Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Cryptolocker....? [Closed]


  • This topic is locked This topic is locked
12 replies to this topic

#1 RockShow

RockShow

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 24 November 2014 - 01:49 PM

Hey guys,

 

My laptop has for just been infected and nearly all files are encrypted (23 November 2014).

I have gone to the website - https://www.decryptcryptolocker.com - but it says not encrypted.

 

I have tried a couple of virus scans and cant seem to find a threat anymore.  I would just like to get my files back....

 

I can upload encrypted files.  

 

Can you please help.

 

 


    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 24 November 2014 - 01:53 PM

Hello RockShow, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Your computer isn't infected with CryptoLocker - that infection was disabled in June this year. You're infected with a different ransomware. 
 
Please run the following diagnostic scans so I can ascertain the state of your computer. 
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
IDToolbyNathan.png IDTool

  • Please download IDTool and save the file to your Desktop.
  • Right-Click idtool.zip and click Extract All. Select your Desktop and click Extract.
  • Right-Click IDTool.exe and click AVOiBNU.jpg Run as administrator to run the programme. 
  • If you're prompted to download and install Micorsoft .NET Framework, please agree. 
  • Allow the programme to collect the necessary data. 
  • Once the main console is loaded, click Rescan Computer and Generate a New Report.
  • Upon completion, and when prompted that the rescan is complete, click Generate Text Friendly Report for Forums.
  • Copy the contents of the report and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • IDTool log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 RockShow

RockShow

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 24 November 2014 - 02:10 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Steve (administrator) on JUICEBOX on 24-11-2014 14:02:56
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve &  (Available profiles: Steve)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
() C:\SWSetup\envyTouchPad.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Dropbox, Inc.) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
(Security Stronghold) C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe
(Microsoft Corporation) C:\be50540fa4c9b71bcc4510583a4dd6\Setup.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-18] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-12] ()
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe [6645760 2014-11-20] (Security Stronghold)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-198695108-46086056-2637541285-1000\...\Run: [envyTouchPad] => C:\SWSetup\envyTouchPad.exe [402944 2012-02-21] ()
HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [envyTouchPad] => C:\SWSetup\envyTouchPad.exe [402944 2012-02-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-198695108-46086056-2637541285-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-198695108-46086056-2637541285-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33D6FCDE8CF0CC01
HKU\S-1-5-21-198695108-46086056-2637541285-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
HKU\S-1-5-21-198695108-46086056-2637541285-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33D6FCDE8CF0CC01
HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {569EE381-9B5F-4B79-AEB5-04D7C78DF2F0} URL = http://au.search.yah...p={searchTerms}
SearchScopes: HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={4752A213-58B6-4B45-A0AA-A35B6D7702BC}&mid=8e477dc3434f47d2b313591a688d3399-7f093292fda9df0aba40e47bebefbcc492afc6fb&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-12 17:35:52&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3072253
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {87E5A7FC-7DF1-60A4-9231-F5E8EDAA944D} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{672DB036-8108-4C04-A361-45DC475DD300}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{9A5DAFD6-2117-4700-8035-4DD20160E9E3}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\3ncg7upl.default
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-198695108-46086056-2637541285-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-198695108-46086056-2637541285-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-02]
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-02]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-11]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-02]
CHR Extension: (chrometheme) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmcjefhelakcgphlgkfebcahbpdbhdpo [2012-11-22]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-02]
CHR Extension: (Google Calendar) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-03-13]
CHR Extension: (Google Sheets) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-02]
CHR Extension: (Cargo Bridge) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2012-02-23]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 fpsdhcp; C:\Program Files (x86)\Flying Pig Systems\Hog4PC\netservices-win32-golden.exe [412768 2014-02-09] (High End Systems)
S3 fpstftp; C:\Program Files (x86)\Flying Pig Systems\Hog4PC\netservices-win32-golden.exe [412768 2014-02-09] (High End Systems)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-26] (Hewlett-Packard Company) [File not signed]
R2 HPPRXSVC; C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe [37432 2011-10-04] (Hewlett-Packard Development Company, L.P.)
R2 ISCTAgent; C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-05] ()
R2 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-04-11] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-25] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-13] (Hewlett-Packard) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)
R2 ServiceSAM; C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe [3054504 2014-11-13] ()
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-12] (AVG Secure Search)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-25] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-18] (Focusrite Audio Engineering Limited)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-12] (AVG Technologies)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-09-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-04] (Novation DMS Ltd.)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-27] ()
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
S0 TPkd; No ImagePath
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-02] (WIBU-SYSTEMS AG)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2012-02-27] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-24 14:02 - 2014-11-24 14:03 - 00027925 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-11-24 14:01 - 2014-11-24 14:01 - 02744965 _____ () C:\Users\Steve\Downloads\idtool.zip
2014-11-24 13:59 - 2014-11-24 13:59 - 00000000 ____D () C:\be50540fa4c9b71bcc4510583a4dd6
2014-11-24 13:34 - 2014-11-24 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-24 13:28 - 2014-11-24 13:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-24 13:23 - 2014-11-24 13:23 - 00000000 ____D () C:\Users\Steve\Desktop\recovery
2014-11-24 13:21 - 2014-11-24 13:21 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\www.shadowexplorer.com
2014-11-24 13:21 - 2014-11-24 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-11-24 13:21 - 2014-11-24 13:21 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-11-24 13:19 - 2014-11-24 13:19 - 00001251 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
2014-11-24 13:19 - 2014-11-24 13:19 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\GlarySoft
2014-11-24 13:19 - 2014-11-24 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-11-24 13:19 - 2014-11-24 13:19 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-11-24 13:18 - 2014-11-24 13:18 - 00007458 _____ () C:\Users\Steve\Desktop\JRT.txt
2014-11-24 13:15 - 2014-11-24 13:15 - 03437489 _____ (NathanScott Apps) C:\Users\Steve\Downloads\TorrentUnlocker (2).exe
2014-11-24 13:14 - 2014-11-24 13:14 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Steve\Downloads\ShadowExplorer-0.9-setup (1).exe
2014-11-24 13:13 - 2014-11-24 13:13 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Steve\Downloads\ShadowExplorer-0.9-setup.exe
2014-11-24 13:12 - 2014-11-24 13:12 - 04514392 _____ () C:\Users\Steve\Downloads\rrsetup.exe
2014-11-24 13:12 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-24 13:12 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-24 13:12 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-24 13:12 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-24 13:12 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-24 13:12 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-24 13:12 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-24 13:12 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-24 13:08 - 2014-11-24 13:08 - 00000000 ____D () C:\Windows\ERUNT
2014-11-24 13:00 - 2014-11-24 13:00 - 00036138 _____ () C:\Users\Steve\Downloads\Addition.txt
2014-11-24 12:59 - 2014-11-24 14:02 - 00000000 ____D () C:\FRST
2014-11-24 12:57 - 2014-11-24 12:57 - 02118144 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-11-24 12:57 - 2014-11-24 12:57 - 01707532 _____ (Thisisu) C:\Users\Steve\Downloads\JRT.exe
2014-11-24 12:51 - 2014-11-24 13:51 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-11-24 12:51 - 2014-11-24 12:51 - 06437360 _____ (Security Stronghold ) C:\Users\Steve\Downloads\StrongholdAntiMalware.exe
2014-11-24 12:51 - 2014-11-24 12:51 - 00001304 _____ () C:\Users\Steve\Desktop\Stronghold AntiMalware.lnk
2014-11-24 12:51 - 2014-11-24 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2014-11-24 12:51 - 2014-11-24 12:51 - 00000000 ____D () C:\Program Files (x86)\Stronghold AntiMalware
2014-11-24 08:51 - 2014-11-24 08:51 - 00205745 _____ () C:\ProgramData\1416840197.bdinstall.bin
2014-11-24 08:46 - 2014-11-24 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-11-24 08:46 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-11-24 08:46 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-11-24 08:46 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-11-24 08:45 - 2014-11-24 08:46 - 00000000 ____D () C:\Program Files\Bitdefender
2014-11-24 08:43 - 2014-11-24 08:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\QuickScan
2014-11-24 08:43 - 2014-11-24 08:43 - 10447328 _____ () C:\Users\Steve\Downloads\Antivirus_Free_Edition_x64.exe
2014-11-24 08:43 - 2014-11-24 08:43 - 00162208 _____ () C:\Users\Steve\Downloads\Antivirus_Free_Edition.exe
2014-11-24 08:43 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-11-24 08:43 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-11-24 08:36 - 2014-11-24 08:36 - 04446072 _____ () C:\Users\Steve\Downloads\Decryptolocker.exe
2014-11-24 08:09 - 2014-11-24 08:09 - 00088977 _____ () C:\Users\Steve\Downloads\1314ExpenseSpreadsheet.xlsx
2014-11-24 08:00 - 2014-11-24 08:00 - 00000000 ____D () C:\Users\Steve\AppData\Local\TorrentUnlocker
2014-11-24 07:58 - 2014-11-24 07:58 - 03437489 _____ (NathanScott Apps) C:\Users\Steve\Downloads\TorrentUnlocker (1).exe
2014-11-24 07:54 - 2014-11-24 07:54 - 03437489 _____ (NathanScott Apps) C:\Users\Steve\Downloads\TorrentUnlocker.exe
2014-11-24 07:43 - 2014-11-24 12:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 07:43 - 2014-11-24 07:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-24 07:43 - 2014-11-24 07:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 07:43 - 2014-11-24 07:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-24 07:43 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 07:43 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 07:43 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 07:41 - 2014-11-24 07:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Steve\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-24 07:39 - 2014-11-24 08:40 - 00000000 ____D () C:\NPE
2014-11-24 07:38 - 2014-11-24 08:46 - 00000000 ____D () C:\Users\Steve\AppData\Local\NPE
2014-11-24 07:38 - 2014-11-24 07:38 - 03060320 ____N (Symantec Corporation) C:\Users\Steve\Downloads\NPE.exe
2014-11-24 07:38 - 2014-11-24 07:38 - 00000000 ____D () C:\ProgramData\Norton
2014-11-23 19:16 - 2014-11-23 19:16 - 00000000 _____ () C:\autoexec.bat
2014-11-23 19:15 - 2014-11-23 19:15 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Steve\Downloads\SpyHunter-Installer.exe
2014-11-23 19:09 - 2014-11-23 19:09 - 00006730 _____ () C:\Users\Steve\Downloads\DECRYPT_INSTRUCTIONS.html
2014-11-23 19:09 - 2014-11-23 19:09 - 00006730 _____ () C:\Users\Steve\Documents\DECRYPT_INSTRUCTIONS.html
2014-11-23 19:08 - 2014-11-23 19:08 - 00000000 ____D () C:\ProgramData\imefegaficekykix
2014-11-20 14:49 - 2014-11-20 14:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_umupload_01_09_00.Wdf
2014-11-19 22:23 - 2014-11-19 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-16 16:07 - 2014-11-23 19:09 - 00262107 _____ () C:\Users\Steve\Downloads\penid_498903881101.zip.encrypted
2014-11-12 17:36 - 2014-11-13 12:13 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-11-12 17:36 - 2014-11-12 22:02 - 00000000 ____D () C:\Users\Steve\AppData\Local\AVG Web TuneUp
2014-11-12 17:36 - 2014-11-12 17:36 - 00000561 _____ () C:\Windows\SysWOW64\debug.log
2014-11-12 17:35 - 2014-11-12 17:36 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-11-12 17:35 - 2014-11-12 17:35 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-11-12 17:35 - 2014-11-12 17:35 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-11-12 17:35 - 2014-11-12 17:35 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-11-12 17:26 - 2014-11-12 17:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-11-12 17:26 - 2014-11-12 17:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-11-12 17:25 - 2014-11-23 19:09 - 02555553 _____ () C:\Users\Steve\Downloads\barbanegrariders.zip.encrypted
2014-10-29 21:35 - 2014-10-29 21:35 - 00263960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-10-28 20:13 - 2014-11-23 19:09 - 00028162 _____ () C:\Users\Steve\Downloads\SP_MAC700Profile_EN_D.pdf.encrypted
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-24 14:03 - 2012-02-22 07:22 - 00905430 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-24 14:03 - 2009-07-13 23:13 - 00905430 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 14:02 - 2014-10-23 11:14 - 04012982 _____ (NathanScott Apps) C:\Users\Steve\Desktop\IDTool.exe
2014-11-24 13:59 - 2012-02-21 23:51 - 01187587 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 13:58 - 2012-02-22 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-24 13:57 - 2012-02-21 05:00 - 00000000 ____D () C:\Users\Steve
2014-11-24 13:50 - 2013-08-20 20:36 - 00000000 ____D () C:\Users\Steve\Desktop\TAX
2014-11-24 13:42 - 2009-07-13 20:34 - 00000594 _____ () C:\Windows\win.ini
2014-11-24 13:34 - 2013-04-17 05:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-24 13:34 - 2013-04-17 05:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-24 12:58 - 2013-03-02 21:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-24 12:55 - 2009-07-13 22:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 12:55 - 2009-07-13 22:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 12:52 - 2012-04-18 21:48 - 00000000 ___RD () C:\Users\Steve\Dropbox
2014-11-24 12:52 - 2012-04-18 21:24 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Dropbox
2014-11-24 12:49 - 2012-02-21 06:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-198695108-46086056-2637541285-1000UA.job
2014-11-24 12:48 - 2014-09-19 20:45 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSteve
2014-11-24 12:48 - 2014-09-19 20:45 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForSteve.job
2014-11-24 09:05 - 2014-10-14 03:31 - 00008240 _____ () C:\Windows\setupact.log
2014-11-24 09:05 - 2012-12-02 21:34 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt
2014-11-24 09:05 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 08:52 - 2014-10-07 19:26 - 00000000 ____D () C:\LIGHTCONVERSE_
2014-11-24 08:39 - 2012-02-21 19:33 - 08621502 _____ () C:\Windows\PFRO.log
2014-11-24 08:24 - 2014-10-06 02:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-24 08:02 - 2009-07-13 21:20 - 00000000 __RSD () C:\Windows\Media
2014-11-23 19:09 - 2014-10-22 00:24 - 00000000 ____D () C:\Users\Steve\Downloads\PARKWAY
2014-11-23 19:09 - 2014-10-22 00:21 - 36127566 _____ () C:\Users\Steve\Downloads\PARKWAY.zip.encrypted
2014-11-23 19:09 - 2014-10-15 19:32 - 00000372 _____ () C:\Users\Steve\Downloads\3047797117 (1).csv.encrypted
2014-11-23 19:09 - 2014-10-14 23:08 - 00045795 _____ () C:\Users\Steve\Downloads\MagicPanel_602_dmx_chart_v1.pdf.encrypted
2014-11-23 19:09 - 2014-10-14 19:42 - 00169491 _____ () C:\Users\Steve\Downloads\SP_AtomicColors_EN_A.pdf.encrypted
2014-11-23 19:09 - 2014-10-14 19:41 - 00065525 _____ () C:\Users\Steve\Downloads\download (2).pdf.encrypted
2014-11-23 19:09 - 2014-10-14 19:41 - 00065525 _____ () C:\Users\Steve\Downloads\download (1).pdf.encrypted
2014-11-23 19:09 - 2014-10-13 19:07 - 07978160 _____ () C:\Users\Steve\Downloads\light_converse_user_manual.pdf.encrypted
2014-11-23 19:09 - 2014-10-06 02:45 - 626165328 _____ () C:\Users\Steve\Downloads\Guitar_Rig_5_520_PC.zip.encrypted
2014-11-23 19:09 - 2014-10-01 22:44 - 162481958 _____ () C:\Users\Steve\Downloads\clonezilla-live-20140915-trusty-amd64.zip.encrypted
2014-11-23 19:09 - 2014-10-01 22:26 - 00000000 ____D () C:\Users\Steve\Downloads\Macrium
2014-11-23 19:09 - 2014-10-01 22:13 - 16123645 _____ () C:\Users\Steve\Downloads\Samsung_Magician_Setup_v44.zip.encrypted
2014-11-23 19:09 - 2014-10-01 22:13 - 12041213 _____ () C:\Users\Steve\Downloads\Samsung_Data_Migration_Setup_v27.zip.encrypted
2014-11-23 19:09 - 2014-09-30 19:52 - 00004374 _____ () C:\Users\Steve\Downloads\GavanWoodruff.pdf.encrypted
2014-11-23 19:09 - 2014-09-23 23:32 - 04363393 _____ () C:\Users\Steve\Downloads\X32-Edit_V2.3_PC.zip.encrypted
2014-11-23 19:09 - 2014-09-18 21:25 - 00000000 ____D () C:\Users\Steve\Downloads\legal-documents-for-web-designers
2014-11-23 19:09 - 2014-09-18 21:22 - 00899563 _____ () C:\Users\Steve\Downloads\legal-documents-for-web-designers.zip.encrypted
2014-11-23 19:09 - 2014-09-18 21:17 - 00050952 _____ () C:\Users\Steve\Downloads\licence_to_publish.doc.encrypted
2014-11-23 19:09 - 2014-09-18 21:14 - 00037128 _____ () C:\Users\Steve\Downloads\Bcontract.doc.encrypted
2014-11-23 19:09 - 2014-09-18 21:11 - 00179836 _____ () C:\Users\Steve\Downloads\assigning-licensing-rights-g0.pdf.encrypted
2014-11-23 19:09 - 2014-09-16 08:22 - 00088435 _____ () C:\Users\Steve\Downloads\helvetica-neue-thin.zip.encrypted
2014-11-23 19:09 - 2014-06-08 11:12 - 02462564 _____ () C:\Users\Steve\Downloads\toughpar-quadra-user-manual-rev-e-.pdf.encrypted
2014-11-23 19:09 - 2014-06-08 11:11 - 01455185 _____ () C:\Users\Steve\Downloads\Impression 120RZ WWC-CCW Manual V1.14 EN.pdf.encrypted
2014-11-23 19:09 - 2014-06-08 11:10 - 00413655 _____ () C:\Users\Steve\Downloads\Impression 120RZ WWC-CCW DMX V1.03 EN.pdf.encrypted
2014-11-23 19:09 - 2014-06-08 11:07 - 00285704 _____ () C:\Users\Steve\Downloads\toughpar-quadra-user-manual-rev-a.pdf.encrypted
2014-11-23 19:09 - 2014-05-22 21:10 - 00000000 ____D () C:\Users\Steve\Downloads\bebas-neue
2014-11-23 19:09 - 2014-05-22 20:51 - 00021140 _____ () C:\Users\Steve\Downloads\bebas-neue.zip.encrypted
2014-11-23 19:09 - 2014-05-18 23:42 - 00083208 _____ () C:\Users\Steve\Downloads\Chassis Specifications.doc.encrypted
2014-11-23 19:09 - 2014-03-24 18:49 - 00194564 _____ () C:\Users\Steve\Downloads\SCREENS MAPS.zip.encrypted
2014-11-23 19:09 - 2014-03-18 21:51 - 00000567 _____ () C:\Users\Steve\Downloads\more coming soon.rtf.encrypted
2014-11-23 19:09 - 2014-03-18 21:39 - 00000659 _____ () C:\Users\Steve\Downloads\logo notes.rtf.encrypted
2014-11-23 19:09 - 2014-03-12 22:29 - 01038088 _____ () C:\Users\Steve\Downloads\Birds of Tokyo Short General Bio - Sept 2013.doc.encrypted
2014-11-23 19:09 - 2014-02-08 03:00 - 00198920 _____ () C:\Users\Steve\Downloads\permissions_guidelines.doc.encrypted
2014-11-23 19:09 - 2014-02-08 02:48 - 00027400 _____ () C:\Users\Steve\Downloads\Photograph & Video Release Form.doc.encrypted
2014-11-23 19:09 - 2014-02-04 06:08 - 00130163 _____ () C:\Users\Steve\Downloads\Itinerary_189296.pdf.encrypted
2014-11-23 19:09 - 2014-01-30 00:20 - 00000372 _____ () C:\Users\Steve\Downloads\3047797117.csv.encrypted
2014-11-23 19:09 - 2014-01-25 01:35 - 00041286 _____ () C:\Users\Steve\Documents\OZ FEST SET.docx.encrypted
2014-11-23 19:09 - 2013-12-22 23:34 - 00356239 _____ () C:\Users\Steve\Downloads\payment-3571533505.pdf.encrypted
2014-11-23 19:09 - 2013-11-12 05:27 - 00043244 _____ () C:\Users\Steve\Downloads\tonyfransen.pdf.encrypted
2014-11-23 19:09 - 2013-11-12 05:25 - 00105743 _____ () C:\Users\Steve\Downloads\matthewsmith.pdf.encrypted
2014-11-23 19:09 - 2013-11-06 02:51 - 00207269 _____ () C:\Users\Steve\Downloads\mph_led_balls_brochure (2).pdf.encrypted
2014-11-23 19:09 - 2013-11-05 22:46 - 00207269 _____ () C:\Users\Steve\Downloads\mph_led_balls_brochure (1).pdf.encrypted
2014-11-23 19:09 - 2013-11-04 03:16 - 00002050 _____ () C:\Users\Steve\Downloads\DeerHunter2014.xml.encrypted
2014-11-23 19:09 - 2013-10-31 21:59 - 00207269 _____ () C:\Users\Steve\Downloads\mph_led_balls_brochure.pdf.encrypted
2014-11-23 19:09 - 2013-10-05 22:05 - 03013380 _____ () C:\Users\Steve\Downloads\20128910739362.rar.encrypted
2014-11-23 19:09 - 2013-10-03 20:58 - 00062102 _____ () C:\Users\Steve\Downloads\Tax Invoice.pdf.encrypted
2014-11-23 19:09 - 2013-09-08 23:22 - 52397671 _____ () C:\Users\Steve\Downloads\COVER AND POSTER .zip.encrypted
2014-11-23 19:09 - 2013-08-30 05:26 - 00085768 _____ () C:\Users\Steve\Downloads\simple_vat_cash.xls.encrypted
2014-11-23 19:09 - 2013-08-30 04:35 - 00214751 _____ () C:\Users\Steve\Downloads\AMIN-Tax-Pack (1).pdf.encrypted
2014-11-23 19:09 - 2013-08-30 04:35 - 00037253 _____ () C:\Users\Steve\Downloads\Common+Deductions (1).pdf.encrypted
2014-11-23 19:09 - 2013-08-27 00:58 - 00179976 _____ () C:\Users\Steve\Downloads\BoT ARIA Schedule.doc.encrypted
2014-11-23 19:09 - 2013-08-26 23:25 - 00083990 _____ () C:\Users\Steve\Downloads\Mr Steven Granville 11 Sep 2009 HBAMEL.zip.encrypted
2014-11-23 19:09 - 2013-08-26 22:35 - 00113633 _____ () C:\Users\Steve\Downloads\CAC001-00001I-V001.pdf.encrypted
2014-11-23 19:09 - 2013-08-26 19:58 - 00003923 _____ () C:\Users\Steve\Downloads\Download.pdf.encrypted
2014-11-23 19:09 - 2013-08-20 22:36 - 00302344 _____ () C:\Users\Steve\Downloads\sbv-financial-statements.xls.encrypted
2014-11-23 19:09 - 2013-08-20 21:10 - 00088264 _____ () C:\Users\Steve\Downloads\AnnualExpenseSpreadsheetVisual Artists.xlsx.encrypted
2014-11-23 19:09 - 2013-08-20 20:35 - 00019720 _____ () C:\Users\Steve\Downloads\INCOME~1.XLS.encrypted
2014-11-23 19:09 - 2013-08-20 20:31 - 00088161 _____ () C:\Users\Steve\Downloads\AnnualExpenseSpreadsheetMusicians.xlsx.encrypted
2014-11-23 19:09 - 2013-08-20 20:31 - 00019548 _____ () C:\Users\Steve\Downloads\MusiciansExpenseWorksheet.xlsx.encrypted
2014-11-23 19:09 - 2013-08-20 01:16 - 00589059 _____ () C:\Users\Steve\Downloads\td2012-017c1 (1).pdf.encrypted
2014-11-23 19:09 - 2013-08-18 22:30 - 00020763 _____ () C:\Users\Steve\Downloads\BUS00335807n11027_emp.pdf.encrypted
2014-11-23 19:09 - 2013-08-18 22:29 - 00020562 _____ () C:\Users\Steve\Downloads\BUS00335807n11027-dec.pdf.encrypted
2014-11-23 19:09 - 2013-08-18 22:13 - 00589058 _____ () C:\Users\Steve\Downloads\td2012-017c1.pdf.encrypted
2014-11-23 19:09 - 2013-08-18 22:06 - 00037253 _____ () C:\Users\Steve\Downloads\Common+Deductions.pdf.encrypted
2014-11-23 19:09 - 2013-08-18 22:05 - 00038167 _____ () C:\Users\Steve\Downloads\Microsoft+Word+-+FBT+entertainment+summary+table+2011+mk2.pdf.encrypted
2014-11-23 19:09 - 2013-08-18 22:00 - 00214751 _____ () C:\Users\Steve\Downloads\AMIN-Tax-Pack.pdf.encrypted
2014-11-23 19:09 - 2013-08-18 21:20 - 00654955 _____ () C:\Users\Steve\Downloads\bus76494nat30290511.pdf.encrypted
2014-11-23 19:09 - 2013-07-18 19:03 - 00078706 _____ () C:\Users\Steve\Downloads\LC Plus Series.pdf.encrypted
2014-11-23 19:09 - 2013-07-16 02:05 - 00008740 _____ () C:\Users\Steve\Downloads\metal_presets_mazur.rar.encrypted
2014-11-23 19:09 - 2013-06-26 04:00 - 00123397 _____ () C:\Users\Steve\Downloads\tech_specs.pdf.encrypted
2014-11-23 19:09 - 2013-06-25 21:23 - 00179681 _____ () C:\Users\Steve\Downloads\Little Prince FOH.pdf.encrypted
2014-11-23 19:09 - 2013-06-25 21:23 - 00141763 _____ () C:\Users\Steve\Downloads\Little Prince Hang Sheets.pdf.encrypted
2014-11-23 19:09 - 2013-06-08 00:30 - 01813072 _____ () C:\Users\Steve\Downloads\gala_event.pdf.encrypted
2014-11-23 19:09 - 2013-06-07 02:07 - 00022680 _____ () C:\Users\Steve\Downloads\touchosc.zip.encrypted
2014-11-23 19:09 - 2013-06-04 19:08 - 00619784 _____ () C:\Users\Steve\Downloads\touring_HighEnd.xls.encrypted
2014-11-23 19:09 - 2013-04-22 01:09 - 00075345 _____ () C:\Users\Steve\Downloads\HD42_FD42.pdf.encrypted
2014-11-23 19:09 - 2013-04-17 04:21 - 00414267 _____ () C:\Users\Steve\Downloads\mph_trackspotbolt.pdf.encrypted
2014-11-23 19:09 - 2013-02-19 03:33 - 00114252 _____ () C:\Users\Steve\Downloads\Impression X4 DMX 1 01 EN (3).pdf.encrypted
2014-11-23 19:09 - 2013-02-19 02:52 - 01542457 _____ () C:\Users\Steve\Downloads\Impression X4 DMX Pattern Appendix A V1 01 EN_01.pdf.encrypted
2014-11-23 19:09 - 2013-02-18 04:51 - 00000659 _____ () C:\Users\Steve\Downloads\Notes (1).rtf.encrypted
2014-11-23 19:09 - 2013-02-18 04:11 - 00000700 _____ () C:\Users\Steve\Downloads\Notes.rtf.encrypted
2014-11-23 19:09 - 2013-02-17 21:15 - 00114252 _____ () C:\Users\Steve\Downloads\Impression X4 DMX 1 01 EN (2).pdf.encrypted
2014-11-23 19:09 - 2013-02-13 06:20 - 06114541 _____ () C:\Users\Steve\Downloads\AlphaSpotHPE700_Manuale_Rev.2_(02.11)_IT.pdf.encrypted
2014-11-23 19:09 - 2013-02-13 06:17 - 01488401 _____ () C:\Users\Steve\Downloads\AlphaSpotHPE700_DmxChannels_Rev.2_(02.11).pdf.encrypted
2014-11-23 19:09 - 2013-01-16 21:07 - 01500751 _____ () C:\Users\Steve\Downloads\Impression 120RZ RGB Manual V1.5 EN.pdf.encrypted
2014-11-23 19:09 - 2013-01-15 22:56 - 00114252 _____ () C:\Users\Steve\Downloads\Impression X4 DMX 1 01 EN (1).pdf.encrypted
2014-11-23 19:09 - 2013-01-15 22:46 - 00114252 _____ () C:\Users\Steve\Downloads\Impression X4 DMX 1 01 EN.pdf.encrypted
2014-11-23 19:09 - 2013-01-02 22:08 - 00047048 _____ () C:\Users\Steve\Downloads\C002528-00001Q-V001.pdf.encrypted
2014-11-23 19:09 - 2012-12-29 09:44 - 01523174 _____ () C:\Users\Steve\Downloads\jarag userguide_revD_full_eng.pdf.encrypted
2014-11-23 19:09 - 2012-12-25 20:17 - 00000000 ____D () C:\Users\Steve\Documents\PDF Compressor Output
2014-11-23 19:08 - 2014-10-09 19:32 - 00000000 ____D () C:\Users\Steve\Desktop\PWD EUROPE
2014-11-23 19:08 - 2014-10-09 05:01 - 00000000 ____D () C:\Users\Steve\Desktop\lights
2014-11-23 19:08 - 2014-06-30 04:29 - 00000000 ____D () C:\Users\Steve\Desktop\JBT
2014-11-23 19:08 - 2014-06-23 12:11 - 00000000 ____D () C:\Users\Steve\Desktop\Amity 2014
2014-11-23 19:08 - 2014-05-21 16:49 - 00000426 ____H () C:\Users\Steve\Desktop\~$T setlist temp.docx.encrypted
2014-11-23 19:08 - 2014-05-08 06:58 - 00000000 ____D () C:\Users\Steve\Desktop\usa advance
2014-11-23 19:08 - 2014-04-18 03:55 - 00000426 ____H () C:\Users\Steve\Desktop\~$UESFEST MOJO PATCH.docx.encrypted
2014-11-23 19:08 - 2014-02-19 01:51 - 00000000 ____D () C:\Users\Steve\Desktop\BOT US PROMO
2014-11-23 19:08 - 2014-01-21 00:10 - 00219985 _____ () C:\Users\Steve\Documents\BIRDS OF TOKYO_WHEATSTONE FREIGHT_2014.pdf.encrypted
2014-11-23 19:08 - 2013-10-17 17:22 - 00011569 _____ () C:\Users\Steve\Documents\AMITY INPUTS.xlsx.encrypted
2014-11-23 19:08 - 2013-01-10 21:38 - 00000426 ____H () C:\Users\Steve\Desktop\~$rds Of Tokyo - Audio Requirements - MarchFires.docx.encrypted
2014-11-23 19:08 - 2013-01-10 06:14 - 00000426 ____H () C:\Users\Steve\Desktop\~$rds Of Tokyo - MarchFires Tour - Visuals.docx.encrypted
2014-11-23 19:08 - 2013-01-06 19:30 - 00000426 ____H () C:\Users\Steve\Desktop\~$rch setlist.docx.encrypted
2014-11-23 19:08 - 2012-08-02 03:58 - 00000000 ____D () C:\SETUP
2014-11-23 19:08 - 2012-08-02 03:58 - 00000000 ____D () C:\LIBRARY
2014-11-23 18:44 - 2012-02-21 06:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-198695108-46086056-2637541285-1000Core.job
2014-11-21 12:16 - 2012-04-18 21:29 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Skype
2014-11-19 22:23 - 2014-04-28 15:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-19 22:23 - 2012-04-18 21:29 - 00000000 ____D () C:\ProgramData\Skype
2014-11-19 22:07 - 2012-02-22 01:01 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-11-19 17:36 - 2012-02-21 06:41 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-198695108-46086056-2637541285-1000UA
2014-11-19 17:36 - 2012-02-21 06:41 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-198695108-46086056-2637541285-1000Core
2014-11-16 16:05 - 2012-04-18 21:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:34 - 2014-10-06 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-08 11:09 - 2012-02-23 23:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-08 11:08 - 2012-03-16 20:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-31 23:26 - 2012-02-21 06:03 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwrwwde.dll
C:\Users\Steve\AppData\Local\Temp\GUR7E69.exe
C:\Users\Steve\AppData\Local\Temp\libtar.dll
C:\Users\Steve\AppData\Local\Temp\ose00000.exe
C:\Users\Steve\AppData\Local\Temp\QtCore470.dll
C:\Users\Steve\AppData\Local\Temp\Tsu82A9705F.dll
C:\Users\Steve\AppData\Local\Temp\zlibwapi.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-19 16:57
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Steve at 2014-11-24 14:03:43
Running from C:\Users\Steve\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-198695108-46086056-2637541285-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArKaos MediaMaster 3.2.2 (HKLM-x32\...\{DCAB622A-8D47-47FB-95DE-6043D77FB5DD}) (Version: 1.00.0000 - ArKaos)
ArKaos VJ 3.6.5 beta 4 (HKLM-x32\...\{77F4739D-13F3-4899-9ECF-631D020FF144}) (Version: 3.6.5 beta 4 - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Automap 4.7 (HKLM\...\Automap Universal_is1) (Version: 4.7 - Focusrite Audio Engineering Ltd.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon iP90 Setup Utility (HKLM-x32\...\Canon iP90 Setup Utility) (Version:  - )
Charles 3.8.3 (HKLM\...\{5CE7E4F6-039B-4A30-9F0E-A0FF90F1A018}) (Version: 3.8.3.3 - XK72 Ltd)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DMX-PRO Manager 1.14 (HKLM-x32\...\DMX-PRO Manager) (Version:  - )
Dropbox (HKU\S-1-5-21-198695108-46086056-2637541285-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: 2.2.1.1119 - Foxit Corporation)
Google Chrome (HKU\S-1-5-21-198695108-46086056-2637541285-1000\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Chrome (HKU\S-1-5-21-198695108-46086056-2637541285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hog Connectivity 2.4.0.805 (HKLM-x32\...\{FD9FD2CC-50DB-4911-828A-6F9BED388968}) (Version: 2.4.0.805 - High End Systems)
Hog2PC 3.4.3.160 (HKLM-x32\...\{96BE30F4-D29C-4304-BD1C-B7B7D147FCDE}) (Version: 3.4.3.160 - High End Systems)
Hog3PC 3.2.6.3434 (HKLM-x32\...\{9A950BA4-060E-4F7A-94ED-8F4D759C58FA}) (Version: 3.2.6.3434 - High End Systems)
Hog4PC 2.1.2.565 (HKLM-x32\...\{5C6C8E9F-638C-4AFF-B6B3-0C59F14CC14F}) (Version: 2.1.2.565 - High End Systems)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photosmart Wireless B109n-z All-in-One Driver 14.0 Rel. 6 (HKLM\...\{79A72AAD-7ED4-49D8-872D-D1465061F9DB}) (Version: 14.0 - HP)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Proximity Sensor Utility (HKLM-x32\...\{BE208C2E-A46A-426F-B2B8-CE8BEF9DB24D}) (Version: 1.0.18 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6359.0 - IDT)
IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® Smart Connect Technology 1.0 (HKLM-x32\...\{0A918A9E-74F2-41CB-969F-FB0CB9A51DD8}) (Version: 1.0.698.0 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
LaCie Desktop Manager 1.4.5 (HKLM\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 1.4.5 - LaCie)
LIGHTCONVERSE #56 (HKLM-x32\...\LIGHTCONVERSE_is1) (Version:  - LIGHTCONVERSE)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0080-0409-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-GB)) (Version: 31.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PS_AIO_06_B109n-z_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.1.68 - Samsung Electronics Co., Ltd.) Hidden
Registry Repair 5.0.1.62 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.62 - Glarysoft Ltd)
RemoteComms driver (HKLM-x32\...\{43BEEE26-01A8-4EEE-8632-2353261E3B55}) (Version: 1.25.0000 - Oxford Semiconductor)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Stronghold AntiMalware (HKLM-x32\...\Stronghold AntiMalware_is1) (Version: 1.0 - Security Stronghold)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
T-RackS CS version 4.2.1 (HKLM\...\{E931EBCC-55F9-4D67-BA0E-D57C4A893A44}_is1) (Version: 4.2.1 - IK Multimedia)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00b of 2011-Jan-12 (Build 132) (Setup) - WIBU-SYSTEMS AG)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YTD Video Downloader 4.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.2 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-198695108-46086056-2637541285-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
13-11-2014 02:24:35 Scheduled Checkpoint
24-11-2014 07:06:11 Scheduled Checkpoint
24-11-2014 14:46:08 Norton_Power_Eraser_20141124084607237
24-11-2014 19:11:31 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {015E4A66-4F83-4216-B595-ED73DBB3A20D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {039A2155-1CBE-4C76-B7CB-A8163C6FAD9A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-198695108-46086056-2637541285-1000UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {0ED21926-373A-4BFF-ADF4-D04083ADB5E0} - System32\Tasks\{29871B12-4D39-476A-9B88-12DEEA9C28D4} => msiexec.exe /package "C:\Users\Steve\Downloads\Capture Polar 2.11.22.msi"
Task: {167B8355-A14A-4A74-BFCF-DF0CE5E730F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {17596A4E-6FDA-475E-9237-B7CEDF710077} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {25413FB2-D3C8-4A4C-A937-6955D2AE4B3C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {266EEA9B-E598-42B0-ADBB-BE2A3E6FC9B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3C59C13E-2550-43F8-B58A-C4E9102F0857} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {562F35FC-5970-4AE0-9400-CB315F1449A0} - System32\Tasks\{1AA998EB-F274-4383-89A6-02A5DD942883} => msiexec.exe /package "C:\Users\Steve\Downloads\Capture Polar 2.11.22.msi"
Task: {97A07120-A2CD-488C-8D18-8C0F9C4C44B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-198695108-46086056-2637541285-1000Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {D4A52A66-132D-4347-A16B-48C9A3424AE3} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {DE088267-0E60-4847-BA84-48F2DA641652} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-26] (Hewlett-Packard Company)
Task: {F056961A-D086-445E-A834-ABED0E1629B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-26] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-198695108-46086056-2637541285-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-198695108-46086056-2637541285-1000UA.job => ?
Task: C:\Windows\Tasks\HPCeeScheduleForSteve.job => ?
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-24 08:46 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-11-24 08:46 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2011-09-05 18:48 - 2011-09-05 18:48 - 00093696 _____ () C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-12-02 21:33 - 2012-04-11 21:51 - 01227776 _____ () C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
2011-09-05 18:48 - 2011-09-05 18:48 - 00026112 _____ () C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe
2014-11-12 17:35 - 2014-11-12 17:35 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
2012-02-21 04:07 - 2011-08-09 09:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-21 19:31 - 2010-12-22 03:17 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-02-21 19:31 - 2012-02-21 19:31 - 00402944 _____ () C:\SWSetup\envyTouchPad.exe
2014-11-24 12:51 - 2014-11-13 10:17 - 03054504 _____ () C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
2011-03-16 07:07 - 2011-03-16 07:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-19 22:23 - 2010-10-19 22:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-22 06:43 - 2012-02-17 03:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2014-04-23 17:05 - 2014-04-23 17:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 17:04 - 2014-04-23 17:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-05 18:48 - 2011-09-05 18:48 - 00036352 _____ () C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-11-12 17:35 - 2014-11-12 17:35 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2011-03-16 07:11 - 2011-03-16 07:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-19 22:45 - 2010-10-19 22:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-02 01:06 - 2014-05-06 12:24 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-10-02 01:06 - 2014-05-19 21:20 - 00103424 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\PAL.dll
2014-10-02 01:06 - 2014-05-19 21:20 - 00039424 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SATA.dll
2014-10-02 01:06 - 2014-05-19 21:19 - 00038400 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAT.dll
2014-10-02 01:06 - 2014-05-19 21:20 - 00031232 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SMINI.dll
2014-10-02 01:06 - 2014-05-19 21:19 - 00029696 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAS.dll
2012-02-21 19:31 - 2010-12-22 03:17 - 00066856 _____ () C:\Windows\SysWOW64\SynTPEnhPS.dll
2014-11-24 12:48 - 2014-11-24 12:48 - 00043008 _____ () c:\users\steve\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwrwwde.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-12 17:35 - 2014-11-12 17:35 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-10-14 21:11 - 2014-10-14 21:11 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-10-14 21:11 - 2014-10-14 21:11 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-10-14 21:11 - 2014-10-14 21:11 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-11-24 07:43 - 2014-11-14 15:15 - 01077064 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-24 07:43 - 2014-11-14 15:15 - 00211272 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-24 07:43 - 2014-11-14 15:15 - 09009480 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-24 07:43 - 2014-11-14 15:15 - 01677128 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Steve\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Steve\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Steve\Downloads\rrsetup.exe:BDU
AlternateDataStreams: C:\Users\Steve\Downloads\ShadowExplorer-0.9-setup (1).exe:BDU
AlternateDataStreams: C:\Users\Steve\Downloads\ShadowExplorer-0.9-setup.exe:BDU
AlternateDataStreams: C:\Users\Steve\Downloads\StrongholdAntiMalware.exe:BDU
AlternateDataStreams: C:\Users\Steve\Downloads\TorrentUnlocker (2).exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-198695108-46086056-2637541285-500 - Administrator - Disabled)
Guest (S-1-5-21-198695108-46086056-2637541285-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-198695108-46086056-2637541285-1002 - Limited - Enabled)
Steve (S-1-5-21-198695108-46086056-2637541285-1000 - Administrator - Enabled) => C:\Users\Steve
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Wireless B109n-z
Description: Photosmart Wireless B109n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart Wireless B109n-z
Description: Photosmart Wireless B109n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/24/2014 02:01:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 23.11.2014.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2470
 
Start Time: 01d008215601552a
 
Termination Time: 4
 
Application Path: C:\Users\Steve\Downloads\FRST64.exe
 
Report Id:
 
Error: (11/24/2014 01:54:25 PM) (Source: MsiInstaller) (EventID: 11500) (User: JuiceBox)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
 
Error: (11/24/2014 01:34:58 PM) (Source: MsiInstaller) (EventID: 1023) (User: JuiceBox)
Description: Product: Microsoft Silverlight - Update 'Microsoft Silverlight 5.1.30514.0' could not be installed. Error code 1603. Additional information is available in the log file C:\Users\Steve\AppData\Local\Temp\SilverlightMSI.log.
 
Error: (11/24/2014 01:34:56 PM) (Source: MsiInstaller) (EventID: 11406) (User: JuiceBox)
Description: Product: Microsoft Silverlight -- Error 1406. Could not write value  to key \Software\Classes\Interface\{EE38D0F1-5AE3-408C-A6BF-8410E645F376}.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.
 
 
System errors:
=============
Error: (11/24/2014 01:35:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2977218).
 
 
Microsoft Office Sessions:
=========================
Error: (11/24/2014 02:01:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe23.11.2014.1247001d008215601552a4C:\Users\Steve\Downloads\FRST64.exe
 
Error: (11/24/2014 01:54:25 PM) (Source: MsiInstaller) (EventID: 11500) (User: JuiceBox)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/24/2014 01:34:58 PM) (Source: MsiInstaller) (EventID: 1023) (User: JuiceBox)
Description: Microsoft SilverlightMicrosoft Silverlight 5.1.30514.01603C:\Users\Steve\AppData\Local\Temp\SilverlightMSI.log(NULL)(NULL)
 
Error: (11/24/2014 01:34:56 PM) (Source: MsiInstaller) (EventID: 11406) (User: JuiceBox)
Description: Product: Microsoft Silverlight -- Error 1406. Could not write value  to key \Software\Classes\Interface\{EE38D0F1-5AE3-408C-A6BF-8410E645F376}.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-24 13:08:22.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-24 13:08:22.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-24 13:08:22.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-24 13:08:22.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-24 13:08:22.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-24 13:08:22.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 68%
Total physical RAM: 16331.86 MB
Available physical RAM: 5206.89 MB
Total Pagefile: 24469.04 MB
Available Pagefile: 12123.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:429.9 GB) (Free:239.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:34.47 GB) (Free:17.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.08 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0523FFD2)
Partition 1: (Active) - (Size=1.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=429.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=34.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=88 MB) - (Type=0C)
 
==================== End Of Log ============================
 
 
Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 24/11/2014 2:08:51 PM
Operating System: Windows 7
Service Pack: Service Pack 1
Version Number: 6.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]
1.|  Possible TorrentLocker Flag , C:\Users\Steve\Pictures\A221AFB4711C4372D4C1375EAA7EEA9D.jpg.encrypted
2.|  Possible TorrentLocker Flag , C:\Users\Steve\Pictures\DECRYPT_INSTRUCTIONS.html
 


#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 24 November 2014 - 02:28 PM

You've been infected with TorrentLocker. This is the source of the infection: C:\Users\Steve\Downloads\penid_498903881101.zip
Best practice is to avoid opening Email attachments unless you're expecting the Email, and it's from a trusted source. 
 
After Digital-Forensics publicly released TorrentLocker's flaws at the beginning of September, brute forcing the encryption is no longer possible - so TorrentUnlocker, which I see you've tried, will not work. 
 
The good news is that TorrentLocker does not delete Shadow Volume copies (your System Restore Points are in tact), and does not securely delete the original files. So you have a couple of options (other than paying the ransom).
 
--------------------
 
y3MMIrs.png Previous Versions

  • Right-click the file/folder and click Properties.
  • Click Previous Versions
  • This tab will list all copies of the file and the date they were backed up.
  • To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
  • If you wish to restore the selected file and replace the existing one, click Restore.
  • If you wish to view the contents of the file before restoring, click Open.
     

MzmiIl9.gif ShadowExplorer

  • Please download ShadowExplorer and save the file to your Desktop.
  • Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract.
  • Right-Click ShadowExplorer.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • You will see a drop-down menu with the shadow copies of all partitions and disks present.
  • Click C:\ from the drop-down menu.
  • To the right, pick a date prior to the infection from the drop-down menu.
  • To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.
     

J8xQM97.png File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

--------------------
 
Your machine is still infected - so it's up to you if you wish to clean the machine now, or once you've exhausted the recovery options above.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 RockShow

RockShow

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 24 November 2014 - 02:40 PM

Thanks for all the help Adam.

 

What do you suggest I do from here?  After using the restore from previous versions and ShadowExplorer?

 

If I give up the hope of getting these files back is it best I format my computer and start again or is this unnecessary?

 

Do I need to worry about the infection spreading.  For example if I plug in a hard drive to transfer some thing off the computer?



#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 24 November 2014 - 02:45 PM

Thanks for all the help Adam.

It's my pleasure.
 
Once infected with this type of malware, I would recommend reformatting your HDD and reinstalling your Operating System. It's a personal decision, and we can clean the machine if you wish - but reformatting would be the option I suggest you take. 
 
For now, I think you should try the three options listed in my post above. Let me know if you can get these to work, and if you can - I will provide instructions on how you can safely transfer files onto a removal device (external HDD, USB flash drive, etc).


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 RockShow

RockShow

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 24 November 2014 - 02:54 PM

It seems at the moment that all my Previous Versions are past the date of infection.   I cant find any that are more than 2 days ago.  I think I may be out of luck here.

 

Shadow Explorer is finding the same thing.   Only files from today onwards.....?

 

I am running the other recovery programs now....



#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 24 November 2014 - 03:08 PM

Have you clicked Open in the Previous Versions tab to check if the files will open?

If you're unsuccessful with Shadow Volume copies, recovery software is your last option I'm afraid.

I would suggest trying all 3 software linked.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#9 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 27 November 2014 - 08:14 PM

Hello, 

 

Do you still require assistance?


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#10 RockShow

RockShow

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 28 November 2014 - 08:55 AM

I have run the programs as suggested and had no luck restoring from previous versions ANYWHERE....

 

As we discussed, I may just need to wait and do a full format when I have a chance.

 

 

DO you think there is any further harm from this virus that cam come to my computer?  Or am I safe now but just with encrypted files....?



#11 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 28 November 2014 - 01:56 PM

Hello,
 
The machine may still be infected. We can clean the machine of malware now - this could help with the decision on how you wish to proceed in the long run.

 

I'm sorry you weren't able to recover your files. Unfortunately, there are no guarantees with file recovery.   

 

goGMWSt.gifP2P Warning

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (µTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 

goGMWSt.gifMultiple Anti-Virus Software Installed
 
------------------------------
 
It is inadvisable to have more than one Anti-Virus installed on your computer at the same time. Doing so may:

  • Cause conflicts, negatively impacting the effectiveness of each Anti-Virus installed. 
  • Trigger false-positives.
  • Trigger false-negatives, where neither programme detects malware. 
  • Cause system instability/performance issues. Your system may lock up or slow down due to both software attempting to access the same file at the same time. 
Please remove all but one Anti-Virus from your computer.
Instructions can be found in Step 2.
  • AVG 2015 
  • Bitdefender Antivirus Free Edition

 
 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • AVG 2015 or Bitdefender Antivirus Free Edition
    • AVG Web TuneUp
    • Registry Repair 5.0.1.62
    • Stronghold AntiMalware
    • YTD Video Downloader 4.8.2
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 3
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK?
  • ComboFix.txt
  • TDSSKiller log (attached)
  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#12 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 02 December 2014 - 03:47 AM

Hello,

 

How are you getting on with the instructions above?


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#13 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 02 December 2014 - 06:15 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users