Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91700 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

sound files not working - infection? [Solved]


  • This topic is locked This topic is locked
17 replies to this topic

#1 galaxy

galaxy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 07 August 2014 - 09:46 AM

Greetings,

 

Greetings,
 
My sound files suddenly stop working while I am running my computer. If the song is playing, it will stop midway and there won’t be any sound in windows media player. If I try to run any sound file in VLC player then it won’t run there either until I restart my computer. For now, restarting is fixing the problem but it isn’t very convenient for the obvious reasons.
 
I have updated the sound driver and I also disabled the enhancements in windows media player in the hope that it might fix the problem but the problem still persists. Needless to say, I have always checked the mute button and sound mixers and made sure it is all correct.
 
Today, my windows had trouble starting up and I had to run windows restore after pressing F8 during startup. It did start fine and now I am seeking help fearing that is my computer infected and sound files not working was an effect of it?
I tried running OTL but it wouldn’t run the .exe file saying that it cannot run from a temporary folder. I download it in my “Downloads” folder and then on desktop also separately but it wouldn’t run from either locations. Please me my hijackthis results:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:33:46 PM, on 8/7/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)
Boot mode: Normal
 
Running processes:
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\TEMP.Personnel\Downloads\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch....=homepage&v=1_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:6006
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [reg_svr] "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\TEMP.Personnel\AppData\Roaming\glister\nvm.dll"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Users\TEMP.Personnel\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{01086B81-491B-473D-AADE-BB9FA298A9FF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{01086B81-491B-473D-AADE-BB9FA298A9FF}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 12038 bytes
 

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 August 2014 - 09:10 PM

Hi galaxy,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 galaxy

galaxy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 08 August 2014 - 05:42 AM

Thanks, OCD for helping me out. Please find the results of the scan as follows:
 
Checkup.txt
 
 Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (32.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
Please find aswMBR.txt results below:
 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-08 16:14:08
-----------------------------
16:14:08.624    OS Version: Windows x64 6.2.9200 
16:14:08.624    Number of processors: 4 586 0x2A07
16:14:08.626    ComputerName: PERSONNEL  UserName: 
16:14:10.396    Initialize success
16:14:10.620    VM: initialized successfully
16:14:10.676    VM: Intel CPU BiosDisabled 
16:14:18.127    VM: disk I/O iaStorA.sys
16:14:23.229    AVAST engine download error: 0
16:24:03.525    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
16:24:03.532    Disk 0 Vendor: ST500LM012_HN-M500MBB 2AR10002 Size: 476940MB BusType: 8
16:24:03.781    Disk 0 MBR read successfully
16:24:03.788    Disk 0 MBR scan
16:24:03.796    Disk 0 unknown MBR code
16:24:03.804    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
16:24:03.853    Disk 0 scanning C:\Windows\system32\drivers
16:24:14.794    Service scanning
16:24:36.773    Modules scanning
16:24:36.793    Disk 0 trace - called modules:
16:24:37.193    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
16:24:37.206    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b42420]
16:24:37.219    3 CLASSPNP.SYS[fffff88002088e0a] -> nt!IofCallDriver -> \Device\00000039[0xfffffa80059d6060]
16:24:37.231    Scan finished successfully
16:25:30.939    Disk 0 MBR has been saved successfully to "C:\Users\TEMP.Personnel\Desktop\Fix Tools\MBR.dat"
16:25:30.955    The log file has been saved successfully to "C:\Users\TEMP.Personnel\Desktop\Fix Tools\aswMBR.txt"
 
Please find FRST results below:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
Ran by PersonnelPC (administrator) on PERSONNEL on 08-08-2014 16:29:04
Running from C:\Users\TEMP.Personnel\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-06-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Yahoo Messenger] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [uTorrent] => C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\TEMP.Personnel\AppData\Roaming\glister\nvm.dll"
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [Google+ Auto Backup] => C:\Users\TEMP.Personnel\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: G - "G:\autorun.exe" 
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: H - "H:\autorun.exe" 
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: {48bf6839-1683-11e4-bf5c-d89d677f9b55} - "G:\AutoRun.exe" 
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 127.0.0.1:6006
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch....=homepage&v=1_0
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {8BD39743-B836-4A60-8063-486CE254BA32} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {8BD39743-B836-4A60-8063-486CE254BA32} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKCU - {8BD39743-B836-4A60-8063-486CE254BA32} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01086B81-491B-473D-AADE-BB9FA298A9FF}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\TEMP.Personnel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\TEMP.Personnel\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Test Pilot - C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-09-20]
FF Extension: Adblock Plus - C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
 
Chrome: 
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-13] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-06] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U3 aswMBR; \??\C:\Users\TEMP~1.PER\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\TEMP~1.PER\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-08 16:29 - 2014-08-08 16:29 - 00018062 _____ () C:\Users\TEMP.Personnel\Desktop\FRST.txt
2014-08-08 16:28 - 2014-08-08 16:29 - 00000000 ____D () C:\FRST
2014-08-08 16:27 - 2014-08-08 16:27 - 02094080 _____ (Farbar) C:\Users\TEMP.Personnel\Desktop\FRST64.exe
2014-08-08 16:11 - 2014-08-08 16:11 - 05185536 _____ (AVAST Software) C:\Users\TEMP.Personnel\Desktop\aswMBR.exe
2014-08-08 16:05 - 2014-08-08 16:05 - 00854410 _____ () C:\Users\TEMP.Personnel\Desktop\SecurityCheck.exe
2014-08-07 23:09 - 2014-08-07 23:09 - 00014702 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.2012.dvdrip.xvid.torrent
2014-08-07 23:09 - 2014-08-07 23:09 - 00014702 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.2012.dvdrip.xvid (1).torrent
2014-08-07 23:07 - 2014-08-07 23:07 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Just Cause [Multi2][PC]
2014-08-07 20:33 - 2014-08-07 20:33 - 00012040 _____ () C:\Users\TEMP.Personnel\Downloads\hijackthis.log
2014-08-07 20:32 - 2014-08-07 20:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\TEMP.Personnel\Downloads\HiJackThis.exe
2014-08-07 20:29 - 2014-08-08 16:25 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\Fix Tools
2014-08-07 19:19 - 2014-08-08 09:13 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\Canada Visa Information - Pakistan - Track Your Application_files
2014-08-07 19:19 - 2014-08-07 19:19 - 00003779 _____ () C:\Users\TEMP.Personnel\Desktop\Canada Visa Information - Pakistan - Track Your Application.html
2014-08-07 12:17 - 2014-08-07 12:17 - 00016616 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.dvdrip.xvid.1cdrip.ddr.torrent
2014-08-06 04:58 - 2014-08-06 04:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-06 04:34 - 2014-08-06 04:34 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\ZqWare
2014-08-06 04:30 - 2014-08-06 04:30 - 00780456 _____ ( ) C:\Users\TEMP.Personnel\Downloads\Surfing-Tunnel_1.7.0.exe
2014-08-06 04:08 - 2014-08-06 04:15 - 00000000 ____D () C:\Program Files (x86)\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-06 04:07 - 2014-08-06 04:07 - 01166613 _____ () C:\Users\TEMP.Personnel\Downloads\ultravpn-install.exe
2014-08-06 03:41 - 2014-08-06 03:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\TEMP.Personnel\Downloads\rkill.com
2014-08-06 03:29 - 2014-08-06 03:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 03:29 - 2014-08-06 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-06 03:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 03:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-06 03:23 - 2014-08-06 03:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TEMP.Personnel\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 03:09 - 2014-08-06 03:10 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup (1).exe
2014-08-06 03:08 - 2014-08-06 03:08 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-08-06 03:07 - 2014-08-06 03:08 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup.exe
2014-07-30 15:43 - 2014-07-30 15:43 - 00028629 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]just.cause.multi2.pc.torrent
2014-07-30 15:40 - 2014-07-30 15:40 - 00098712 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]omar.series.mbc.bluray.720p.all.episodes.1.30.english.subtitl.torrent
2014-07-30 15:40 - 2014-07-30 15:40 - 00098712 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]omar.series.mbc.bluray.720p.all.episodes.1.30.english.subtitl (1).torrent
2014-07-29 10:55 - 2014-08-06 03:08 - 00000897 _____ () C:\Windows\setupact.log
2014-07-29 10:55 - 2014-07-29 10:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 22:49 - 2014-07-28 22:49 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 22:49 - 2014-07-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-28 22:49 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-28 22:49 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-28 22:49 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-28 22:49 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-28 16:19 - 2014-08-08 16:11 - 01584070 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 05:05 - 2014-07-28 08:25 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\FIFA 14 PC game ^^nosTEAM^^
2014-07-28 05:03 - 2014-07-28 05:03 - 00033322 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.pc.game.nosteam.torrent
2014-07-28 04:51 - 2014-07-28 06:59 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Counter-Strike Global Offensive PC game MP+SP ^^nosTEAM^^
2014-07-28 04:49 - 2014-07-28 04:49 - 00015529 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]counter.strike.global.offensive.pc.game.mp.sp.nosteam.torrent
2014-07-28 04:49 - 2014-07-28 04:49 - 00013107 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.crack.v5.final.3dm.torrent
2014-07-28 04:04 - 2014-07-28 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 21:41 - 2014-07-27 23:12 - 839031107 ____R () C:\Users\TEMP.Personnel\Downloads\Hate.Story.2.2014.720p.DVDSCR.800MB.ShAaNiG.com.mkv
2014-07-26 01:48 - 2014-07-26 01:56 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\KICK (2014) [1CD] DVDSCR Rip Xvid Mp3 TeamTNT Exclusive
2014-07-13 01:38 - 2014-07-13 01:38 - 00423608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 06:20 - 2014-06-27 01:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 06:20 - 2014-06-27 01:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 06:16 - 2014-07-11 06:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 22:26 - 2014-07-01 03:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 22:26 - 2014-07-01 03:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-10 22:26 - 2014-07-01 03:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-10 22:26 - 2014-06-28 08:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 20:30 - 2014-05-03 11:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-10 20:30 - 2014-05-03 11:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-10 20:30 - 2014-05-03 09:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-10 20:30 - 2014-05-02 03:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-10 20:30 - 2014-04-30 03:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-10 20:30 - 2014-04-30 03:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-10 20:30 - 2014-04-24 04:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-10 20:30 - 2014-04-24 04:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 20:30 - 2014-04-24 04:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-10 20:30 - 2014-04-24 04:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 20:30 - 2014-02-08 09:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-10 20:29 - 2014-06-19 07:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 20:29 - 2014-06-19 05:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 20:28 - 2014-06-19 07:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 20:28 - 2014-06-19 07:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 20:28 - 2014-06-19 07:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-10 20:28 - 2014-06-19 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-10 20:28 - 2014-06-19 07:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 20:28 - 2014-06-19 07:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 20:28 - 2014-06-19 07:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 20:28 - 2014-06-19 07:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 20:28 - 2014-06-19 07:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 20:28 - 2014-06-19 05:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 20:28 - 2014-06-19 05:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 20:28 - 2014-06-19 05:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 20:28 - 2014-06-19 05:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 20:28 - 2014-06-19 05:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 20:28 - 2014-06-19 05:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 20:28 - 2014-06-19 05:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 20:28 - 2014-06-19 05:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 20:28 - 2014-06-19 05:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 20:28 - 2014-06-19 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 20:28 - 2014-06-19 03:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-10 20:26 - 2014-06-18 04:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 20:26 - 2014-06-18 04:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 20:26 - 2014-06-11 09:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 20:25 - 2014-06-06 19:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 20:25 - 2014-06-06 15:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 20:25 - 2014-06-03 03:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-10 20:25 - 2014-05-30 04:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-10 20:25 - 2014-05-30 04:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-10 20:25 - 2014-05-30 04:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 20:25 - 2014-05-30 04:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-10 20:25 - 2014-05-30 03:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-08 16:29 - 2014-08-08 16:29 - 00018062 _____ () C:\Users\TEMP.Personnel\Desktop\FRST.txt
2014-08-08 16:29 - 2014-08-08 16:28 - 00000000 ____D () C:\FRST
2014-08-08 16:27 - 2014-08-08 16:27 - 02094080 _____ (Farbar) C:\Users\TEMP.Personnel\Desktop\FRST64.exe
2014-08-08 16:25 - 2014-08-07 20:29 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\Fix Tools
2014-08-08 16:11 - 2014-08-08 16:11 - 05185536 _____ (AVAST Software) C:\Users\TEMP.Personnel\Desktop\aswMBR.exe
2014-08-08 16:11 - 2014-07-28 16:19 - 01584070 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 16:11 - 2013-03-27 18:16 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-08 16:10 - 2014-02-13 21:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-08 16:05 - 2014-08-08 16:05 - 00854410 _____ () C:\Users\TEMP.Personnel\Desktop\SecurityCheck.exe
2014-08-08 16:00 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-08 15:47 - 2012-07-26 12:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-08 15:29 - 2013-03-17 01:33 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1781143609-4253824246-3402552693-1001
2014-08-08 15:25 - 2013-03-27 18:16 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 09:14 - 2013-03-17 01:23 - 00000000 ____D () C:\Users\PersonnelPC
2014-08-08 09:13 - 2014-08-07 19:19 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\Canada Visa Information - Pakistan - Track Your Application_files
2014-08-08 09:13 - 2013-08-08 18:48 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\vlc
2014-08-08 09:13 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\registration
2014-08-08 00:22 - 2013-08-27 19:05 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent
2014-08-07 23:09 - 2014-08-07 23:09 - 00014702 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.2012.dvdrip.xvid.torrent
2014-08-07 23:09 - 2014-08-07 23:09 - 00014702 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.2012.dvdrip.xvid (1).torrent
2014-08-07 23:07 - 2014-08-07 23:07 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Just Cause [Multi2][PC]
2014-08-07 20:54 - 2013-08-17 01:34 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-08-07 20:54 - 2013-08-17 01:34 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-08-07 20:33 - 2014-08-07 20:33 - 00012040 _____ () C:\Users\TEMP.Personnel\Downloads\hijackthis.log
2014-08-07 20:33 - 2013-07-18 14:30 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Local\VirtualStore
2014-08-07 20:32 - 2014-08-07 20:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\TEMP.Personnel\Downloads\HiJackThis.exe
2014-08-07 20:22 - 2012-07-26 12:28 - 00942994 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 20:15 - 2013-07-18 14:26 - 00000000 ____D () C:\Users\TEMP.Personnel
2014-08-07 20:15 - 2012-07-26 12:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 19:19 - 2014-08-07 19:19 - 00003779 _____ () C:\Users\TEMP.Personnel\Desktop\Canada Visa Information - Pakistan - Track Your Application.html
2014-08-07 18:02 - 2014-06-06 16:20 - 00000000 ___HD () C:\Users\TEMP.Personnel\Downloads\.picasaoriginals
2014-08-07 18:02 - 2014-03-31 19:16 - 00000593 ____H () C:\Users\TEMP.Personnel\Downloads\.picasa.ini
2014-08-07 12:17 - 2014-08-07 12:17 - 00016616 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.dvdrip.xvid.1cdrip.ddr.torrent
2014-08-07 02:24 - 2014-02-13 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-06 22:54 - 2013-07-18 15:13 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Skype
2014-08-06 20:24 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-06 17:44 - 2014-02-05 14:45 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\glister
2014-08-06 04:59 - 2014-08-06 04:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-06 04:34 - 2014-08-06 04:34 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\ZqWare
2014-08-06 04:30 - 2014-08-06 04:30 - 00780456 _____ ( ) C:\Users\TEMP.Personnel\Downloads\Surfing-Tunnel_1.7.0.exe
2014-08-06 04:15 - 2014-08-06 04:08 - 00000000 ____D () C:\Program Files (x86)\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-06 04:07 - 2014-08-06 04:07 - 01166613 _____ () C:\Users\TEMP.Personnel\Downloads\ultravpn-install.exe
2014-08-06 03:42 - 2014-08-06 03:41 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\TEMP.Personnel\Downloads\rkill.com
2014-08-06 03:30 - 2014-08-06 03:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 03:29 - 2014-08-06 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 03:27 - 2014-08-06 03:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TEMP.Personnel\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 03:27 - 2013-04-23 18:23 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-06 03:27 - 2013-04-23 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-06 03:10 - 2014-08-06 03:09 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup (1).exe
2014-08-06 03:08 - 2014-08-06 03:08 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-08-06 03:08 - 2014-08-06 03:07 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup.exe
2014-08-06 03:08 - 2014-07-29 10:55 - 00000897 _____ () C:\Windows\setupact.log
2014-08-06 03:08 - 2013-01-29 17:03 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-04 21:02 - 2012-07-26 10:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-02 08:20 - 2013-07-18 14:30 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7143298-5460-4070-8BD2-DB84241D0F0F}
2014-07-30 15:43 - 2014-07-30 15:43 - 00028629 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]just.cause.multi2.pc.torrent
2014-07-30 15:40 - 2014-07-30 15:40 - 00098712 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]omar.series.mbc.bluray.720p.all.episodes.1.30.english.subtitl.torrent
2014-07-30 15:40 - 2014-07-30 15:40 - 00098712 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]omar.series.mbc.bluray.720p.all.episodes.1.30.english.subtitl (1).torrent
2014-07-29 10:55 - 2014-07-29 10:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 22:50 - 2013-11-27 13:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-28 22:49 - 2014-07-28 22:49 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 22:49 - 2014-07-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-28 22:49 - 2013-08-10 23:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-28 08:25 - 2014-07-28 05:05 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\FIFA 14 PC game ^^nosTEAM^^
2014-07-28 06:59 - 2014-07-28 04:51 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Counter-Strike Global Offensive PC game MP+SP ^^nosTEAM^^
2014-07-28 05:03 - 2014-07-28 05:03 - 00033322 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.pc.game.nosteam.torrent
2014-07-28 04:49 - 2014-07-28 04:49 - 00015529 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]counter.strike.global.offensive.pc.game.mp.sp.nosteam.torrent
2014-07-28 04:49 - 2014-07-28 04:49 - 00013107 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.crack.v5.final.3dm.torrent
2014-07-28 04:04 - 2014-07-28 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 01:36 - 2014-03-24 16:41 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Updated CV with address
2014-07-28 00:19 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-27 23:12 - 2014-07-27 21:41 - 839031107 ____R () C:\Users\TEMP.Personnel\Downloads\Hate.Story.2.2014.720p.DVDSCR.800MB.ShAaNiG.com.mkv
2014-07-27 01:37 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\rescache
2014-07-26 01:56 - 2014-07-26 01:48 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\KICK (2014) [1CD] DVDSCR Rip Xvid Mp3 TeamTNT Exclusive
2014-07-18 17:16 - 2014-02-19 19:13 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-13 01:38 - 2014-07-13 01:38 - 00423608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 06:16 - 2014-07-11 06:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 06:16 - 2014-07-04 15:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-11 06:16 - 2014-07-04 15:10 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-11 06:16 - 2014-07-04 15:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-11 06:16 - 2014-07-04 15:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-11 06:16 - 2012-07-26 13:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 06:16 - 2012-07-26 13:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 06:16 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-11 06:16 - 2012-07-26 12:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 06:15 - 2014-07-04 15:10 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-11 06:15 - 2014-07-04 15:10 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-11 06:15 - 2014-07-04 15:10 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-11 06:15 - 2014-07-04 15:10 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-11 06:15 - 2014-07-04 15:10 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-07-11 06:15 - 2014-07-04 15:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-07-11 06:15 - 2014-07-04 15:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-11 06:15 - 2014-07-04 15:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-11 06:15 - 2014-07-04 15:10 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-11 06:14 - 2013-07-26 20:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 06:11 - 2013-03-30 01:49 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 06:09 - 2013-10-28 21:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-11 03:02 - 2014-07-28 22:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-28 22:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-28 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-28 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 03:37 - 2012-07-26 10:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
 
Some content of TEMP:
====================
C:\Users\PersonnelPC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\SRLDetectionLibrary3613883571079857827.dll
C:\Users\TEMP.Personnel\AppData\Local\Temp\UNINSTALL.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\vlc-2.1.5-win64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-31 04:55
 
==================== End Of Log ============================
 
Please find Addition.txt results below:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014
Ran by PersonnelPC at 2014-08-08 16:31:39
Running from C:\Users\TEMP.Personnel\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadband (HKLM-x32\...\Broadband) (Version: 16.001.06.00.172 - Huawei Technologies Co.,Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Counter Strike 1.6 - No Steam (HKLM-x32\...\Counter Strike 1.6 - No Steam) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{711EA7BB-5FF5-487F-8379-46BB5696FE40}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Subway Surfers 1.0 (HKLM-x32\...\Subway Surfers 1.0) (Version: 1.0 - Cat-A-Cat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1781143609-4253824246-3402552693-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1781143609-4253824246-3402552693-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1781143609-4253824246-3402552693-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1781143609-4253824246-3402552693-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\TEMP.Personnel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
30-07-2014 20:59:07 Scheduled Checkpoint
07-08-2014 14:05:35 Scheduled Checkpoint
07-08-2014 15:21:19 working fine after repair 07-08-14
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 10:26 - 2012-07-26 10:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05213C82-B018-4D79-BA67-6FF43FC64ED8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-28] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2D26168F-1196-4207-AD4B-3A98BA4FB71C} - System32\Tasks\{9EDC7624-BBA3-428D-80E0-96B13253C43E} => Chrome.exe http://ui.skype.com/...#38;page=tsMain
Task: {590C7A38-CF22-4559-9668-725C916463CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27] (Google Inc.)
Task: {7B6F83F4-8213-45C0-BDF1-49DDE1ACFC41} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {81E9AA40-E2CC-4201-BB5C-506F72154E84} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {A5B52FA7-67A3-454D-9551-48A8E8DFE8D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-28] (Hewlett-Packard Company)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE7C64BB-FEA3-4613-BEF3-9597C7C4F5C8} - System32\Tasks\{EFD9512C-620D-4898-91D9-DB25CE8DEA56} => Chrome.exe http://ui.skype.com/...#38;page=tsMain
Task: {B0928C06-601F-42FC-AEE2-C79AFF6FE207} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {B3FBE027-F753-4F5C-8231-43AAC02CB056} - System32\Tasks\{8E215037-C081-416A-A670-75BDE342CEA5} => Chrome.exe http://www.skype.com...LastError=12007
Task: {B5AE372B-6EEE-4034-BA69-D8F0EDF33A5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-06] (Hewlett-Packard Company)
Task: {C389A265-15C8-4AA7-9E51-AB16B6168B88} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E10B6395-37C8-446E-8A69-8203EB22867A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {E17C716F-28F1-4BFD-B32A-C3119E3E3BB4} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FB0E9FF9-9D28-420B-9392-943E434BFD44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27] (Google Inc.)
Task: {FC954994-8CF8-4E4D-90D5-0D677F317E9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-13 05:22 - 2012-10-13 05:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-13 05:22 - 2012-10-13 05:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-13 05:22 - 2012-10-13 05:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2012-09-28 11:44 - 2012-09-28 11:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-18 14:34 - 2013-07-18 14:34 - 00120224 _____ () C:\Users\TEMP.Personnel\AppData\Local\assembly\dl3\5OAPZH2Q.8EW\3MOAPCHT.YCN\18f9a81a\008b7bc6_d8a8cd01\HPItunesModule.DLL
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-22 19:30 - 2014-02-22 19:30 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll
2013-01-29 16:59 - 2012-06-26 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-05 14:45 - 2014-02-05 14:41 - 00207872 __RSH () C:\Users\TEMP.Personnel\AppData\Roaming\glister\nvm.dll
2014-07-18 17:16 - 2014-07-15 14:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 17:16 - 2014-07-15 14:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 17:16 - 2014-07-15 14:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 17:16 - 2014-07-15 14:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 17:16 - 2014-07-15 14:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "vProt"
HKCU\...\StartupApproved\Run: => "uTorrent"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "Google+ Auto Backup"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/08/2014 04:17:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (08/07/2014 08:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x501b7575
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf8d9
Exception code: 0xc0000005
Fault offset: 0x0015948b
Faulting process id: 0xf4c
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
 
Error: (08/07/2014 08:21:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1781143609-4253824246-3402552693-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {4f19562f-ea7a-43e3-90ad-0c96343e8b64}
 
Error: (08/07/2014 07:05:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1781143609-4253824246-3402552693-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3589a05b-ab00-4dd9-b290-ab09c2aacdcb}
 
Error: (08/07/2014 00:41:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6609
 
Error: (08/07/2014 00:41:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6609
 
Error: (08/07/2014 00:41:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/07/2014 00:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5375
 
Error: (08/07/2014 00:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5375
 
Error: (08/07/2014 00:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (08/06/2014 00:18:09 AM) (Source: DCOM) (EventID: 10001) (User: PERSONNEL)
Description: "C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store2Windows.StoreUnavailableUnavailable
 
Error: (08/05/2014 06:50:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (08/05/2014 06:49:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (08/05/2014 06:49:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (08/04/2014 07:56:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (08/04/2014 07:55:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (08/04/2014 07:55:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (08/04/2014 07:37:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (08/04/2014 07:37:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
Error: (08/04/2014 07:36:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 45%
Total physical RAM: 3985.27 MB
Available physical RAM: 2153.02 MB
Total Pagefile: 4689.27 MB
Available Pagefile: 2762.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:362.94 GB) (Free:282.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.17 GB) (Free:2.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (data) (Fixed) (Total:79.87 GB) (Free:54.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C2C9F703)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
I am also attaching MBR.zip for your reference.Attached File  MBR.zip   144bytes   45 downloads
 
Please let me know what are the next steps. Hoping to resolve this swiftly.
 
Regards,
galaxy



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 August 2014 - 08:11 PM

Hi galaxy,

Please be advised ALL tools need to be run directly from the Desktop.

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent / BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • uTorrent / BitTorrent

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch....=homepage&v=1_0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:


  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 galaxy

galaxy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 12 August 2014 - 12:16 PM

Hey OCD,

 

Please find the results below:

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-08-2014
Ran by PersonnelPC at 2014-08-12 22:34:20 Run:1
Running from C:\Users\TEMP.Personnel\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch....=homepage&v=1_0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
 
==== End of Fixlog ====
 
 
AdwCleaner[S0].txt
 
# AdwCleaner v3.304 - Report created 12/08/2014 at 22:45:34
# Updated 08/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : PersonnelPC - PERSONNEL
# Running from : C:\Users\TEMP.Personnel\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\TEMP.Personnel\AppData\Local\AVG Secure Search
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\TEMP~1.PER\AppData\Local\Temp\Uninstall.exe
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : GoforFilesUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vuescan_RASAPI32
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
 
-\\ Mozilla Firefox v32.0 (x86 en-US)
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5993 octets] - [11/08/2014 23:04:40]
AdwCleaner[R1].txt - [5583 octets] - [12/08/2014 22:40:12]
AdwCleaner[S0].txt - [5694 octets] - [12/08/2014 22:45:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5754 octets] ##########
 
JRT.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by PersonnelPC on Tue 08/12/2014 at 22:55:37.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8BD39743-B836-4A60-8063-486CE254BA32}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8BD39743-B836-4A60-8063-486CE254BA32}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\TEMP.Personnel\AppData\Roaming\mozilla\firefox\profiles\qhhjxycq.default\minidumps [13 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/12/2014 at 23:09:51.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
new FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-08-2014
Ran by PersonnelPC (administrator) on PERSONNEL on 12-08-2014 23:10:41
Running from C:\Users\TEMP.Personnel\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-06-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Yahoo Messenger] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [uTorrent] => C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\TEMP.Personnel\AppData\Roaming\glister\nvm.dll"
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [Google+ Auto Backup] => C:\Users\TEMP.Personnel\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: G - "G:\autorun.exe" 
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: H - "H:\autorun.exe" 
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\MountPoints2: {48bf6839-1683-11e4-bf5c-d89d677f9b55} - "G:\AutoRun.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 127.0.0.1:6006
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - {8BD39743-B836-4A60-8063-486CE254BA32} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01086B81-491B-473D-AADE-BB9FA298A9FF}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TEMP.Personnel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\TEMP.Personnel\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Test Pilot - C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-09-20]
FF Extension: Adblock Plus - C:\Users\TEMP.Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\qhhjxycq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\TEMP.Personnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-13] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-06] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 23:10 - 2014-08-12 23:10 - 00014706 _____ () C:\Users\TEMP.Personnel\Desktop\FRST.txt
2014-08-12 22:55 - 2014-08-12 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:53 - 2014-08-12 22:53 - 01016261 _____ (Thisisu) C:\Users\TEMP.Personnel\Desktop\JRT.exe
2014-08-12 22:47 - 2014-08-12 22:47 - 00000314 _____ () C:\Windows\PFRO.log
2014-08-12 22:32 - 2014-08-12 22:32 - 02099712 _____ (Farbar) C:\Users\TEMP.Personnel\Desktop\FRST64.exe
2014-08-12 20:22 - 2014-08-12 20:35 - 138838967 _____ () C:\Users\TEMP.Personnel\Desktop\balam-pichkari-Muskurahat.Com.wmv
2014-08-11 23:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-11 23:04 - 2014-08-12 22:46 - 00000000 ____D () C:\AdwCleaner
2014-08-11 22:59 - 2014-08-11 23:03 - 01366203 _____ () C:\Users\TEMP.Personnel\Downloads\AdwCleaner.exe
2014-08-09 20:18 - 2014-08-09 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-08 22:52 - 2014-08-08 22:52 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Entertainment (2014) DVDScr -X264- 1CD- Team IcTv Exclsuive
2014-08-08 22:48 - 2014-08-08 22:48 - 00015582 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]it.s.entertainment.2014.dvdscr.x264.1cd.team.ictv.exclsuive.torrent
2014-08-08 16:28 - 2014-08-12 23:10 - 00000000 ____D () C:\FRST
2014-08-07 23:09 - 2014-08-07 23:09 - 00014702 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.2012.dvdrip.xvid.torrent
2014-08-07 23:09 - 2014-08-07 23:09 - 00014702 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.2012.dvdrip.xvid (1).torrent
2014-08-07 23:07 - 2014-08-07 23:07 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Just Cause [Multi2][PC]
2014-08-07 20:33 - 2014-08-07 20:33 - 00012040 _____ () C:\Users\TEMP.Personnel\Downloads\hijackthis.log
2014-08-07 20:32 - 2014-08-07 20:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\TEMP.Personnel\Downloads\HiJackThis.exe
2014-08-07 20:29 - 2014-08-12 23:10 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\Fix Tools
2014-08-07 12:17 - 2014-08-07 12:17 - 00016616 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.dvdrip.xvid.1cdrip.ddr.torrent
2014-08-06 04:34 - 2014-08-06 04:34 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\ZqWare
2014-08-06 04:30 - 2014-08-06 04:30 - 00780456 _____ ( ) C:\Users\TEMP.Personnel\Downloads\Surfing-Tunnel_1.7.0.exe
2014-08-06 04:08 - 2014-08-06 04:15 - 00000000 ____D () C:\Program Files (x86)\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-06 04:07 - 2014-08-06 04:07 - 01166613 _____ () C:\Users\TEMP.Personnel\Downloads\ultravpn-install.exe
2014-08-06 03:41 - 2014-08-06 03:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\TEMP.Personnel\Downloads\rkill.com
2014-08-06 03:29 - 2014-08-06 03:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 03:29 - 2014-08-06 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-06 03:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 03:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-06 03:23 - 2014-08-06 03:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TEMP.Personnel\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 03:09 - 2014-08-06 03:10 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup (1).exe
2014-08-06 03:08 - 2014-08-06 03:08 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-08-06 03:07 - 2014-08-06 03:08 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup.exe
2014-07-30 15:43 - 2014-07-30 15:43 - 00028629 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]just.cause.multi2.pc.torrent
2014-07-30 15:40 - 2014-07-30 15:40 - 00098712 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]omar.series.mbc.bluray.720p.all.episodes.1.30.english.subtitl.torrent
2014-07-30 15:40 - 2014-07-30 15:40 - 00098712 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]omar.series.mbc.bluray.720p.all.episodes.1.30.english.subtitl (1).torrent
2014-07-29 10:55 - 2014-08-10 15:29 - 00001693 _____ () C:\Windows\setupact.log
2014-07-29 10:55 - 2014-07-29 10:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 22:49 - 2014-07-28 22:49 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 22:49 - 2014-07-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-28 22:49 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-28 22:49 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-28 22:49 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-28 22:49 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-28 16:19 - 2014-08-12 23:08 - 01255122 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 05:03 - 2014-07-28 05:03 - 00033322 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.pc.game.nosteam.torrent
2014-07-28 04:49 - 2014-07-28 04:49 - 00015529 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]counter.strike.global.offensive.pc.game.mp.sp.nosteam.torrent
2014-07-28 04:49 - 2014-07-28 04:49 - 00013107 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.crack.v5.final.3dm.torrent
2014-07-28 04:04 - 2014-07-28 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 21:41 - 2014-07-27 23:12 - 839031107 ____R () C:\Users\TEMP.Personnel\Downloads\Hate.Story.2.2014.720p.DVDSCR.800MB.ShAaNiG.com.mkv
2014-07-26 01:48 - 2014-07-26 01:56 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\KICK (2014) [1CD] DVDSCR Rip Xvid Mp3 TeamTNT Exclusive
2014-07-13 01:38 - 2014-07-13 01:38 - 00423608 _____ () C:\Windows\system32\FNTCACHE.DAT
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 23:11 - 2014-08-12 23:10 - 00014706 _____ () C:\Users\TEMP.Personnel\Desktop\FRST.txt
2014-08-12 23:11 - 2013-03-27 18:16 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 23:10 - 2014-08-08 16:28 - 00000000 ____D () C:\FRST
2014-08-12 23:10 - 2014-08-07 20:29 - 00000000 ____D () C:\Users\TEMP.Personnel\Desktop\Fix Tools
2014-08-12 23:10 - 2014-02-13 21:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 23:08 - 2014-07-28 16:19 - 01255122 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 23:00 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-12 22:59 - 2014-02-05 14:45 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\glister
2014-08-12 22:55 - 2014-08-12 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:55 - 2013-07-18 14:30 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7143298-5460-4070-8BD2-DB84241D0F0F}
2014-08-12 22:54 - 2012-07-26 12:28 - 00942994 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 22:53 - 2014-08-12 22:53 - 01016261 _____ (Thisisu) C:\Users\TEMP.Personnel\Desktop\JRT.exe
2014-08-12 22:48 - 2013-03-27 18:16 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 22:48 - 2012-07-26 12:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 22:47 - 2014-08-12 22:47 - 00000314 _____ () C:\Windows\PFRO.log
2014-08-12 22:47 - 2012-07-26 10:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-12 22:46 - 2014-08-11 23:04 - 00000000 ____D () C:\AdwCleaner
2014-08-12 22:32 - 2014-08-12 22:32 - 02099712 _____ (Farbar) C:\Users\TEMP.Personnel\Desktop\FRST64.exe
2014-08-12 22:21 - 2013-08-08 18:48 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\vlc
2014-08-12 20:35 - 2014-08-12 20:22 - 138838967 _____ () C:\Users\TEMP.Personnel\Desktop\balam-pichkari-Muskurahat.Com.wmv
2014-08-12 19:28 - 2012-07-26 12:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-12 15:54 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-11 23:03 - 2014-08-11 22:59 - 01366203 _____ () C:\Users\TEMP.Personnel\Downloads\AdwCleaner.exe
2014-08-11 04:21 - 2013-07-18 15:13 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Skype
2014-08-10 17:46 - 2013-08-27 19:05 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent
2014-08-10 15:29 - 2014-07-29 10:55 - 00001693 _____ () C:\Windows\setupact.log
2014-08-10 15:24 - 2014-02-13 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-10 02:35 - 2013-07-18 14:26 - 00000000 ____D () C:\Users\TEMP.Personnel
2014-08-09 20:19 - 2014-08-09 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-08 22:52 - 2014-08-08 22:52 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Entertainment (2014) DVDScr -X264- 1CD- Team IcTv Exclsuive
2014-08-08 22:48 - 2014-08-08 22:48 - 00015582 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]it.s.entertainment.2014.dvdscr.x264.1cd.team.ictv.exclsuive.torrent
2014-08-08 16:50 - 2013-03-17 01:33 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1781143609-4253824246-3402552693-1001
2014-08-08 09:14 - 2013-03-17 01:23 - 00000000 ____D () C:\Users\PersonnelPC
2014-08-08 09:13 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\registration
2014-08-07 23:09 - 2014-08-07 23:09 - 00014702 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.2012.dvdrip.xvid.torrent
2014-08-07 23:09 - 2014-08-07 23:09 - 00014702 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.2012.dvdrip.xvid (1).torrent
2014-08-07 23:07 - 2014-08-07 23:07 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Just Cause [Multi2][PC]
2014-08-07 20:54 - 2013-08-17 01:34 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-08-07 20:54 - 2013-08-17 01:34 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-08-07 20:33 - 2014-08-07 20:33 - 00012040 _____ () C:\Users\TEMP.Personnel\Downloads\hijackthis.log
2014-08-07 20:33 - 2013-07-18 14:30 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Local\VirtualStore
2014-08-07 20:32 - 2014-08-07 20:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\TEMP.Personnel\Downloads\HiJackThis.exe
2014-08-07 18:02 - 2014-06-06 16:20 - 00000000 ___HD () C:\Users\TEMP.Personnel\Downloads\.picasaoriginals
2014-08-07 18:02 - 2014-03-31 19:16 - 00000593 ____H () C:\Users\TEMP.Personnel\Downloads\.picasa.ini
2014-08-07 12:17 - 2014-08-07 12:17 - 00016616 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]will.you.marry.me.dvdrip.xvid.1cdrip.ddr.torrent
2014-08-06 04:34 - 2014-08-06 04:34 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\ZqWare
2014-08-06 04:30 - 2014-08-06 04:30 - 00780456 _____ ( ) C:\Users\TEMP.Personnel\Downloads\Surfing-Tunnel_1.7.0.exe
2014-08-06 04:15 - 2014-08-06 04:08 - 00000000 ____D () C:\Program Files (x86)\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVPN
2014-08-06 04:08 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-06 04:07 - 2014-08-06 04:07 - 01166613 _____ () C:\Users\TEMP.Personnel\Downloads\ultravpn-install.exe
2014-08-06 03:42 - 2014-08-06 03:41 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\TEMP.Personnel\Downloads\rkill.com
2014-08-06 03:30 - 2014-08-06 03:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 03:29 - 2014-08-06 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 03:28 - 2014-08-06 03:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 03:27 - 2014-08-06 03:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TEMP.Personnel\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 03:27 - 2013-04-23 18:23 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-06 03:27 - 2013-04-23 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-06 03:10 - 2014-08-06 03:09 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup (1).exe
2014-08-06 03:08 - 2014-08-06 03:08 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-08-06 03:08 - 2014-08-06 03:07 - 00749592 _____ () C:\Users\TEMP.Personnel\Downloads\GetPrivateSetup.exe
2014-08-06 03:08 - 2013-01-29 17:03 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-07-30 15:43 - 2014-07-30 15:43 - 00028629 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]just.cause.multi2.pc.torrent
2014-07-30 15:40 - 2014-07-30 15:40 - 00098712 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]omar.series.mbc.bluray.720p.all.episodes.1.30.english.subtitl.torrent
2014-07-30 15:40 - 2014-07-30 15:40 - 00098712 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]omar.series.mbc.bluray.720p.all.episodes.1.30.english.subtitl (1).torrent
2014-07-29 10:55 - 2014-07-29 10:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 22:50 - 2013-11-27 13:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-28 22:49 - 2014-07-28 22:49 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 22:49 - 2014-07-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-28 22:49 - 2013-08-10 23:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-28 05:03 - 2014-07-28 05:03 - 00033322 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.pc.game.nosteam.torrent
2014-07-28 04:49 - 2014-07-28 04:49 - 00015529 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]counter.strike.global.offensive.pc.game.mp.sp.nosteam.torrent
2014-07-28 04:49 - 2014-07-28 04:49 - 00013107 _____ () C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.crack.v5.final.3dm.torrent
2014-07-28 04:04 - 2014-07-28 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 01:36 - 2014-03-24 16:41 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\Updated CV with address
2014-07-28 00:19 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-27 23:12 - 2014-07-27 21:41 - 839031107 ____R () C:\Users\TEMP.Personnel\Downloads\Hate.Story.2.2014.720p.DVDSCR.800MB.ShAaNiG.com.mkv
2014-07-27 01:37 - 2012-07-26 13:12 - 00000000 ____D () C:\Windows\rescache
2014-07-26 01:56 - 2014-07-26 01:48 - 00000000 ____D () C:\Users\TEMP.Personnel\Downloads\KICK (2014) [1CD] DVDSCR Rip Xvid Mp3 TeamTNT Exclusive
2014-07-18 17:16 - 2014-02-19 19:13 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-13 01:38 - 2014-07-13 01:38 - 00423608 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Some content of TEMP:
====================
C:\Users\PersonnelPC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\Quarantine.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TEMP.Personnel\AppData\Local\Temp\SRLDetectionLibrary3613883571079857827.dll
C:\Users\TEMP.Personnel\AppData\Local\Temp\vlc-2.1.5-win64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-10 14:12
 
==================== End Of Log ============================
 
Please let me know what needs to be done next.
 
Regards,
galaxy
 


#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 August 2014 - 01:58 PM

Hi galaxy,

What are your plans with regards to uTorrent / BitTorrent?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 galaxy

galaxy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 13 August 2014 - 12:25 AM

Hi OCD,

 

Definitely deleting them. Not using them anyway. Should I delete them now or should i wait till the end of the fixing?

 

Regards,

galaxy



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 August 2014 - 12:44 AM

Hi galaxy,

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • uTorrent / Bittorrent

=========================

We do not support the use of illegal Pirated/Warez/Cracked software .

  • Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime.
  • Therefore you will be asked to remove any cracked programs and in the case of your operating system, to obtain a valid licensed copy.
  • You will be asked to remove any such software before receiving any help.

C:\Users\TEMP.Personnel\Downloads\[kickass.to]fifa.14.crack.v5.final.3dm.torrent

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 

HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [uTorrent] => C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
2014-08-10 17:46 - 2013-08-27 19:05 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • Fixlog.txt
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 August 2014 - 08:26 AM

Hi galaxy,

Just checking in to see if you still need help?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 galaxy

galaxy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 17 August 2014 - 07:15 AM

Hi OCD,

 

Please give me a couple of days to post the results. Thanks for the patience. I have just been very busy with work commitments but I should be able to post the results tonight.

 

Regards,

galaxy


    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 August 2014 - 08:10 AM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 galaxy

galaxy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 21 August 2014 - 04:35 AM

OCD,

 

Utorrent has been removed.

 

The ESET scan hasn't gone too well mainly because it takes too long and i am not able to be connecting to power for so long due to my limitations. anyway, I will keep trying and will post it as soon as I can.

 

No malicious items were found in MBAM so no report was generated.

 

Please find the results of Fixlog below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by PersonnelPC at 2014-08-19 02:13:11 Run:2
Running from C:\Users\TEMP.Personnel\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\...\Run: [uTorrent] => C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
2014-08-10 17:46 - 2013-08-27 19:05 - 00000000 ____D () C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent
*****************
 
HKU\S-1-5-21-1781143609-4253824246-3402552693-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value not found.
C:\Users\TEMP.Personnel\AppData\Roaming\uTorrent => Moved successfully.
 
==== End of Fixlog ====


#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 August 2014 - 08:22 AM

Hi galaxy,
 

The ESET scan hasn't gone too well mainly because it takes too long and i am not able to be connecting to power for so long due to my limitations

 

You can try this online scanner, it doesn't take quite as long to run a scan.

bullseye_zpse9eaf36e.gif TrendMicro HouseCall Online Scanner

  • Go to http://housecall.trendmicro.com/
  • Download HouseCall - Free Online Scanner
  • Select get HouseCall Now, save the file to your computer.
  • Double-click to launch HouseCall
  • Click Yes for the UAC
  • Click the Scan Now button
  • Fix any problems found
  • Copy and paste the results in your next reply

=========================

In your next post please provide the following:

  • HouseCall results

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 galaxy

galaxy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 21 August 2014 - 05:02 PM

OCD,

 

I have managed to run ESET this time. Please find the results below for ESET.

 

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\TEMP.Personnel\Downloads\Surfing-Tunnel_1.7.0.exe a variant of Win32/InstallCore.PZ potentially unwanted application deleted - quarantined
F:\absar\New folder\pc backup\my pc back up\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
F:\absar\New folder\pc backup\my pc back up\DriverUpdaterSetup-2.0.0.4701.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
F:\absar\office data old harddisk created on 11262013\Local Disk\FoxitReader514.0104_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
F:\absar\office data old harddisk created on 11262013\Local Disk\Local Disk\FoxitReader514.0104_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
F:\absar\usbdata copied on 11262013\80 gb drive e SOFTWARE\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
F:\absar\usbdata copied on 11262013\80 gb drive e SOFTWARE\DAEMONToolsUltra110-0103.exe Win32/DownWare.L potentially unwanted application deleted - quarantined
F:\absar\usbdata copied on 11262013\80 gb drive e SOFTWARE\my pc back up\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
F:\absar\usbdata copied on 11262013\80 gb drive e SOFTWARE\my pc back up\DriverUpdaterSetup-2.0.0.4701.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
F:\absar\usbdata copied on 11262013\New folder\usb data copied on 1200 hours 11-12-2013\uammar usb\office doc\FoxitReader514.0104_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined


#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 August 2014 - 08:30 PM

Hi galaxy,

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • FRST.txt
  • How is the computer running at the moment, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users