Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing CryptoWall 3.0 and decrypting files


  • This topic is locked This topic is locked
3 replies to this topic

#1 jmax24

jmax24

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 31 January 2015 - 01:37 PM

Hey, I need some help removing CryptoWall 3.0 and decryting files/pictures. Can this be done? Thanks in advance.

 

Jeff



BC AdBot (Login to Remove)

 


#2 jmax24

jmax24
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 31 January 2015 - 02:00 PM

sorry, i forgot to include the logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015
Ran by john (administrator) on JOHN-PC on 31-01-2015 13:48:45
Running from C:\Users\john\Downloads
Loaded Profiles: john (Available profiles: john)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Users\john\Downloads\rectordecryptor.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Bell Canada Connection Manager] => C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe [87576 2011-06-15] (Bell)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1162247836-5214805-2804573674-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1162247836-5214805-2804573674-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-27]
 
Chrome: 
=======
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (SiteAdvisor) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S3 BellCanadaRcAppSvc; C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [120344 2011-05-31] (SmithMicro Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CABellCanada; C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [124440 2011-05-31] (SmithMicro Inc.)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-18] ()
R2 NWHelper; C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe [270336 2010-10-07] (Novatel Wireless Inc.) [File not signed]
S3 ProfileImpSvc; C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [169496 2011-05-31] (SmithMicro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2011-05-24] (Huawei Technologies Co., Ltd.)
S3 NWRmNet; C:\Windows\System32\DRIVERS\NWRmNet.sys [295424 2010-10-27] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:43 - 2015-01-31 13:43 - 00785592 _____ (Kaspersky Lab ZAO) C:\Users\john\Downloads\rectordecryptor.exe
2015-01-31 13:31 - 2015-01-31 13:33 - 00003020 _____ () C:\Users\john\Downloads\Search.txt
2015-01-31 08:26 - 2015-01-31 08:27 - 00023762 _____ () C:\Users\john\Downloads\Addition (1).txt
2015-01-31 08:18 - 2015-01-31 08:18 - 00061511 _____ () C:\Users\john\Downloads\FRST (1).txt
2015-01-31 08:17 - 2015-01-31 13:48 - 00018527 _____ () C:\Users\john\Downloads\FRST.txt
2015-01-31 08:17 - 2015-01-31 08:20 - 00019458 _____ () C:\Users\john\Downloads\Addition.txt
2015-01-31 08:16 - 2015-01-31 13:48 - 00000000 ____D () C:\FRST
2015-01-31 08:16 - 2015-01-31 08:16 - 02130944 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe
2015-01-30 23:08 - 2015-01-30 23:08 - 00027484 _____ () C:\ComboFix.txt
2015-01-30 22:25 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-30 22:25 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-30 22:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-30 22:24 - 2015-01-30 23:08 - 00000000 ____D () C:\Qoobox
2015-01-30 22:24 - 2015-01-30 23:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-30 22:23 - 2015-01-30 22:23 - 05611408 ____R (Swearware) C:\Users\john\Downloads\ComboFix.exe
2015-01-30 22:02 - 2015-01-30 22:02 - 00000000 ____D () C:\Users\john\AppData\Local\EgisTec
2015-01-30 21:59 - 2015-01-31 08:13 - 00001552 _____ () C:\Windows\PFRO.log
2015-01-30 21:59 - 2015-01-30 22:00 - 00263640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 21:52 - 2015-01-31 08:13 - 00000112 _____ () C:\Windows\setupact.log
2015-01-30 21:52 - 2015-01-30 21:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-30 21:47 - 2015-01-30 21:47 - 02194432 _____ () C:\Users\john\Downloads\adwcleaner_4.109.exe
2015-01-30 21:36 - 2015-01-30 21:36 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Roaming\TuneUp Software
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Roaming\AVG2015
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-30 21:35 - 2015-01-30 21:36 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-30 21:35 - 2015-01-30 21:35 - 00000000 ____D () C:\$AVG
2015-01-30 21:34 - 2015-01-30 21:34 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-30 21:33 - 2015-01-31 13:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-30 21:33 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Local\Avg2015
2015-01-30 21:33 - 2015-01-30 21:33 - 00000000 ____D () C:\Users\john\AppData\Local\MFAData
2015-01-30 21:32 - 2015-01-30 21:32 - 04637504 _____ (AVG Technologies) C:\Users\john\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-30 21:31 - 2015-01-30 21:31 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 21:31 - 2015-01-30 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-30 21:28 - 2015-01-30 21:28 - 00060424 _____ () C:\Users\john\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 20:35 - 2015-01-30 20:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-30 20:35 - 2015-01-30 20:35 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-30 20:35 - 2015-01-30 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-30 20:35 - 2015-01-30 20:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-30 20:28 - 2015-01-30 20:29 - 00000032 _____ () C:\ProgramData\PS.log
2015-01-30 19:53 - 2015-01-30 19:56 - 00018432 ___SH () C:\Users\john\AppData\Roaming\Thumbs.db
2015-01-30 19:52 - 2015-01-30 21:53 - 00018432 ___SH () C:\Users\john\AppData\Thumbs.db
2015-01-30 19:13 - 2015-01-30 21:53 - 00018432 ___SH () C:\Users\john\Thumbs.db
2015-01-30 18:00 - 2015-01-30 21:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 17:56 - 2015-01-31 08:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-30 17:56 - 2015-01-30 17:56 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\Users\john\AppData\Roaming\SUPERAntiSpyware.com
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-30 17:55 - 2015-01-30 21:58 - 00000000 ____D () C:\AdwCleaner
2015-01-30 17:55 - 2015-01-30 17:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-30 17:54 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 17:54 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 17:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 17:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 17:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 13:30 - 2015-01-30 13:30 - 00008528 _____ () C:\Users\john\HELP_DECRYPT.HTML
2015-01-30 13:30 - 2015-01-30 13:30 - 00004204 _____ () C:\Users\john\HELP_DECRYPT.TXT
2015-01-30 13:30 - 2015-01-30 13:30 - 00000272 _____ () C:\Users\john\HELP_DECRYPT.URL
2015-01-30 11:50 - 2015-01-30 11:50 - 00008528 _____ () C:\Users\john\Downloads\HELP_DECRYPT.HTML
2015-01-30 11:50 - 2015-01-30 11:50 - 00004204 _____ () C:\Users\john\Downloads\HELP_DECRYPT.TXT
2015-01-30 11:50 - 2015-01-30 11:50 - 00000272 _____ () C:\Users\john\Downloads\HELP_DECRYPT.URL
2015-01-30 11:49 - 2015-01-30 11:49 - 00008528 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 11:49 - 2015-01-30 11:49 - 00004204 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 11:49 - 2015-01-30 11:49 - 00000272 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 11:48 - 2015-01-30 11:48 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 11:48 - 2015-01-30 11:48 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 11:48 - 2015-01-30 11:48 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-30 06:11 - 2015-01-30 06:11 - 00033056 _____ () C:\Users\john\AppData\Roaming\Torrent downloaded from Flashtorrents.org.txt
2015-01-29 15:40 - 2015-01-29 15:50 - 16694944 _____ () C:\Users\john\Downloads\fwd.zip
2015-01-17 08:55 - 2015-01-17 08:55 - 00000000 ____D () C:\Users\john\AppData\Local\{A302F060-3796-455E-B2E3-C35D6A4F6ADE}
2015-01-16 04:30 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 04:30 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 04:30 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 04:35 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:35 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:35 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 04:35 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 04:35 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 04:35 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 04:35 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 04:35 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 04:35 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 04:35 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-12 12:49 - 2015-01-12 12:49 - 00000000 ____D () C:\Users\john\AppData\Local\{767848F5-B2DC-47CB-8929-67F17D4595E9}
2015-01-05 15:11 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\john\AppData\Local\{AD544F80-B55E-4183-AD8C-D096952B8DB3}
2015-01-05 15:11 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\john\AppData\Local\{926BE834-B0B7-42FF-A128-D671B9854F1C}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:31 - 2014-02-27 07:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:22 - 2011-10-30 08:47 - 01810834 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 08:21 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 08:21 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 08:19 - 2009-07-14 00:13 - 00782876 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 08:13 - 2014-02-27 07:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 08:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 23:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-30 23:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-30 21:31 - 2014-02-27 07:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-30 21:31 - 2014-02-16 09:43 - 00000000 ____D () C:\Users\john\AppData\Local\Google
2015-01-30 21:28 - 2014-09-16 06:00 - 00125440 ___SH () C:\Users\john\Downloads\Thumbs.db
2015-01-30 21:01 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2015-01-30 20:32 - 2009-07-13 21:34 - 00000446 _____ () C:\Windows\win.ini
2015-01-30 20:30 - 2011-09-27 14:27 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-30 20:30 - 2011-09-27 13:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-30 20:28 - 2013-02-13 19:08 - 00000000 ____D () C:\Users\john\AppData\Local\Cyberlink
2015-01-30 20:28 - 2011-10-30 09:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-30 20:22 - 2014-03-25 10:57 - 00046080 ___SH () C:\Users\john\Documents\Thumbs.db
2015-01-30 20:22 - 2013-11-01 12:55 - 00000000 ____D () C:\Users\john\Documents\106SSCAM
2015-01-30 20:22 - 2012-01-01 13:46 - 00000000 ____D () C:\Users\john\Documents\LDW
2015-01-30 19:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2015-01-30 19:13 - 2011-12-25 05:46 - 00000000 ____D () C:\Users\john
2015-01-30 11:49 - 2014-04-12 02:54 - 00000000 ____D () C:\Users\john\AppData\Local\Skype
2015-01-30 11:49 - 2013-12-24 17:27 - 00000000 ____D () C:\Users\john\AppData\Roaming\Skype
2015-01-30 11:49 - 2011-12-31 13:33 - 00000000 ____D () C:\Users\john\AppData\Roaming\YoudaGames
2015-01-30 11:49 - 2011-12-25 18:23 - 00000000 ____D () C:\Users\john\AppData\Roaming\Adobe
2015-01-30 11:48 - 2011-12-25 06:19 - 00000000 ____D () C:\Users\john\AppData\Local\Bell
2015-01-30 11:48 - 2011-12-25 06:19 - 00000000 ____D () C:\ProgramData\Bell
2015-01-30 11:48 - 2011-12-25 05:46 - 00000000 ____D () C:\ProgramData\OEM_E471269A730E
2015-01-30 11:48 - 2011-09-27 14:36 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-30 11:48 - 2011-09-27 14:36 - 00000000 ____D () C:\ProgramData\oem
2015-01-30 11:48 - 2011-09-27 14:34 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2015-01-30 11:48 - 2011-09-27 14:28 - 00000000 ____D () C:\ProgramData\Acer
2015-01-15 04:30 - 2014-10-07 19:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-15 04:30 - 2011-09-27 14:23 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-05-07 10:06 - 2014-05-07 10:06 - 6103040 _____ () C:\Program Files (x86)\GUTE705.tmp
2015-01-30 11:49 - 2015-01-30 11:49 - 0008528 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 11:49 - 2015-01-30 11:49 - 0045597 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-30 11:49 - 2015-01-30 11:49 - 0004204 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 11:49 - 2015-01-30 11:49 - 0000272 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 19:53 - 2015-01-30 19:56 - 0018432 ___SH () C:\Users\john\AppData\Roaming\Thumbs.db
2015-01-30 06:11 - 2015-01-30 06:11 - 0033056 _____ () C:\Users\john\AppData\Roaming\Torrent downloaded from Flashtorrents.org.txt
2011-10-30 09:04 - 2011-10-30 09:07 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-01-30 11:48 - 2015-01-30 11:48 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 11:48 - 2015-01-30 11:48 - 0045597 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-30 11:48 - 2015-01-30 11:48 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 11:48 - 2015-01-30 11:48 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-30 20:28 - 2015-01-30 20:29 - 0000032 _____ () C:\ProgramData\PS.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 19:53
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015
Ran by john (administrator) on JOHN-PC on 31-01-2015 13:48:45
Running from C:\Users\john\Downloads
Loaded Profiles: john (Available profiles: john)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Users\john\Downloads\rectordecryptor.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Bell Canada Connection Manager] => C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe [87576 2011-06-15] (Bell)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1162247836-5214805-2804573674-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1162247836-5214805-2804573674-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-27]
 
Chrome: 
=======
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (SiteAdvisor) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S3 BellCanadaRcAppSvc; C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [120344 2011-05-31] (SmithMicro Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CABellCanada; C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [124440 2011-05-31] (SmithMicro Inc.)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-18] ()
R2 NWHelper; C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe [270336 2010-10-07] (Novatel Wireless Inc.) [File not signed]
S3 ProfileImpSvc; C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [169496 2011-05-31] (SmithMicro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2011-05-24] (Huawei Technologies Co., Ltd.)
S3 NWRmNet; C:\Windows\System32\DRIVERS\NWRmNet.sys [295424 2010-10-27] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:43 - 2015-01-31 13:43 - 00785592 _____ (Kaspersky Lab ZAO) C:\Users\john\Downloads\rectordecryptor.exe
2015-01-31 13:31 - 2015-01-31 13:33 - 00003020 _____ () C:\Users\john\Downloads\Search.txt
2015-01-31 08:26 - 2015-01-31 08:27 - 00023762 _____ () C:\Users\john\Downloads\Addition (1).txt
2015-01-31 08:18 - 2015-01-31 08:18 - 00061511 _____ () C:\Users\john\Downloads\FRST (1).txt
2015-01-31 08:17 - 2015-01-31 13:48 - 00018527 _____ () C:\Users\john\Downloads\FRST.txt
2015-01-31 08:17 - 2015-01-31 08:20 - 00019458 _____ () C:\Users\john\Downloads\Addition.txt
2015-01-31 08:16 - 2015-01-31 13:48 - 00000000 ____D () C:\FRST
2015-01-31 08:16 - 2015-01-31 08:16 - 02130944 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe
2015-01-30 23:08 - 2015-01-30 23:08 - 00027484 _____ () C:\ComboFix.txt
2015-01-30 22:25 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-30 22:25 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-30 22:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-30 22:24 - 2015-01-30 23:08 - 00000000 ____D () C:\Qoobox
2015-01-30 22:24 - 2015-01-30 23:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-30 22:23 - 2015-01-30 22:23 - 05611408 ____R (Swearware) C:\Users\john\Downloads\ComboFix.exe
2015-01-30 22:02 - 2015-01-30 22:02 - 00000000 ____D () C:\Users\john\AppData\Local\EgisTec
2015-01-30 21:59 - 2015-01-31 08:13 - 00001552 _____ () C:\Windows\PFRO.log
2015-01-30 21:59 - 2015-01-30 22:00 - 00263640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 21:52 - 2015-01-31 08:13 - 00000112 _____ () C:\Windows\setupact.log
2015-01-30 21:52 - 2015-01-30 21:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-30 21:47 - 2015-01-30 21:47 - 02194432 _____ () C:\Users\john\Downloads\adwcleaner_4.109.exe
2015-01-30 21:36 - 2015-01-30 21:36 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Roaming\TuneUp Software
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Roaming\AVG2015
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-30 21:35 - 2015-01-30 21:36 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-30 21:35 - 2015-01-30 21:35 - 00000000 ____D () C:\$AVG
2015-01-30 21:34 - 2015-01-30 21:34 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-30 21:33 - 2015-01-31 13:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-30 21:33 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Local\Avg2015
2015-01-30 21:33 - 2015-01-30 21:33 - 00000000 ____D () C:\Users\john\AppData\Local\MFAData
2015-01-30 21:32 - 2015-01-30 21:32 - 04637504 _____ (AVG Technologies) C:\Users\john\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-30 21:31 - 2015-01-30 21:31 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 21:31 - 2015-01-30 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-30 21:28 - 2015-01-30 21:28 - 00060424 _____ () C:\Users\john\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 20:35 - 2015-01-30 20:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-30 20:35 - 2015-01-30 20:35 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-30 20:35 - 2015-01-30 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-30 20:35 - 2015-01-30 20:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-30 20:28 - 2015-01-30 20:29 - 00000032 _____ () C:\ProgramData\PS.log
2015-01-30 19:53 - 2015-01-30 19:56 - 00018432 ___SH () C:\Users\john\AppData\Roaming\Thumbs.db
2015-01-30 19:52 - 2015-01-30 21:53 - 00018432 ___SH () C:\Users\john\AppData\Thumbs.db
2015-01-30 19:13 - 2015-01-30 21:53 - 00018432 ___SH () C:\Users\john\Thumbs.db
2015-01-30 18:00 - 2015-01-30 21:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 17:56 - 2015-01-31 08:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-30 17:56 - 2015-01-30 17:56 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\Users\john\AppData\Roaming\SUPERAntiSpyware.com
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-30 17:55 - 2015-01-30 21:58 - 00000000 ____D () C:\AdwCleaner
2015-01-30 17:55 - 2015-01-30 17:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-30 17:54 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 17:54 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 17:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 17:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 17:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 13:30 - 2015-01-30 13:30 - 00008528 _____ () C:\Users\john\HELP_DECRYPT.HTML
2015-01-30 13:30 - 2015-01-30 13:30 - 00004204 _____ () C:\Users\john\HELP_DECRYPT.TXT
2015-01-30 13:30 - 2015-01-30 13:30 - 00000272 _____ () C:\Users\john\HELP_DECRYPT.URL
2015-01-30 11:50 - 2015-01-30 11:50 - 00008528 _____ () C:\Users\john\Downloads\HELP_DECRYPT.HTML
2015-01-30 11:50 - 2015-01-30 11:50 - 00004204 _____ () C:\Users\john\Downloads\HELP_DECRYPT.TXT
2015-01-30 11:50 - 2015-01-30 11:50 - 00000272 _____ () C:\Users\john\Downloads\HELP_DECRYPT.URL
2015-01-30 11:49 - 2015-01-30 11:49 - 00008528 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 11:49 - 2015-01-30 11:49 - 00004204 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 11:49 - 2015-01-30 11:49 - 00000272 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 11:48 - 2015-01-30 11:48 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 11:48 - 2015-01-30 11:48 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 11:48 - 2015-01-30 11:48 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-30 06:11 - 2015-01-30 06:11 - 00033056 _____ () C:\Users\john\AppData\Roaming\Torrent downloaded from Flashtorrents.org.txt
2015-01-29 15:40 - 2015-01-29 15:50 - 16694944 _____ () C:\Users\john\Downloads\fwd.zip
2015-01-17 08:55 - 2015-01-17 08:55 - 00000000 ____D () C:\Users\john\AppData\Local\{A302F060-3796-455E-B2E3-C35D6A4F6ADE}
2015-01-16 04:30 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 04:30 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 04:30 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 04:35 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:35 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:35 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 04:35 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 04:35 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 04:35 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 04:35 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 04:35 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 04:35 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 04:35 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-12 12:49 - 2015-01-12 12:49 - 00000000 ____D () C:\Users\john\AppData\Local\{767848F5-B2DC-47CB-8929-67F17D4595E9}
2015-01-05 15:11 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\john\AppData\Local\{AD544F80-B55E-4183-AD8C-D096952B8DB3}
2015-01-05 15:11 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\john\AppData\Local\{926BE834-B0B7-42FF-A128-D671B9854F1C}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:31 - 2014-02-27 07:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:22 - 2011-10-30 08:47 - 01810834 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 08:21 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 08:21 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 08:19 - 2009-07-14 00:13 - 00782876 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 08:13 - 2014-02-27 07:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 08:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 23:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-30 23:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-30 21:31 - 2014-02-27 07:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-30 21:31 - 2014-02-16 09:43 - 00000000 ____D () C:\Users\john\AppData\Local\Google
2015-01-30 21:28 - 2014-09-16 06:00 - 00125440 ___SH () C:\Users\john\Downloads\Thumbs.db
2015-01-30 21:01 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2015-01-30 20:32 - 2009-07-13 21:34 - 00000446 _____ () C:\Windows\win.ini
2015-01-30 20:30 - 2011-09-27 14:27 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-30 20:30 - 2011-09-27 13:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-30 20:28 - 2013-02-13 19:08 - 00000000 ____D () C:\Users\john\AppData\Local\Cyberlink
2015-01-30 20:28 - 2011-10-30 09:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-30 20:22 - 2014-03-25 10:57 - 00046080 ___SH () C:\Users\john\Documents\Thumbs.db
2015-01-30 20:22 - 2013-11-01 12:55 - 00000000 ____D () C:\Users\john\Documents\106SSCAM
2015-01-30 20:22 - 2012-01-01 13:46 - 00000000 ____D () C:\Users\john\Documents\LDW
2015-01-30 19:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2015-01-30 19:13 - 2011-12-25 05:46 - 00000000 ____D () C:\Users\john
2015-01-30 11:49 - 2014-04-12 02:54 - 00000000 ____D () C:\Users\john\AppData\Local\Skype
2015-01-30 11:49 - 2013-12-24 17:27 - 00000000 ____D () C:\Users\john\AppData\Roaming\Skype
2015-01-30 11:49 - 2011-12-31 13:33 - 00000000 ____D () C:\Users\john\AppData\Roaming\YoudaGames
2015-01-30 11:49 - 2011-12-25 18:23 - 00000000 ____D () C:\Users\john\AppData\Roaming\Adobe
2015-01-30 11:48 - 2011-12-25 06:19 - 00000000 ____D () C:\Users\john\AppData\Local\Bell
2015-01-30 11:48 - 2011-12-25 06:19 - 00000000 ____D () C:\ProgramData\Bell
2015-01-30 11:48 - 2011-12-25 05:46 - 00000000 ____D () C:\ProgramData\OEM_E471269A730E
2015-01-30 11:48 - 2011-09-27 14:36 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-30 11:48 - 2011-09-27 14:36 - 00000000 ____D () C:\ProgramData\oem
2015-01-30 11:48 - 2011-09-27 14:34 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2015-01-30 11:48 - 2011-09-27 14:28 - 00000000 ____D () C:\ProgramData\Acer
2015-01-15 04:30 - 2014-10-07 19:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-15 04:30 - 2011-09-27 14:23 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-05-07 10:06 - 2014-05-07 10:06 - 6103040 _____ () C:\Program Files (x86)\GUTE705.tmp
2015-01-30 11:49 - 2015-01-30 11:49 - 0008528 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 11:49 - 2015-01-30 11:49 - 0045597 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-30 11:49 - 2015-01-30 11:49 - 0004204 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 11:49 - 2015-01-30 11:49 - 0000272 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 19:53 - 2015-01-30 19:56 - 0018432 ___SH () C:\Users\john\AppData\Roaming\Thumbs.db
2015-01-30 06:11 - 2015-01-30 06:11 - 0033056 _____ () C:\Users\john\AppData\Roaming\Torrent downloaded from Flashtorrents.org.txt
2011-10-30 09:04 - 2011-10-30 09:07 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-01-30 11:48 - 2015-01-30 11:48 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 11:48 - 2015-01-30 11:48 - 0045597 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-30 11:48 - 2015-01-30 11:48 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 11:48 - 2015-01-30 11:48 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-30 20:28 - 2015-01-30 20:29 - 0000032 _____ () C:\ProgramData\PS.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 19:53
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015
Ran by john (administrator) on JOHN-PC on 31-01-2015 13:48:45
Running from C:\Users\john\Downloads
Loaded Profiles: john (Available profiles: john)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Users\john\Downloads\rectordecryptor.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Bell Canada Connection Manager] => C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe [87576 2011-06-15] (Bell)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1162247836-5214805-2804573674-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1162247836-5214805-2804573674-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-27]
 
Chrome: 
=======
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (SiteAdvisor) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S3 BellCanadaRcAppSvc; C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [120344 2011-05-31] (SmithMicro Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CABellCanada; C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [124440 2011-05-31] (SmithMicro Inc.)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-18] ()
R2 NWHelper; C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe [270336 2010-10-07] (Novatel Wireless Inc.) [File not signed]
S3 ProfileImpSvc; C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [169496 2011-05-31] (SmithMicro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2011-05-24] (Huawei Technologies Co., Ltd.)
S3 NWRmNet; C:\Windows\System32\DRIVERS\NWRmNet.sys [295424 2010-10-27] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:43 - 2015-01-31 13:43 - 00785592 _____ (Kaspersky Lab ZAO) C:\Users\john\Downloads\rectordecryptor.exe
2015-01-31 13:31 - 2015-01-31 13:33 - 00003020 _____ () C:\Users\john\Downloads\Search.txt
2015-01-31 08:26 - 2015-01-31 08:27 - 00023762 _____ () C:\Users\john\Downloads\Addition (1).txt
2015-01-31 08:18 - 2015-01-31 08:18 - 00061511 _____ () C:\Users\john\Downloads\FRST (1).txt
2015-01-31 08:17 - 2015-01-31 13:48 - 00018527 _____ () C:\Users\john\Downloads\FRST.txt
2015-01-31 08:17 - 2015-01-31 08:20 - 00019458 _____ () C:\Users\john\Downloads\Addition.txt
2015-01-31 08:16 - 2015-01-31 13:48 - 00000000 ____D () C:\FRST
2015-01-31 08:16 - 2015-01-31 08:16 - 02130944 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe
2015-01-30 23:08 - 2015-01-30 23:08 - 00027484 _____ () C:\ComboFix.txt
2015-01-30 22:25 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-30 22:25 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-30 22:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-30 22:24 - 2015-01-30 23:08 - 00000000 ____D () C:\Qoobox
2015-01-30 22:24 - 2015-01-30 23:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-30 22:23 - 2015-01-30 22:23 - 05611408 ____R (Swearware) C:\Users\john\Downloads\ComboFix.exe
2015-01-30 22:02 - 2015-01-30 22:02 - 00000000 ____D () C:\Users\john\AppData\Local\EgisTec
2015-01-30 21:59 - 2015-01-31 08:13 - 00001552 _____ () C:\Windows\PFRO.log
2015-01-30 21:59 - 2015-01-30 22:00 - 00263640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 21:52 - 2015-01-31 08:13 - 00000112 _____ () C:\Windows\setupact.log
2015-01-30 21:52 - 2015-01-30 21:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-30 21:47 - 2015-01-30 21:47 - 02194432 _____ () C:\Users\john\Downloads\adwcleaner_4.109.exe
2015-01-30 21:36 - 2015-01-30 21:36 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Roaming\TuneUp Software
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Roaming\AVG2015
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-30 21:35 - 2015-01-30 21:36 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-30 21:35 - 2015-01-30 21:35 - 00000000 ____D () C:\$AVG
2015-01-30 21:34 - 2015-01-30 21:34 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-30 21:33 - 2015-01-31 13:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-30 21:33 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Local\Avg2015
2015-01-30 21:33 - 2015-01-30 21:33 - 00000000 ____D () C:\Users\john\AppData\Local\MFAData
2015-01-30 21:32 - 2015-01-30 21:32 - 04637504 _____ (AVG Technologies) C:\Users\john\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-30 21:31 - 2015-01-30 21:31 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 21:31 - 2015-01-30 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-30 21:28 - 2015-01-30 21:28 - 00060424 _____ () C:\Users\john\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 20:35 - 2015-01-30 20:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-30 20:35 - 2015-01-30 20:35 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-30 20:35 - 2015-01-30 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-30 20:35 - 2015-01-30 20:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-30 20:28 - 2015-01-30 20:29 - 00000032 _____ () C:\ProgramData\PS.log
2015-01-30 19:53 - 2015-01-30 19:56 - 00018432 ___SH () C:\Users\john\AppData\Roaming\Thumbs.db
2015-01-30 19:52 - 2015-01-30 21:53 - 00018432 ___SH () C:\Users\john\AppData\Thumbs.db
2015-01-30 19:13 - 2015-01-30 21:53 - 00018432 ___SH () C:\Users\john\Thumbs.db
2015-01-30 18:00 - 2015-01-30 21:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 17:56 - 2015-01-31 08:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-30 17:56 - 2015-01-30 17:56 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\Users\john\AppData\Roaming\SUPERAntiSpyware.com
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-30 17:55 - 2015-01-30 21:58 - 00000000 ____D () C:\AdwCleaner
2015-01-30 17:55 - 2015-01-30 17:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-30 17:54 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 17:54 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 17:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 17:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 17:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 13:30 - 2015-01-30 13:30 - 00008528 _____ () C:\Users\john\HELP_DECRYPT.HTML
2015-01-30 13:30 - 2015-01-30 13:30 - 00004204 _____ () C:\Users\john\HELP_DECRYPT.TXT
2015-01-30 13:30 - 2015-01-30 13:30 - 00000272 _____ () C:\Users\john\HELP_DECRYPT.URL
2015-01-30 11:50 - 2015-01-30 11:50 - 00008528 _____ () C:\Users\john\Downloads\HELP_DECRYPT.HTML
2015-01-30 11:50 - 2015-01-30 11:50 - 00004204 _____ () C:\Users\john\Downloads\HELP_DECRYPT.TXT
2015-01-30 11:50 - 2015-01-30 11:50 - 00000272 _____ () C:\Users\john\Downloads\HELP_DECRYPT.URL
2015-01-30 11:49 - 2015-01-30 11:49 - 00008528 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 11:49 - 2015-01-30 11:49 - 00004204 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 11:49 - 2015-01-30 11:49 - 00000272 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 11:48 - 2015-01-30 11:48 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 11:48 - 2015-01-30 11:48 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 11:48 - 2015-01-30 11:48 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-30 06:11 - 2015-01-30 06:11 - 00033056 _____ () C:\Users\john\AppData\Roaming\Torrent downloaded from Flashtorrents.org.txt
2015-01-29 15:40 - 2015-01-29 15:50 - 16694944 _____ () C:\Users\john\Downloads\fwd.zip
2015-01-17 08:55 - 2015-01-17 08:55 - 00000000 ____D () C:\Users\john\AppData\Local\{A302F060-3796-455E-B2E3-C35D6A4F6ADE}
2015-01-16 04:30 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 04:30 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 04:30 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 04:35 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:35 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:35 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 04:35 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 04:35 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 04:35 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 04:35 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 04:35 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 04:35 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 04:35 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-12 12:49 - 2015-01-12 12:49 - 00000000 ____D () C:\Users\john\AppData\Local\{767848F5-B2DC-47CB-8929-67F17D4595E9}
2015-01-05 15:11 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\john\AppData\Local\{AD544F80-B55E-4183-AD8C-D096952B8DB3}
2015-01-05 15:11 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\john\AppData\Local\{926BE834-B0B7-42FF-A128-D671B9854F1C}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:31 - 2014-02-27 07:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:22 - 2011-10-30 08:47 - 01810834 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 08:21 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 08:21 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 08:19 - 2009-07-14 00:13 - 00782876 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 08:13 - 2014-02-27 07:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 08:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 23:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-30 23:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-30 21:31 - 2014-02-27 07:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-30 21:31 - 2014-02-16 09:43 - 00000000 ____D () C:\Users\john\AppData\Local\Google
2015-01-30 21:28 - 2014-09-16 06:00 - 00125440 ___SH () C:\Users\john\Downloads\Thumbs.db
2015-01-30 21:01 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2015-01-30 20:32 - 2009-07-13 21:34 - 00000446 _____ () C:\Windows\win.ini
2015-01-30 20:30 - 2011-09-27 14:27 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-30 20:30 - 2011-09-27 13:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-30 20:28 - 2013-02-13 19:08 - 00000000 ____D () C:\Users\john\AppData\Local\Cyberlink
2015-01-30 20:28 - 2011-10-30 09:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-30 20:22 - 2014-03-25 10:57 - 00046080 ___SH () C:\Users\john\Documents\Thumbs.db
2015-01-30 20:22 - 2013-11-01 12:55 - 00000000 ____D () C:\Users\john\Documents\106SSCAM
2015-01-30 20:22 - 2012-01-01 13:46 - 00000000 ____D () C:\Users\john\Documents\LDW
2015-01-30 19:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2015-01-30 19:13 - 2011-12-25 05:46 - 00000000 ____D () C:\Users\john
2015-01-30 11:49 - 2014-04-12 02:54 - 00000000 ____D () C:\Users\john\AppData\Local\Skype
2015-01-30 11:49 - 2013-12-24 17:27 - 00000000 ____D () C:\Users\john\AppData\Roaming\Skype
2015-01-30 11:49 - 2011-12-31 13:33 - 00000000 ____D () C:\Users\john\AppData\Roaming\YoudaGames
2015-01-30 11:49 - 2011-12-25 18:23 - 00000000 ____D () C:\Users\john\AppData\Roaming\Adobe
2015-01-30 11:48 - 2011-12-25 06:19 - 00000000 ____D () C:\Users\john\AppData\Local\Bell
2015-01-30 11:48 - 2011-12-25 06:19 - 00000000 ____D () C:\ProgramData\Bell
2015-01-30 11:48 - 2011-12-25 05:46 - 00000000 ____D () C:\ProgramData\OEM_E471269A730E
2015-01-30 11:48 - 2011-09-27 14:36 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-30 11:48 - 2011-09-27 14:36 - 00000000 ____D () C:\ProgramData\oem
2015-01-30 11:48 - 2011-09-27 14:34 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2015-01-30 11:48 - 2011-09-27 14:28 - 00000000 ____D () C:\ProgramData\Acer
2015-01-15 04:30 - 2014-10-07 19:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-15 04:30 - 2011-09-27 14:23 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-05-07 10:06 - 2014-05-07 10:06 - 6103040 _____ () C:\Program Files (x86)\GUTE705.tmp
2015-01-30 11:49 - 2015-01-30 11:49 - 0008528 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 11:49 - 2015-01-30 11:49 - 0045597 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-30 11:49 - 2015-01-30 11:49 - 0004204 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 11:49 - 2015-01-30 11:49 - 0000272 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 19:53 - 2015-01-30 19:56 - 0018432 ___SH () C:\Users\john\AppData\Roaming\Thumbs.db
2015-01-30 06:11 - 2015-01-30 06:11 - 0033056 _____ () C:\Users\john\AppData\Roaming\Torrent downloaded from Flashtorrents.org.txt
2011-10-30 09:04 - 2011-10-30 09:07 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-01-30 11:48 - 2015-01-30 11:48 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 11:48 - 2015-01-30 11:48 - 0045597 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-30 11:48 - 2015-01-30 11:48 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 11:48 - 2015-01-30 11:48 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-30 20:28 - 2015-01-30 20:29 - 0000032 _____ () C:\ProgramData\PS.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 19:53
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015
Ran by john (administrator) on JOHN-PC on 31-01-2015 13:48:45
Running from C:\Users\john\Downloads
Loaded Profiles: john (Available profiles: john)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Users\john\Downloads\rectordecryptor.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Bell Canada Connection Manager] => C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe [87576 2011-06-15] (Bell)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKU\S-1-5-21-1162247836-5214805-2804573674-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1162247836-5214805-2804573674-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1162247836-5214805-2804573674-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-27]
 
Chrome: 
=======
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (SiteAdvisor) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S3 BellCanadaRcAppSvc; C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [120344 2011-05-31] (SmithMicro Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CABellCanada; C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [124440 2011-05-31] (SmithMicro Inc.)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-18] ()
R2 NWHelper; C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe [270336 2010-10-07] (Novatel Wireless Inc.) [File not signed]
S3 ProfileImpSvc; C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [169496 2011-05-31] (SmithMicro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2011-05-24] (Huawei Technologies Co., Ltd.)
S3 NWRmNet; C:\Windows\System32\DRIVERS\NWRmNet.sys [295424 2010-10-27] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:43 - 2015-01-31 13:43 - 00785592 _____ (Kaspersky Lab ZAO) C:\Users\john\Downloads\rectordecryptor.exe
2015-01-31 13:31 - 2015-01-31 13:33 - 00003020 _____ () C:\Users\john\Downloads\Search.txt
2015-01-31 08:26 - 2015-01-31 08:27 - 00023762 _____ () C:\Users\john\Downloads\Addition (1).txt
2015-01-31 08:18 - 2015-01-31 08:18 - 00061511 _____ () C:\Users\john\Downloads\FRST (1).txt
2015-01-31 08:17 - 2015-01-31 13:48 - 00018527 _____ () C:\Users\john\Downloads\FRST.txt
2015-01-31 08:17 - 2015-01-31 08:20 - 00019458 _____ () C:\Users\john\Downloads\Addition.txt
2015-01-31 08:16 - 2015-01-31 13:48 - 00000000 ____D () C:\FRST
2015-01-31 08:16 - 2015-01-31 08:16 - 02130944 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe
2015-01-30 23:08 - 2015-01-30 23:08 - 00027484 _____ () C:\ComboFix.txt
2015-01-30 22:25 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-30 22:25 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-30 22:25 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-30 22:25 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-30 22:24 - 2015-01-30 23:08 - 00000000 ____D () C:\Qoobox
2015-01-30 22:24 - 2015-01-30 23:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-30 22:23 - 2015-01-30 22:23 - 05611408 ____R (Swearware) C:\Users\john\Downloads\ComboFix.exe
2015-01-30 22:02 - 2015-01-30 22:02 - 00000000 ____D () C:\Users\john\AppData\Local\EgisTec
2015-01-30 21:59 - 2015-01-31 08:13 - 00001552 _____ () C:\Windows\PFRO.log
2015-01-30 21:59 - 2015-01-30 22:00 - 00263640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 21:52 - 2015-01-31 08:13 - 00000112 _____ () C:\Windows\setupact.log
2015-01-30 21:52 - 2015-01-30 21:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-30 21:47 - 2015-01-30 21:47 - 02194432 _____ () C:\Users\john\Downloads\adwcleaner_4.109.exe
2015-01-30 21:36 - 2015-01-30 21:36 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Roaming\TuneUp Software
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Roaming\AVG2015
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-30 21:35 - 2015-01-30 21:36 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-30 21:35 - 2015-01-30 21:35 - 00000000 ____D () C:\$AVG
2015-01-30 21:34 - 2015-01-30 21:34 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-30 21:33 - 2015-01-31 13:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-30 21:33 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\john\AppData\Local\Avg2015
2015-01-30 21:33 - 2015-01-30 21:33 - 00000000 ____D () C:\Users\john\AppData\Local\MFAData
2015-01-30 21:32 - 2015-01-30 21:32 - 04637504 _____ (AVG Technologies) C:\Users\john\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-30 21:31 - 2015-01-30 21:31 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 21:31 - 2015-01-30 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-30 21:28 - 2015-01-30 21:28 - 00060424 _____ () C:\Users\john\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 20:35 - 2015-01-30 20:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-30 20:35 - 2015-01-30 20:35 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-30 20:35 - 2015-01-30 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-30 20:35 - 2015-01-30 20:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-30 20:28 - 2015-01-30 20:29 - 00000032 _____ () C:\ProgramData\PS.log
2015-01-30 19:53 - 2015-01-30 19:56 - 00018432 ___SH () C:\Users\john\AppData\Roaming\Thumbs.db
2015-01-30 19:52 - 2015-01-30 21:53 - 00018432 ___SH () C:\Users\john\AppData\Thumbs.db
2015-01-30 19:13 - 2015-01-30 21:53 - 00018432 ___SH () C:\Users\john\Thumbs.db
2015-01-30 18:00 - 2015-01-30 21:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 17:56 - 2015-01-31 08:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-30 17:56 - 2015-01-30 17:56 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\Users\john\AppData\Roaming\SUPERAntiSpyware.com
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-30 17:56 - 2015-01-30 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-30 17:55 - 2015-01-30 21:58 - 00000000 ____D () C:\AdwCleaner
2015-01-30 17:55 - 2015-01-30 17:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-30 17:54 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 17:54 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 17:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 17:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 17:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 13:30 - 2015-01-30 13:30 - 00008528 _____ () C:\Users\john\HELP_DECRYPT.HTML
2015-01-30 13:30 - 2015-01-30 13:30 - 00004204 _____ () C:\Users\john\HELP_DECRYPT.TXT
2015-01-30 13:30 - 2015-01-30 13:30 - 00000272 _____ () C:\Users\john\HELP_DECRYPT.URL
2015-01-30 11:50 - 2015-01-30 11:50 - 00008528 _____ () C:\Users\john\Downloads\HELP_DECRYPT.HTML
2015-01-30 11:50 - 2015-01-30 11:50 - 00004204 _____ () C:\Users\john\Downloads\HELP_DECRYPT.TXT
2015-01-30 11:50 - 2015-01-30 11:50 - 00000272 _____ () C:\Users\john\Downloads\HELP_DECRYPT.URL
2015-01-30 11:49 - 2015-01-30 11:49 - 00008528 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 11:49 - 2015-01-30 11:49 - 00004204 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 11:49 - 2015-01-30 11:49 - 00000272 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 11:48 - 2015-01-30 11:48 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 11:48 - 2015-01-30 11:48 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 11:48 - 2015-01-30 11:48 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-30 06:11 - 2015-01-30 06:11 - 00033056 _____ () C:\Users\john\AppData\Roaming\Torrent downloaded from Flashtorrents.org.txt
2015-01-29 15:40 - 2015-01-29 15:50 - 16694944 _____ () C:\Users\john\Downloads\fwd.zip
2015-01-17 08:55 - 2015-01-17 08:55 - 00000000 ____D () C:\Users\john\AppData\Local\{A302F060-3796-455E-B2E3-C35D6A4F6ADE}
2015-01-16 04:30 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 04:30 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 04:30 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 04:35 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:35 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:35 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 04:35 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 04:35 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 04:35 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 04:35 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 04:35 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 04:35 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 04:35 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-12 12:49 - 2015-01-12 12:49 - 00000000 ____D () C:\Users\john\AppData\Local\{767848F5-B2DC-47CB-8929-67F17D4595E9}
2015-01-05 15:11 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\john\AppData\Local\{AD544F80-B55E-4183-AD8C-D096952B8DB3}
2015-01-05 15:11 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\john\AppData\Local\{926BE834-B0B7-42FF-A128-D671B9854F1C}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:31 - 2014-02-27 07:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:22 - 2011-10-30 08:47 - 01810834 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 08:21 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 08:21 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 08:19 - 2009-07-14 00:13 - 00782876 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 08:13 - 2014-02-27 07:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 08:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 23:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-30 23:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-30 21:31 - 2014-02-27 07:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-30 21:31 - 2014-02-16 09:43 - 00000000 ____D () C:\Users\john\AppData\Local\Google
2015-01-30 21:28 - 2014-09-16 06:00 - 00125440 ___SH () C:\Users\john\Downloads\Thumbs.db
2015-01-30 21:01 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2015-01-30 20:32 - 2009-07-13 21:34 - 00000446 _____ () C:\Windows\win.ini
2015-01-30 20:30 - 2011-09-27 14:27 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-30 20:30 - 2011-09-27 13:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-30 20:28 - 2013-02-13 19:08 - 00000000 ____D () C:\Users\john\AppData\Local\Cyberlink
2015-01-30 20:28 - 2011-10-30 09:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-30 20:22 - 2014-03-25 10:57 - 00046080 ___SH () C:\Users\john\Documents\Thumbs.db
2015-01-30 20:22 - 2013-11-01 12:55 - 00000000 ____D () C:\Users\john\Documents\106SSCAM
2015-01-30 20:22 - 2012-01-01 13:46 - 00000000 ____D () C:\Users\john\Documents\LDW
2015-01-30 19:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2015-01-30 19:13 - 2011-12-25 05:46 - 00000000 ____D () C:\Users\john
2015-01-30 11:49 - 2014-04-12 02:54 - 00000000 ____D () C:\Users\john\AppData\Local\Skype
2015-01-30 11:49 - 2013-12-24 17:27 - 00000000 ____D () C:\Users\john\AppData\Roaming\Skype
2015-01-30 11:49 - 2011-12-31 13:33 - 00000000 ____D () C:\Users\john\AppData\Roaming\YoudaGames
2015-01-30 11:49 - 2011-12-25 18:23 - 00000000 ____D () C:\Users\john\AppData\Roaming\Adobe
2015-01-30 11:48 - 2011-12-25 06:19 - 00000000 ____D () C:\Users\john\AppData\Local\Bell
2015-01-30 11:48 - 2011-12-25 06:19 - 00000000 ____D () C:\ProgramData\Bell
2015-01-30 11:48 - 2011-12-25 05:46 - 00000000 ____D () C:\ProgramData\OEM_E471269A730E
2015-01-30 11:48 - 2011-09-27 14:36 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-30 11:48 - 2011-09-27 14:36 - 00000000 ____D () C:\ProgramData\oem
2015-01-30 11:48 - 2011-09-27 14:34 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2015-01-30 11:48 - 2011-09-27 14:28 - 00000000 ____D () C:\ProgramData\Acer
2015-01-15 04:30 - 2014-10-07 19:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-15 04:30 - 2011-09-27 14:23 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-05-07 10:06 - 2014-05-07 10:06 - 6103040 _____ () C:\Program Files (x86)\GUTE705.tmp
2015-01-30 11:49 - 2015-01-30 11:49 - 0008528 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 11:49 - 2015-01-30 11:49 - 0045597 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-30 11:49 - 2015-01-30 11:49 - 0004204 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 11:49 - 2015-01-30 11:49 - 0000272 _____ () C:\Users\john\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 19:53 - 2015-01-30 19:56 - 0018432 ___SH () C:\Users\john\AppData\Roaming\Thumbs.db
2015-01-30 06:11 - 2015-01-30 06:11 - 0033056 _____ () C:\Users\john\AppData\Roaming\Torrent downloaded from Flashtorrents.org.txt
2011-10-30 09:04 - 2011-10-30 09:07 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-01-30 11:48 - 2015-01-30 11:48 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-30 11:48 - 2015-01-30 11:48 - 0045597 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-30 11:48 - 2015-01-30 11:48 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-30 11:48 - 2015-01-30 11:48 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-30 20:28 - 2015-01-30 20:29 - 0000032 _____ () C:\ProgramData\PS.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 19:53
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Josh at 2015-01-30 16:45:31
Running from C:\Users\Josh.LCPMUGS\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: GFI Software Antivirus (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: GFI Software Antivirus (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat X Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
ControlNow Agent (HKLM-x32\...\{BB26A743-479D-4C87-AB84-FD2382B5CE3E}_is1) (Version:  - LogicNow)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
LCP 2009 Outlook Add In (HKU\S-1-5-21-527237240-1637723038-725345543-7141\...\402160AE1A96716A80CEA6E9EB64082FC38EF17A) (Version: 2010.1.33.37 - Microsoft)
LCP Management System (HKU\S-1-5-21-527237240-1637723038-725345543-7141\...\327dd9198c7b63a5) (Version: 2010.1.1.373 - Litehouse Custom Printing, Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QBFC 10.0 (HKLM-x32\...\{F42646EA-9B88-45D3-8426-21029D751562}) (Version: 10.0.0.27 - Intuit Developer Network)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIPRE Business Online (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
VIPRE Business Online (x32 Version: 6.2.5528 - GFI Software) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-527237240-1637723038-725345543-7141_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
29-12-2014 15:07:11 Scheduled Checkpoint
30-12-2014 09:45:45 Installed Adobe Photoshop Elements 5.0
30-12-2014 12:45:31 Installed Adobe Acrobat X Standard.
07-01-2015 09:18:24 Scheduled Checkpoint
14-01-2015 03:00:12 Windows Update
22-01-2015 00:00:01 Scheduled Checkpoint
22-01-2015 11:11:57 Installed Image Resizer Powertoy Clone for Windows (64 bit)
29-01-2015 19:01:18 Scheduled Checkpoint
30-01-2015 15:40:05 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1B49FD09-9E99-4225-B2C7-8AC883A94C24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {220DCE54-04D5-44A7-8261-3E1963F33CC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {32069942-F41A-4CC2-B516-17B0890100D6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {6F80B8AD-B003-4B0A-967E-628D04BB9291} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {76986186-7952-490E-8CB4-F19B9C78D0C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D4A33E4A-B826-4234-A2EF-BBF6AE9B938F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2014-05-26 12:17 - 2013-08-18 17:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-05-26 12:17 - 2013-08-18 17:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-05-26 12:17 - 2013-08-18 17:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-05-27 02:43 - 2014-10-03 17:36 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2013-07-02 06:51 - 2013-07-02 06:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-05-26 12:04 - 2013-12-09 14:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-08 20:53 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files (x86)\LogicNow\ControlNow Agent\viprebusiness\Definitions\libBase64.dll
2014-12-08 20:53 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files (x86)\LogicNow\ControlNow Agent\viprebusiness\Definitions\libMachoUniv.dll
2014-11-12 00:00 - 2014-11-12 00:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2014-11-12 00:00 - 2014-11-12 00:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll
2014-11-12 00:00 - 2014-11-12 00:00 - 00006656 _____ () C:\Program Files (x86)\Trillian\languages\en\trillian.dll
2014-11-12 00:00 - 2014-11-12 00:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Josh (S-1-5-21-2197365877-3994239338-550435877-1000 - Administrator - Enabled) => C:\Users\Josh
lcpguest (S-1-5-21-2197365877-3994239338-550435877-501 - Limited - Disabled)
tech manager (S-1-5-21-2197365877-3994239338-550435877-500 - Administrator - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1705 Bluetooth
Description: Dell Wireless 1705 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/30/2015 04:07:53 PM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
Error: (01/30/2015 04:07:51 PM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
Error: (01/30/2015 03:45:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2015 09:51:04 AM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
Error: (01/30/2015 09:51:02 AM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
Error: (01/30/2015 09:51:01 AM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
Error: (01/30/2015 09:51:00 AM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
Error: (01/30/2015 09:51:00 AM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
Error: (01/30/2015 09:50:27 AM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
Error: (01/30/2015 09:50:25 AM) (Source: MsiInstaller) (EventID: 11606) (User: LCPMUGS)
Description: Product: Adobe Photoshop Elements 5.0 -- Error 1606.Could not access network location \\Rocket\usershare\Josh\My Documents\.
 
 
System errors:
=============
Error: (01/30/2015 04:19:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ControlNow Agent service.
 
Error: (01/30/2015 03:55:54 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: LCPMUGS)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (01/30/2015 03:55:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ControlNow Agent service.
 
Error: (01/30/2015 03:44:55 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/30/2015 03:44:54 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LCPMUGS due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/30/2015 03:40:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ControlNow Agent service.
 
Error: (01/30/2015 03:40:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (01/30/2015 11:53:34 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LCPMUGS due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/30/2015 06:27:32 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LCPMUGS due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/30/2015 01:01:31 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LCPMUGS due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
Error: (01/29/2015 00:03:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11384 seconds with 4260 seconds of active time.  This session ended with a crash.
 
Error: (01/29/2015 08:53:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2669 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2015 04:15:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29210 seconds with 9120 seconds of active time.  This session ended with a crash.
 
Error: (01/02/2015 02:57:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24693 seconds with 3300 seconds of active time.  This session ended with a crash.
 
Error: (12/31/2014 08:21:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 509 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (12/30/2014 03:54:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11093 seconds with 3600 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 10%
Total physical RAM: 16300.93 MB
Available physical RAM: 14565.53 MB
Total Pagefile: 32600.05 MB
Available Pagefile: 30120.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:835.16 GB) NTFS
Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:14.88 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 5E7D561A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
==================== End Of Log ============================

 

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 05 February 2015 - 01:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/565208 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 10 February 2015 - 01:45 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users