Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please assist me in deleting a VBS from my Flash Drive [Closed]


  • This topic is locked This topic is locked

#1
silentarts

silentarts

    Member

  • Member
  • PipPipPip
  • 171 posts
I can't delete it. I've tried over and over again but it when I refresh it it is there again. It can't be detected by anti virus. How do I remove it?

I used USBFix.exe and it created two log files; one for Recovery and one for Listing.

PS: I also disabled the AutoRun Feature by Downloading Microsoft Fix It 50471.

---------------------------------------------------------------------------------------------------------------------------------------------------


Recovery Log file

############################## | UsbFix V 7.152 | [Research]

User: user (Administrator) # USER-HP
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 14:48:22 | 03/12/2013

Website : http://www.en.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus....oad_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Hewlett-Packard (169B)
CPU: AMD A4-3300M APU with Radeon™ HD Graphics
RAM -> [Total : 3563 | Free : 1808]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16686
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 451 Gb (356 Mb free - 79%) [] # NTFS
D:\ -> Fixed drive # 15 Gb (2 Mb free - 11%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [Sameer] # NTFS

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID: 412 |ParentID: 376)
C:\Windows\system32\wininit.exe (ID: 488 |ParentID: 376)
C:\Windows\system32\csrss.exe (ID: 520 |ParentID: 496)
C:\Windows\system32\services.exe (ID: 552 |ParentID: 488)
C:\Windows\system32\lsass.exe (ID: 568 |ParentID: 488)
C:\Windows\system32\lsm.exe (ID: 576 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 680 |ParentID: 552)
C:\Windows\system32\winlogon.exe (ID: 748 |ParentID: 496)
C:\Windows\system32\svchost.exe (ID: 820 |ParentID: 552)
C:\Windows\System32\svchost.exe (ID: 948 |ParentID: 552)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 352 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 380 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 1304 |ParentID: 552)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1400 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 1700 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 3052 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 2640 |ParentID: 552)
C:\Windows\system32\Dwm.exe (ID: 3512 |ParentID: 996)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4744 |ParentID: 1292)
C:\Windows\System32\svchost.exe (ID: 4560 |ParentID: 552)
C:\Windows\explorer.exe (ID: 2552 |ParentID: 748)
C:\Windows\System32\WUDFHost.exe (ID: 5540 |ParentID: 996)
C:\Windows\System32\rundll32.exe (ID: 5096 |ParentID: 680)
C:\Windows\system32\DllHost.exe (ID: 4324 |ParentID: 680)
C:\Windows\system32\SearchIndexer.exe (ID: 4456 |ParentID: 552)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3872 |ParentID: 552)
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID: 3692 |ParentID: 552)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3280 |ParentID: 2552)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4660 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4016 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4248 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4624 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 236 |ParentID: 3280)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1576 |ParentID: 552)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 836 |ParentID: 1576)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 496 |ParentID: 3280)
C:\Windows\system32\taskeng.exe (ID: 1580 |ParentID: 380)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3472 |ParentID: 4456)
C:\Windows\explorer.exe (ID: 5232 |ParentID: 680)
C:\Windows\system32\SearchFilterHost.exe (ID: 872 |ParentID: 4456)
C:\UsbFix\Go.exe (ID: 5136 |ParentID: 428)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4800 |ParentID: 680)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS5.5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe /check
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5.5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [AdobeBridge] -
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Facebook Update] - "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\user\AppData\Local\Smartbar\Application\SnapDo.exe startup
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [uTorrent] - "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [RocketDock] - "C:\Program Files (x86)\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [MICROS~1] - wscript.exe //B "C:\Users\user\AppData\Local\Temp\MICROS~1.VBS"
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Found ! C:\Users\user\AppData\Roaming\BabMaint.exe
Found ! C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Found ! C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Found ! G:\MICROS~1.VBS
Found ! G:\AAS LAB REPORT-karishma gobin.lnk
Found ! G:\APPENDIX.lnk
Found ! G:\AstroQuiz Presentations 2012.lnk
Found ! G:\celcius-rankin.lnk
Found ! G:\CHNG1000 [bleep] 2 13-14.lnk
Found ! G:\club_application.lnk
Found ! G:\Corrosion Studies Diagram.lnk
Found ! G:\Creep Results 5.lnk
Found ! G:\Creep Results 51.lnk
Found ! G:\Doc2.lnk
Found ! G:\Economic Evaluation of Projects.lnk
Found ! G:\Maths.lnk
Found ! G:\matlab_guide.lnk
Found ! G:\OCT 10.lnk
Found ! G:\Process Economics Tutorial.lnk
Found ! G:\QUESTIONNAIRE.lnk
Found ! G:\Sameer corrected.lnk
Found ! G:\Sameer.lnk
Found ! G:\sample corrosion studies lab 1.lnk
Found ! G:\sample corrosion studies lab 2.lnk
Found ! G:\SAN FERNANDO GENERAL HOSPITAL DATA.lnk
Found ! G:\Sando 1.lnk
Found ! G:\scimatlab1.lnk
Found ! G:\scimatlab2 (2).lnk
Found ! G:\scimatlab2.lnk
Found ! G:\scimatlab3.lnk
Found ! G:\SCIMATLABRESULTS.lnk
Found ! G:\The G Man.lnk
Found ! G:\TIME2.lnk
Found ! G:\TITLE.lnk
Found ! G:\UNIVERSITY OF THE WEST INDIES.lnk
Found ! G:\UV2.lnk
Found ! G:\VALEDITORY SPEECH.lnk
Found ! D:\desktop.ini

################## | Reference of comparison MD5 |

Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Md5 : E879A5B023C87A551BE8F693E0532C38 -> G:\MICROS~1.VBS
Md5 : CC1A55091FD96BCB624AD791CD15D179 -> C:\Users\user\AppData\Roaming\BabMaint.exe
Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS

################## | Comparison MD5 |

Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Found ! Md5 : CC1A55091FD96BCB624AD791CD15D179 -> C:\Users\user\AppData\Roaming\BabMaint.exe
Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> G:\MICROS~1.VBS

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Found ! HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\Software\Microsoft\Windows\CurrentVersion\Run|MICROS~1
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MICROS~1

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

---------------------------------------------------------------------------------------------------------------------------------------------------

Listing Log File

############################## | UsbFix V 7.152 | [Listing]

User: user (Administrator) # USER-HP
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 15:34:19 | 03/12/2013

Website : http://www.en.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus....oad_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Hewlett-Packard (169B)
CPU: AMD A4-3300M APU with Radeon™ HD Graphics
RAM -> [Total : 3563 | Free : 1866]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16686
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 451 Gb (356 Mb free - 79%) [] # NTFS
D:\ -> Fixed drive # 15 Gb (2 Mb free - 11%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [Sameer] # NTFS

################## | Listing |

[15/07/2012 - 18:03:41 | SHD ] C:\$Recycle.Bin
[30/06/2012 - 11:32:29 | D ] C:\45520063a796f360e041755606f9
[26/06/2012 - 21:20:49 | D ] C:\Adobe Dreamweaver CS5.5
[26/06/2012 - 21:21:31 | D ] C:\Adobe Illustrator CS5.1
[26/06/2012 - 21:23:49 | D ] C:\Adobe Photoshop CS5.1
[17/05/2011 - 17:27:38 | SHD ] C:\boot
[20/11/2010 - 23:23:51 | RASH | 383786] C:\bootmgr
[03/12/2013 - 13:52:12 | SHD ] C:\Config.Msi
[14/07/2009 - 01:08:56 | SHD ] C:\Documents and Settings
[03/12/2013 - 13:16:21 | ASH | 2801979392] C:\hiberfil.sys
[27/07/2011 - 11:49:31 | HD ] C:\HP
[29/07/2012 - 22:40:34 | RHD ] C:\MSOCache
[03/12/2013 - 13:16:30 | ASH | 10485760000] C:\pagefile.sys
[03/12/2013 - 10:18:46 | RD ] C:\Program Files
[27/11/2013 - 19:42:21 | RD ] C:\Program Files (x86)
[25/10/2013 - 14:15:14 | HD ] C:\ProgramData
[26/06/2012 - 21:01:32 | SHD ] C:\Recovery
[13/05/2013 - 14:01:43 | D ] C:\SearchProtect
[05/08/2012 - 16:08:55 | D ] C:\SWSetup
[03/12/2013 - 13:52:01 | SHD ] C:\System Volume Information
[26/06/2012 - 21:01:38 | AHD ] C:\SYSTEM.SAV
[03/12/2013 - 15:34:22 | D ] C:\UsbFix
[03/12/2013 - 15:34:22 | A | 2322] C:\UsbFix [Listing 2 ] USER-HP.txt
[03/12/2013 - 15:01:35 | A | 12394] C:\UsbFix [Scan 5] USER-HP.txt
[26/06/2012 - 21:00:53 | RD ] C:\Users
[03/12/2013 - 13:14:50 | D ] C:\Windows
[12/04/2012 - 17:25:39 | SHD ] D:\$RECYCLE.BIN
[24/06/2012 - 16:06:59 | RASH | 0] D:\2208_15140084_MVM_7.tmp
[12/04/2012 - 17:25:32 | RASHD ] D:\boot
[14/07/2009 - 14:39:00 | RASH | 383562] D:\bootmgr
[23/05/2010 - 08:55:46 | RASH | 67] D:\Desktop.ini
[12/04/2012 - 17:25:32 | ASHD ] D:\FactoryUpdate
[12/04/2012 - 17:25:32 | RASHD ] D:\hp
[13/04/2012 - 14:20:39 | RASH | 20] D:\HPSF_Rep.txt
[19/08/2012 - 15:39:34 | A | 8] D:\HP_WSD.dat
[31/01/2013 - 20:50:06 | A | 458] D:\Local Disk © - Shortcut.lnk
[12/04/2012 - 17:25:32 | RSHD ] D:\preload
[26/06/2012 - 21:01:38 | RSD ] D:\recovery
[12/04/2012 - 17:25:32 | SHD ] D:\RM_Reserve
[26/06/2012 - 21:18:46 | SHD ] D:\System Volume Information
[08/07/2013 - 23:56:35 | RAD ] E:\VIDEO_TS
[08/07/2013 - 23:56:35 | RAD ] E:\AUDIO_TS
[03/12/2013 - 13:48:28 | A | 800] G:\AAS LAB REPORT-karishma gobin.lnk
[03/12/2013 - 13:48:29 | A | 704] G:\APPENDIX.lnk
[03/12/2013 - 13:48:01 | A | 794] G:\AstroQuiz Presentations 2012.lnk
[03/12/2013 - 13:48:30 | A | 1566] G:\celcius-rankin.lnk
[03/12/2013 - 13:48:31 | A | 1592] G:\CHNG1000 [bleep] 2 13-14.lnk
[03/12/2013 - 13:48:37 | A | 762] G:\club_application.lnk
[03/12/2013 - 13:48:31 | A | 1598] G:\Corrosion Studies Diagram.lnk
[03/12/2013 - 13:48:32 | A | 1576] G:\Creep Results 5.lnk
[03/12/2013 - 13:48:32 | A | 1578] G:\Creep Results 51.lnk
[03/12/2013 - 13:48:32 | A | 1548] G:\Doc2.lnk
[03/12/2013 - 13:48:34 | A | 1614] G:\Economic Evaluation of Projects.lnk
[03/12/2013 - 13:48:37 | A | 740] G:\Maths.lnk
[03/12/2013 - 13:48:34 | A | 1562] G:\matlab_guide.lnk
[25/09/2013 - 08:46:54 | SH | 152739] G:\MICROS~1.VBS
[03/12/2013 - 13:48:37 | A | 746] G:\OCT 10.lnk
[03/12/2013 - 13:48:34 | A | 1600] G:\Process Economics Tutorial.lnk
[03/12/2013 - 13:48:35 | A | 1566] G:\QUESTIONNAIRE.lnk
[03/12/2013 - 13:48:36 | A | 1576] G:\Sameer corrected.lnk
[03/12/2013 - 13:48:36 | A | 1552] G:\Sameer.lnk
[03/12/2013 - 13:48:36 | A | 1616] G:\sample corrosion studies lab 1.lnk
[03/12/2013 - 13:48:36 | A | 1616] G:\sample corrosion studies lab 2.lnk
[03/12/2013 - 13:48:36 | A | 1624] G:\SAN FERNANDO GENERAL HOSPITAL DATA.lnk
[03/12/2013 - 13:48:36 | A | 1558] G:\Sando 1.lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab1.lnk
[03/12/2013 - 13:48:36 | A | 1572] G:\scimatlab2 (2).lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab2.lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab3.lnk
[03/12/2013 - 13:48:36 | A | 1572] G:\SCIMATLABRESULTS.lnk
[03/12/2013 - 13:48:36 | A | 744] G:\The G Man.lnk
[03/12/2013 - 13:48:36 | A | 730] G:\TIME2.lnk
[03/12/2013 - 13:48:36 | A | 730] G:\TITLE.lnk
[03/12/2013 - 13:48:36 | A | 794] G:\UNIVERSITY OF THE WEST INDIES.lnk
[03/12/2013 - 13:48:37 | A | 724] G:\UV2.lnk
[03/12/2013 - 13:48:37 | A | 758] G:\VALEDITORY SPEECH.lnk

################## | E.O.F |


---------------------------------------------------------------------------------------------------------------------------------------------------


FRST.txt Log File from Farbar Recovery Scan Tool


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by user (administrator) on USER-HP on 03-12-2013 15:45:06
Running from C:\Users\user\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-23] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () <===== ATTENTION
HKLM-x32\...\Runonce: [] - [x]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
HKCU\...\Run: [Facebook Update] - C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-15] (Facebook Inc.)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\user\AppData\Local\Smartbar\Application\SnapDo.exe [21024 2013-08-11] (Smartbar)
HKCU\...\Run: [uTorrent] - C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-15] (BitTorrent Inc.)
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () <===== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-03-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-03] (AVAST Software)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.tt/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKLM-x32 - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
URLSearchHook: HKCU - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
SearchScopes: HKLM - {21A09A26-3F3C-4786-97CB-7495A1C6C36A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {812288FF-A2C6-4969-8159-20CAA7C8E863} URL =
SearchScopes: HKLM-x32 - {21A09A26-3F3C-4786-97CB-7495A1C6C36A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheri...q={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...5-78E3B5573047}
SearchScopes: HKCU - DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.ividi....&affilt=3&r=632
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {21A09A26-3F3C-4786-97CB-7495A1C6C36A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.ividi....&affilt=3&r=632
SearchScopes: HKCU - {C8D40D51-543F-4D33-9583-9229A879D2FA} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...5-78E3B5573047}
SearchScopes: HKCU - {F985A1B2-1DD8-4733-B868-A3B9557EC9C7} URL = http://www.bing.com/...rchTerms}&r=147
BHO: hosts - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho64.dll (Irismedia)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Setup1 - {11111111-1111-1111-1111-110111091189} - C:\Program Files (x86)\Setup1\Setup1.dll (Fatmir Miftari)
BHO-x32: hosts - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll (Irismedia)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Fast Search - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-17] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.1.104.35 200.1.104.36 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\user.js
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.ividi.org/?src=tbhp&id=a247b50d00000000000078e3b5573047&affilt=3
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\user\Desktop\null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\express-files-customized-web-search.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: hosts - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\[email protected]09d438e81.com
FF Extension: Setup1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\[email protected]
FF Extension: ftdownloader2 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\[email protected]
FF Extension: gophoto - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\user\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-03] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-12-03] (WildTangent)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [808728 2013-11-29] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-03] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-03] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-03] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 15:45 - 2013-12-03 15:46 - 00025692 _____ C:\Users\user\Downloads\FRST.txt
2013-12-03 15:44 - 2013-12-03 15:44 - 00000000 ____D C:\FRST
2013-12-03 15:42 - 2013-12-03 15:43 - 01959614 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-03 15:34 - 2013-12-03 15:34 - 00005440 _____ C:\UsbFix [Listing 2 ] USER-HP.txt
2013-12-03 14:48 - 2013-12-03 15:01 - 00012394 _____ C:\UsbFix [Scan 5] USER-HP.txt
2013-12-03 13:53 - 2013-12-03 15:34 - 00000000 ____D C:\UsbFix
2013-12-03 13:52 - 2013-12-03 13:52 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\user\Desktop\UsbFix.exe
2013-12-03 13:51 - 2013-12-03 13:51 - 00655360 _____ C:\Users\user\Downloads\MicrosoftFixit50471.msi
2013-12-03 13:48 - 2013-12-03 13:48 - 00000000 ____D C:\Users\user\Desktop\Flash Drive Files
2013-12-03 13:23 - 2013-12-03 13:23 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2013-12-03 13:15 - 2013-12-03 13:15 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-03 10:18 - 2013-12-03 10:18 - 00003702 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\KMSpico
2013-12-03 09:22 - 2013-12-03 09:25 - 00000000 ____D C:\Users\user\Desktop\Projects
2013-11-28 21:33 - 2013-12-03 13:22 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job
2013-11-28 21:33 - 2013-12-02 21:37 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_user.job
2013-11-28 21:33 - 2013-12-02 19:35 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_user.job
2013-11-27 20:21 - 2013-11-27 20:21 - 00060460 _____ C:\Users\user\Downloads\The Role of a Chemical Engineer.pptx
2013-11-26 00:05 - 2013-11-26 00:05 - 00123392 _____ C:\Users\user\Downloads\1180-marks-2013 (1).xls
2013-11-25 23:09 - 2013-11-25 23:09 - 00248924 _____ C:\Users\user\Downloads\Applications for Comm Presentation.pptx
2013-11-25 23:09 - 2013-11-25 23:09 - 00048329 _____ C:\Users\user\Downloads\MATAINENCE OF CENTRIFUGAL PUMPS.pptx
2013-11-25 22:34 - 2013-11-25 22:34 - 03199096 _____ C:\Users\user\Downloads\centrifugal pumps pp (1).pptx
2013-11-25 21:51 - 2013-11-25 21:51 - 03205132 _____ C:\Users\user\Downloads\centrifugal pumps pp.pptx
2013-11-25 16:06 - 2013-11-25 14:49 - 00489256 _____ C:\Users\user\Documents\centrifugal pumps pp.pptx
2013-11-17 23:30 - 2013-11-17 23:30 - 00021423 _____ C:\Users\user\Documents\Book1.xlsx
2013-11-15 20:31 - 2013-11-16 07:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 22:24 - 2013-11-13 22:26 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_30EF
2013-11-12 22:23 - 2013-11-12 22:23 - 00121344 _____ C:\Users\user\Downloads\1180-marks-2013.xls
2013-11-08 22:15 - 2013-11-11 20:08 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_3CFE
2013-11-08 21:32 - 2013-11-08 21:32 - 00183146 _____ C:\Users\user\Downloads\sample corrosion studies.zip
2013-11-06 17:57 - 2013-11-29 19:24 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-06 06:57 - 2013-11-06 06:57 - 00345208 _____ C:\Windows\Minidump\110613-21325-01.dmp
2013-11-05 19:42 - 2013-11-07 10:59 - 00070030 _____ C:\Users\user\Downloads\Economic Evaluation of Projects.xlsx

==================== One Month Modified Files and Folders =======

2013-12-03 15:46 - 2013-12-03 15:45 - 00025692 _____ C:\Users\user\Downloads\FRST.txt
2013-12-03 15:44 - 2013-12-03 15:44 - 00000000 ____D C:\FRST
2013-12-03 15:44 - 2012-07-07 10:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 15:43 - 2013-12-03 15:42 - 01959614 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-03 15:40 - 2011-07-27 11:35 - 01766068 _____ C:\Windows\WindowsUpdate.log
2013-12-03 15:34 - 2013-12-03 15:34 - 00005440 _____ C:\UsbFix [Listing 2 ] USER-HP.txt
2013-12-03 15:34 - 2013-12-03 13:53 - 00000000 ____D C:\UsbFix
2013-12-03 15:30 - 2013-06-15 09:01 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA.job
2013-12-03 15:01 - 2013-12-03 14:48 - 00012394 _____ C:\UsbFix [Scan 5] USER-HP.txt
2013-12-03 14:47 - 2012-06-26 21:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 14:15 - 2011-05-17 15:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-12-03 13:52 - 2013-12-03 13:52 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\user\Desktop\UsbFix.exe
2013-12-03 13:52 - 2013-09-17 17:20 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-12-03 13:51 - 2013-12-03 13:51 - 00655360 _____ C:\Users\user\Downloads\MicrosoftFixit50471.msi
2013-12-03 13:48 - 2013-12-03 13:48 - 00000000 ____D C:\Users\user\Desktop\Flash Drive Files
2013-12-03 13:26 - 2009-07-14 01:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 13:23 - 2013-12-03 13:23 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2013-12-03 13:22 - 2013-11-28 21:33 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job
2013-12-03 13:22 - 2012-06-26 21:31 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 13:22 - 2009-07-14 00:45 - 00036128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 13:22 - 2009-07-14 00:45 - 00036128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 13:16 - 2013-10-14 09:03 - 00032760 _____ C:\Windows\PFRO.log
2013-12-03 13:16 - 2013-09-25 10:23 - 00009590 _____ C:\Windows\setupact.log
2013-12-03 13:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 13:15 - 2013-12-03 13:15 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-03 13:15 - 2012-07-14 07:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-03 13:14 - 2013-06-09 12:25 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-03 13:14 - 2013-06-09 12:25 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-03 13:14 - 2012-06-26 21:31 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-03 13:14 - 2012-06-26 21:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-03 13:07 - 2012-06-26 21:30 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-03 13:06 - 2012-06-26 21:31 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-12-03 10:18 - 2013-12-03 10:18 - 00003702 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\KMSpico
2013-12-03 09:25 - 2013-12-03 09:22 - 00000000 ____D C:\Users\user\Desktop\Projects
2013-12-03 09:06 - 2013-06-15 09:01 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core.job
2013-12-02 21:37 - 2013-11-28 21:33 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_user.job
2013-12-02 21:36 - 2012-06-26 21:07 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7055F76A-DE65-4A14-A7E1-D80E94C3FEA5}
2013-12-02 21:29 - 2013-08-27 11:06 - 01005568 ___SH C:\Users\user\Downloads\Thumbs.db
2013-12-02 19:35 - 2013-11-28 21:33 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_user.job
2013-12-02 05:59 - 2013-09-20 22:12 - 00004964 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for user-HP-user user-HP
2013-12-01 20:35 - 2012-10-06 06:44 - 00172544 ___SH C:\Users\user\Documents\Thumbs.db
2013-11-29 19:24 - 2013-11-06 17:57 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-29 19:24 - 2013-10-23 21:10 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-29 07:00 - 2012-11-12 15:02 - 00000000 ____D C:\Users\user\Documents\Microsoft items
2013-11-27 20:21 - 2013-11-27 20:21 - 00060460 _____ C:\Users\user\Downloads\The Role of a Chemical Engineer.pptx
2013-11-27 19:42 - 2012-06-26 21:31 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-27 19:42 - 2012-06-26 21:31 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 13:17 - 2012-06-26 21:07 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-26 00:05 - 2013-11-26 00:05 - 00123392 _____ C:\Users\user\Downloads\1180-marks-2013 (1).xls
2013-11-25 23:09 - 2013-11-25 23:09 - 00248924 _____ C:\Users\user\Downloads\Applications for Comm Presentation.pptx
2013-11-25 23:09 - 2013-11-25 23:09 - 00048329 _____ C:\Users\user\Downloads\MATAINENCE OF CENTRIFUGAL PUMPS.pptx
2013-11-25 22:34 - 2013-11-25 22:34 - 03199096 _____ C:\Users\user\Downloads\centrifugal pumps pp (1).pptx
2013-11-25 21:51 - 2013-11-25 21:51 - 03205132 _____ C:\Users\user\Downloads\centrifugal pumps pp.pptx
2013-11-25 14:49 - 2013-11-25 16:06 - 00489256 _____ C:\Users\user\Documents\centrifugal pumps pp.pptx
2013-11-24 13:04 - 2012-07-31 16:27 - 00000000 ____D C:\Users\user\Documents\Youcam
2013-11-22 23:16 - 2012-06-26 22:07 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-11-19 19:17 - 2013-10-24 21:14 - 00000000 ____D C:\Users\user\Desktop\New folder
2013-11-18 09:27 - 2012-12-30 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 23:30 - 2013-11-17 23:30 - 00021423 _____ C:\Users\user\Documents\Book1.xlsx
2013-11-16 07:48 - 2013-11-15 20:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 22:26 - 2013-11-13 22:24 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_30EF
2013-11-13 16:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-13 06:39 - 2013-09-16 22:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-12 22:23 - 2013-11-12 22:23 - 00121344 _____ C:\Users\user\Downloads\1180-marks-2013.xls
2013-11-12 21:43 - 2012-07-15 17:35 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2013-11-12 08:05 - 2013-09-27 18:10 - 00002133 _____ C:\Users\user\Desktop\FLV Player.lnk
2013-11-12 08:05 - 2013-09-13 10:14 - 00000000 ____D C:\Users\user\AppData\Local\WebPlayer
2013-11-11 20:08 - 2013-11-08 22:15 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_3CFE
2013-11-08 22:05 - 2012-09-03 15:55 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUSER-HP$
2013-11-08 22:05 - 2012-09-03 15:55 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job
2013-11-08 21:32 - 2013-11-08 21:32 - 00183146 _____ C:\Users\user\Downloads\sample corrosion studies.zip
2013-11-07 10:59 - 2013-11-05 19:42 - 00070030 _____ C:\Users\user\Downloads\Economic Evaluation of Projects.xlsx
2013-11-06 06:57 - 2013-11-06 06:57 - 00345208 _____ C:\Windows\Minidump\110613-21325-01.dmp
2013-11-06 06:57 - 2013-10-16 06:40 - 476472568 _____ C:\Windows\MEMORY.DMP
2013-11-06 06:57 - 2012-07-17 21:49 - 00000000 ____D C:\Windows\Minidump

Files to move or delete:
====================
C:\Users\user\AppData\Local\Temp\MICROS~1.VBS


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce (2).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\user\AppData\Local\Temp\PidGenX.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-01 05:21

==================== End Of Log ============================


---------------------------------------------------------------------------------------------------------------------------------------------------


Farbar Recovery Scan Tool Addition.txt LogFile


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by user at 2013-12-03 15:47:07
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303)
3ivx MPEG-4 5.0.1 Decoder (remove only) (x32 Version: 5.0.1)
Adobe AIR (x32 Version: 3.6.0.5970)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Dreamweaver CS5.5 (x32 Version: 11.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Illustrator CS5.1 (x32 Version: 15.1)
Adobe Photoshop CS5.1 (x32 Version: 12.1)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Widget Browser (x32 Version: 2.0 Build 230)
Adobe Widget Browser (x32 Version: 2.0.230)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Fuel (Version: 2011.0401.2259.39449)
AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449)
ATI Catalyst Install Manager (Version: 3.0.820.0)
avast! Free Antivirus (x32 Version: 9.0.2008)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.95)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.6699)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center InstallProxy (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center Localization All (x32 Version: 2011.0401.2259.39449)
CCC Help Chinese Standard (x32 Version: 2011.0401.2258.39449)
CCC Help Chinese Traditional (x32 Version: 2011.0401.2258.39449)
CCC Help Czech (x32 Version: 2011.0401.2258.39449)
CCC Help Danish (x32 Version: 2011.0401.2258.39449)
CCC Help Dutch (x32 Version: 2011.0401.2258.39449)
CCC Help English (x32 Version: 2011.0401.2258.39449)
CCC Help Finnish (x32 Version: 2011.0401.2258.39449)
CCC Help French (x32 Version: 2011.0401.2258.39449)
CCC Help German (x32 Version: 2011.0401.2258.39449)
CCC Help Greek (x32 Version: 2011.0401.2258.39449)
CCC Help Hungarian (x32 Version: 2011.0401.2258.39449)
CCC Help Italian (x32 Version: 2011.0401.2258.39449)
CCC Help Japanese (x32 Version: 2011.0401.2258.39449)
CCC Help Korean (x32 Version: 2011.0401.2258.39449)
CCC Help Norwegian (x32 Version: 2011.0401.2258.39449)
CCC Help Polish (x32 Version: 2011.0401.2258.39449)
CCC Help Portuguese (x32 Version: 2011.0401.2258.39449)
CCC Help Russian (x32 Version: 2011.0401.2258.39449)
CCC Help Spanish (x32 Version: 2011.0401.2258.39449)
CCC Help Swedish (x32 Version: 2011.0401.2258.39449)
CCC Help Thai (x32 Version: 2011.0401.2258.39449)
CCC Help Turkish (x32 Version: 2011.0401.2258.39449)
ccc-utility64 (Version: 2011.0401.2259.39449)
CCleaner (Version: 4.05)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CyberLink YouCam (x32 Version: 3.5.1.3922)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Evernote v. 4.2.2 (x32 Version: 4.2.2.3979)
ExpressFiles (HKCU Version: 1.7.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
Fast Search (x32 Version: 5.0.1)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
FIFA 11 Demo (x32 Version: 1.0.0.0)
FilesFrog Update Checker (x32)
FLV Player (HKCU Version: 1.0)
Free YouTube Downloader 3.5.128 (x32)
Free YouTube to MP3 Converter version 3.12.1.320 (x32 Version: 3.12.1.320)
FTDownloader (x32 Version: 2.1 Build 26473)
Google Chrome (x32 Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
hosts (x32 Version: 1.28.153.3)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (x32 Version: 4.0.45.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Games (x32 Version: 1.0.2.4)
HP MovieStore (x32 Version: 1.0.047)
HP MovieStore (x32 Version: 2.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.7.2)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP Software Framework (x32 Version: 4.0.110.1)
IDT Audio (x32 Version: 1.0.6327.0)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0003)
Java Auto Updater (x32 Version: 2.0.7.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 35 (x32 Version: 6.0.350)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KMSpico v9.1.0.20131129 (Beta) (Version: 9.1.0.20131129)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
MATLAB R2013a (Version: 8.1)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1005)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Plugin 1.0 (x32 Version: 1.01.100)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
Pando Media Booster (x32 Version: 2.6.0.8)
PDF Settings CS5 (x32 Version: 10.0)
Penguins! (x32 Version: 2.2.0.95)
Picasa 3 (x32 Version: 3.8)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Practice Testing Software 220-702 (x32 Version: 1.0.0)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.1.13.1)
RealDownloader (x32 Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Recovery Manager (x32 Version: 2.0.0)
RocketDock 1.3.5 (x32)
RoxioNow Player (x32 Version: 1.9.5.103)
Setup1 (x32 Version: 1.26.153.2)
Slingo Supreme (x32 Version: 2.2.0.95)
Snap.Do (x32 Version: 1.128.1.11813)
Stellarium 0.11.4 (Version: 0.11.4)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Unity Web Player (HKCU Version: )
Unlocker 1.9.1 (x32 Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
UsbFix By El Desaparecido (x32)
VIO Player version 1.0.1 (x32 Version: 1.0.1)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App for HP (x32 Version: 4.0.10.25)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinZip 17.5 (Version: 17.5.10562)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Xvid Video Codec (x32 Version: 1.3.1)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points =========================

06-11-2013 05:18:29 Scheduled Checkpoint
16-11-2013 02:10:36 Scheduled Checkpoint
28-11-2013 10:51:07 Scheduled Checkpoint
03-12-2013 17:07:49 avast! antivirus system restore point
03-12-2013 17:51:42 Installed Microsoft Fix it 50471

==================== Hosts content: ==========================

2012-06-26 21:45 - 2011-01-27 15:00 - 00001211 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

Task: {0AE7C1D7-9110-4C0B-B124-28ED1E69AB98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-15] (Facebook Inc.)
Task: {2C361D24-C51C-4C9B-BC9B-972861930BE6} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [2013-03-27] (http://www.express-files.com/)
Task: {32D9784D-9491-48E2-9479-455DD0BCA866} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {38FB4D12-C114-4D86-8395-30EE9B538D7B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {3B467103-1092-42AD-9E85-70E6F8937F81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {4237141F-786F-49E3-9015-49C08828AD84} - System32\Tasks\RNUpgradeHelperResumePrompt_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {442AA9E6-8E3C-4D40-AB7B-81D90D3F7977} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {476E63DE-8274-4CED-A779-1A99C2939FA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {47BDF155-5D16-4375-880F-A21DDF303A3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {54E7661C-D84F-4F4B-AE9F-3A5397BD21D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {5900E569-78D5-4384-88B4-837F5DDB7E12} - System32\Tasks\ReclaimerUpdateXML_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {76E083D8-0334-4BEB-A6D5-CD965A6232E4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-29] ()
Task: {7A0A92BC-1E69-4E52-828D-C7E8B3CCF0AB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {84D84E38-5466-4784-8796-0A3DB19D49EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-03] (AVAST Software)
Task: {9485608B-7DBE-48D8-B547-07F7A1755BAA} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {9DCEE83F-D3D4-4B4E-B782-7D974EA54029} - System32\Tasks\Microsoft Office 15 Sync Maintenance for user-HP-user user-HP => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-13] (Microsoft Corporation)
Task: {A75F0E03-10EA-4EA9-8687-64D7494D4E0D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-15] (Facebook Inc.)
Task: {A8612B67-D145-4F2B-91E5-9C7D2F545241} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {AB44C8AE-3154-4F08-A821-8FA72BBECFDB} - System32\Tasks\HPCeeScheduleForUSER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {ABFEDDAD-99B1-4954-930F-520B54CB60B4} - System32\Tasks\RNUpgradeHelperLogonPrompt_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {C29D9033-D6FC-4A40-B57A-B2CF9674600F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {D90DA100-7C98-4046-A443-A0315F91E6FB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {DA43D912-9E1D-48F4-A9AA-726988992A29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {EDEA0FC9-3FB4-4A1A-9013-D7B2836F3840} - System32\Tasks\ReclaimerUpdateFiles_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {FD752341-248A-4863-8AB1-7A84D354ADFC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-11-13 06:27 - 2013-11-13 06:27 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-03 13:14 - 2013-12-03 07:36 - 02150912 _____ () C:\Program Files\AVAST Software\Avast\defs\13120300\algo.dll
2013-12-03 13:14 - 2013-12-03 13:14 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\Users\user\Desktop\CleanTemp.bat:AFP_Resource

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2013 01:18:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 01:17:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5298c262
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff0016052f
Faulting process id: 0x5f4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}

Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}

Error: (10/01/2013 01:05:05 PM) (Source: Google Update) (User: user-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/01/2013 01:04:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2013 01:04:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5298c262
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff0016052f
Faulting process id: 0x9c0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}

Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}

Error: (12/03/2013 11:39:28 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {BD5E8E72-0BE9-49FD-82ED-AECF910790C2}


System errors:
=============
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 4 time(s).

Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 4 time(s).

Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Office Service service terminated unexpectedly. It has done this 4 time(s).

Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 4 time(s).

Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 3 time(s).

Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).

Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).

Error: (12/03/2013 02:12:04 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error:
%%1056

Error: (12/03/2013 02:12:04 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056


Microsoft Office Sessions:
=========================
Error: (12/03/2013 01:18:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 01:17:09 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe10.4.2.05298c262unknown0.0.0.00000000000000000000007ff0016052f5f401cef04b7053fc0cC:\Program Files\KMSpico\Service_KMS.exeunknownbd666daf-5c3e-11e3-aec5-78e3b5573047

Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}

Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}

Error: (10/01/2013 01:05:05 PM) (Source: Google Update)(User: user-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/01/2013 01:04:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2013 01:04:47 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe10.4.2.05298c262unknown0.0.0.00000000000000000000007ff0016052f9c001cebec84259a449C:\Program Files\KMSpico\Service_KMS.exeunknown93202f5d-2abb-11e3-b654-78e3b5573047

Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}

Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}

Error: (12/03/2013 11:39:28 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {BD5E8E72-0BE9-49FD-82ED-AECF910790C2}


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3562.9 MB
Available physical RAM: 1723.64 MB
Total Pagefile: 13561.09 MB
Available Pagefile: 11863.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.73 GB) (Free:355.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.74 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (SUPERCAGACUSTSUB) (CDROM) (Total:4.02 GB) (Free:0 GB) UDF
Drive g: (Sameer) (Removable) (Total:1.86 GB) (Free:1.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5D644BB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End Of Log ============================





Anything else that you may require, please let me know! Thanks!
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Welcome to GeeksToGo, silentarts

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

Dr. Machiavelli will come back soon after one of my cool teachers approved my fix.
  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Illegal Software Warning

I see some files which are related to Cracks, Keygens etc. :) Below I list you which files are illegal and please remove them. Using illegal software is against the rules and we can't support (also if I love to help you!). :) Don't understand that wrong but I have to warn you about that.

Illegal files/folders:

  • C:\Program Files\KMSpico

Please remove the cracked office. Also there seems to be cracked Adobe - believe me, I'll find the illegal software. :)

P2P Warning

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:
4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Uninstalls

Now please go to Start(Windows 7 orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

  • FilesFrog Update Checker
  • hosts
  • KMSpico v9.1.0.20131129
  • Setup1
  • Snap.Do

FRST Fix

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

System Restore Point

Please make a restore point!

http://www.youtube.com/watch?v=wfV1dsHopMo

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

JRT Scan

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

OTL Scan

  • Download OTL to your Desktop
  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
      Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]Repeat for the Extras.txt file.

Question

How is the computer running? Any issues?

Attached Files


  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Any problems with the instructions above?
  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP