () C:\Program Files\Realtek
2014-12-23 07:20 - 2010-12-28 16:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-12-23 07:20 - 2010-12-28 16:52 - 00000000 ____D () C:\ProgramData\Google
2014-12-23 07:20 - 2010-12-28 16:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-23 07:20 - 2010-12-28 07:42 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-12-23 07:20 - 2009-07-13 23:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-23 07:20 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-23 07:20 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-23 07:20 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-23 07:20 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-12-23 07:20 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-23 07:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-23 07:19 - 2014-11-02 19:33 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2014-12-23 07:19 - 2013-09-02 20:17 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-23 07:19 - 2012-12-07 23:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-23 07:19 - 2012-08-21 14:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-23 07:19 - 2012-07-31 21:52 - 00000000 ___RD () C:\MSOCache
2014-12-23 07:19 - 2012-07-31 20:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-23 07:19 - 2012-07-21 21:17 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-23 07:19 - 2012-07-21 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-23 07:19 - 2012-06-26 15:25 - 00000000 ____D () C:\Program Files (x86)\Intel Corporation
2014-12-23 07:19 - 2012-06-26 15:20 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-12-23 07:19 - 2012-06-26 15:19 - 00000000 ____D () C:\Program Files (x86)\Norton PC Checkup
2014-12-23 07:19 - 2012-06-26 15:18 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-12-23 07:19 - 2012-06-26 15:12 - 00000000 ____D () C:\Program Files\Intel
2014-12-23 07:19 - 2012-06-26 15:12 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-23 07:19 - 2012-06-26 15:09 - 00000000 ____D () C:\Program Files\DIFX
2014-12-23 07:19 - 2012-06-26 15:09 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2014-12-23 07:19 - 2012-06-26 15:09 - 00000000 ____D () C:\Program Files (x86)\JMicron
2014-12-23 07:19 - 2012-06-26 15:04 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-12-23 07:19 - 2012-06-26 14:57 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-12-23 07:19 - 2012-06-26 14:55 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-23 07:19 - 2010-12-28 16:58 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-23 07:19 - 2010-12-28 16:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-23 07:19 - 2010-12-28 16:53 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-12-23 07:19 - 2010-12-28 16:52 - 00000000 ____D () C:\Program Files\Google
2014-12-23 07:19 - 2010-12-28 16:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-23 07:19 - 2010-12-28 16:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-23 07:19 - 2010-12-28 07:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-23 07:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-12-23 07:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-12-23 07:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-12-23 07:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-12-23 07:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-23 07:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-12-23 07:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-12-23 07:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-23 07:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-12-23 07:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2014-12-23 07:07 - 2014-10-28 17:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-12-23 06:44 - 2012-08-13 17:25 - 00000000 ____D () C:\Users\VLK\AppData\Local\CrashDumps
2014-12-21 11:05 - 2014-11-02 17:46 - 00007626 _____ () C:\windows\PFRO.log
2014-12-16 20:59 - 2013-02-23 23:19 - 00000000 ____D () C:\Users\Hercules\AppData\Roaming\Skype
2014-12-16 20:33 - 2012-07-16 14:02 - 00086160 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-10 18:12 - 2012-08-24 17:25 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:12 - 2012-08-24 17:25 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 19:21 - 2009-07-13 20:45 - 00341616 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-09 15:34 - 2013-07-15 11:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-09 14:51 - 2014-10-31 19:42 - 00000000 ____D () C:\Users\VLK\AppData\Roaming\FrameworkUpdate7
2014-12-09 14:29 - 2013-09-02 20:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-27 16:40 - 2012-07-14 15:08 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
 
==================== End Of Log ============================
Additional
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by VLK at 2014-12-27 18:09:45
Running from C:\Users\VLK\Desktop\Farbar
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FinePixViewer Ver.5.3 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.3 - FUJIFILM Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Wireless Display (HKLM-x32\...\{B3926E82-9294-4D22-A8FF-9B3EA8F16840}) (Version: 1.3.9.7 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.53.5 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.0 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 2.1.5889 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.10.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.20.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.1.3C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.32C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.8 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.85.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.13 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.3.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.6 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.5.07-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.5.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-11-02 19:24 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\AVG_SYS_TASK_1014av.job => ?
Task: C:\windows\Tasks\AVG_SYS_TASK_1014av_DELETE.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
 
==================== Loaded Modules (whitelisted) =============
 
2011-01-27 07:11 - 2011-01-27 07:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-04-07 15:07 - 2010-04-07 15:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-28 07:42 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 18:08 - 2009-03-12 18:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-12-07 11:32 - 2010-12-07 11:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-03-12 14:41 - 2010-03-12 14:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4265981194-3699158001-637453515-500 - Administrator - Disabled)
Guest (S-1-5-21-4265981194-3699158001-637453515-501 - Limited - Enabled) => C:\Users\Guest
Hercules (S-1-5-21-4265981194-3699158001-637453515-1003 - Administrator - Enabled) => C:\Users\Hercules
VLK (S-1-5-21-4265981194-3699158001-637453515-1004 - Limited - Enabled) => C:\Users\VLK
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/27/2014 02:29:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/27/2014 02:29:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (12/27/2014 02:25:13 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/24/2014 03:28:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/24/2014 03:28:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (12/24/2014 03:24:08 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/23/2014 06:38:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/23/2014 06:38:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (12/23/2014 06:35:51 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/23/2014 03:21:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (12/23/2014 06:31:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:27:38 PM on ‎12/‎23/‎2014 was unexpected.
 
Error: (12/23/2014 06:28:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Internet Connection Sharing (ICS) service hung on starting.
 
Error: (12/23/2014 07:13:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error: 
%%126
 
Error: (12/23/2014 07:12:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error: 
%%126
 
Error: (12/23/2014 07:12:22 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/23/2014 07:12:22 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/23/2014 07:12:22 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/23/2014 07:12:22 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/23/2014 07:12:22 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/23/2014 07:12:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (12/27/2014 02:29:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (12/27/2014 02:29:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (12/27/2014 02:25:13 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/24/2014 03:28:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (12/24/2014 03:28:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (12/24/2014 03:24:08 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/23/2014 06:38:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (12/23/2014 06:38:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (12/23/2014 06:35:51 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/23/2014 03:21:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-02 19:23:23.640
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-02 19:23:23.578
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-09 19:38:58.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-09 19:38:58.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-09 19:38:58.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 15:11:11.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 15:11:11.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 15:11:11.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 44%
Total physical RAM: 6050.69 MB
Available physical RAM: 3356.07 MB
Total Pagefile: 12099.56 MB
Available Pagefile: 8800.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (TI106051W0J) (Fixed) (Total:581.71 GB) (Free:462.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
 
 
 
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 28 December 2014 - 08:52 AM

Check "winmgmt" service or repair WMI.

 

If you have configured in your control panel to receive immediate topic reply notifications, you may receive an email for each reply made to this topic.
I don't know what this means and how to do it.

Read this guide.
Step 4 - Enable topic reply notification by default.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *?* <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\...\CurrentVersion\Windows: [Load] C:\Users\VLK\LOCALS~1\Temp\msrskn.cmd <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> {E4C46D59-3921-4104-AAFA-52A040D5E00C} URL =
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Bing) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKU\S-1-5-21-4265981194-3699158001-637453515-1004\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - No Path
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\VLK\LOCALS~1\Temp\msrskn.cmd
C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • Click on Repairs
  • Click Open repairs - Icon in the bottom right corner
  • Click the Unselect All button then select just the item(s) below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    14 - Removed Temp Files
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    How is the computer running now?


#5 BugBaron

BugBaron
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 29 December 2014 - 02:59 PM

I am stalled because it is not clear that I know what I am doing at this point
 
Please Download Tweaking.com - Windows Repair from Here
 
Is the name of the program:  Windows Repair Or Reimage Repair?
The directions that you have given for this program do not seem applicable to what I am seeing on the download.
 
I am sending the "fixlist" below.
 
thanks
------------------------------------------------------
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by VLK at 2014-12-29 10:40:47 Run:1
Running from C:\Users\VLK\Desktop\New Documents Save\Farbar
Loaded Profile: VLK (Available profiles: Hercules & VLK & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *?* <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\...\CurrentVersion\Windows: [Load] C:\Users\VLK\LOCALS~1\Temp\msrskn.cmd <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=U162DF&PC=U162&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4265981194-3699158001-637453515-1004 -> {E4C46D59-3921-4104-AAFA-52A040D5E00C} URL =
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Bing) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKU\S-1-5-21-4265981194-3699158001-637453515-1004\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - No Path
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\VLK\LOCALS~1\Temp\msrskn.cmd
C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho
 
End
*****************
 
Processes closed successfully.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Error setting value.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key could not be deleted. Access denied.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4C46D59-3921-4104-AAFA-52A040D5E00C} => Key could not be deleted. Access denied.
HKCR\CLSID\{E4C46D59-3921-4104-AAFA-52A040D5E00C} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key could not be deleted. Access denied.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key could not be deleted. Access denied.
C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho => Moved successfully.
C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
HKU\S-1-5-21-4265981194-3699158001-637453515-1004\SOFTWARE\Google\Chrome\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho => Key could not be deleted. Access denied.
catchme => Error deleting Service
"C:\Users\VLK\LOCALS~1\Temp\msrskn.cmd" => File/Directory not found.
"C:\Users\VLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:41:05 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 30 December 2014 - 10:21 AM

It's the Windows Repair (All In One)

Download from one of the locations listed.

Run the tool as an Administrator and follow my instructions.

#7 BugBaron

BugBaron
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 31 December 2014 - 10:10 PM

The Tweaking.com website has a download button at the top of webpage.  I clicked it and it downloaded "Reimage"  Very confusing--must be a sponsor download.  So then I had to uninstall that.  "Reimage"  still popped up again today.

 

So I did run Windows Repair from Tweaking.  Thought I had disabled AVG, but it kept stopping the repair.  Finally just uninstalled AVG and then ran it.  Do you want all of the logs from the repair?

 

Computer sounds much quieter.  I think and hope all of the malware is gone.  I have not used it much since the repair so I will see how it goes.  

 

Thanks so very much.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 01 January 2015 - 09:33 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#9 BugBaron

BugBaron
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 01 January 2015 - 10:02 PM

Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome 38.0.2125.111 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 02 January 2015 - 09:15 AM

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 BugBaron

BugBaron
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 02 January 2015 - 04:09 PM

The test says I have the latest version of Flash Player.  I did not update it, but it must have updated by some means.

 

I will read the "Best Practices".

 

What program/s do you personally prefer for malware protection?  

 

Your assistance has been so wonderful.  I was about ready to wipe the whole thing and start over.  But that is a big task.

 

What can I do for you?  Send you some sunny days?  Looks like you could use it with 18 degrees.

 

Thanks so very much.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 03 January 2015 - 09:05 AM

What program/s do you personally prefer for malware protection?

Just follow the best practices.

My services are free and as for the weather after 73 Winters will survive this one.

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users