I used USBFix.exe and it created two log files; one for Recovery and one for Listing.
PS: I also disabled the AutoRun Feature by Downloading Microsoft Fix It 50471.
---------------------------------------------------------------------------------------------------------------------------------------------------
Recovery Log file
############################## | UsbFix V 7.152 | [Research]
User: user (Administrator) # USER-HP
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 14:48:22 | 03/12/2013
Website : http://www.en.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus....oad_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: Hewlett-Packard (169B)
CPU: AMD A4-3300M APU with Radeon HD Graphics
RAM -> [Total : 3563 | Free : 1808]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16686
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 451 Gb (356 Mb free - 79%) [] # NTFS
D:\ -> Fixed drive # 15 Gb (2 Mb free - 11%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [Sameer] # NTFS
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 412 |ParentID: 376)
C:\Windows\system32\wininit.exe (ID: 488 |ParentID: 376)
C:\Windows\system32\csrss.exe (ID: 520 |ParentID: 496)
C:\Windows\system32\services.exe (ID: 552 |ParentID: 488)
C:\Windows\system32\lsass.exe (ID: 568 |ParentID: 488)
C:\Windows\system32\lsm.exe (ID: 576 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 680 |ParentID: 552)
C:\Windows\system32\winlogon.exe (ID: 748 |ParentID: 496)
C:\Windows\system32\svchost.exe (ID: 820 |ParentID: 552)
C:\Windows\System32\svchost.exe (ID: 948 |ParentID: 552)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 352 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 380 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 1304 |ParentID: 552)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1400 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 1700 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 3052 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 2640 |ParentID: 552)
C:\Windows\system32\Dwm.exe (ID: 3512 |ParentID: 996)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4744 |ParentID: 1292)
C:\Windows\System32\svchost.exe (ID: 4560 |ParentID: 552)
C:\Windows\explorer.exe (ID: 2552 |ParentID: 748)
C:\Windows\System32\WUDFHost.exe (ID: 5540 |ParentID: 996)
C:\Windows\System32\rundll32.exe (ID: 5096 |ParentID: 680)
C:\Windows\system32\DllHost.exe (ID: 4324 |ParentID: 680)
C:\Windows\system32\SearchIndexer.exe (ID: 4456 |ParentID: 552)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3872 |ParentID: 552)
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID: 3692 |ParentID: 552)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3280 |ParentID: 2552)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4660 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4016 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4248 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4624 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 236 |ParentID: 3280)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1576 |ParentID: 552)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 836 |ParentID: 1576)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 496 |ParentID: 3280)
C:\Windows\system32\taskeng.exe (ID: 1580 |ParentID: 380)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3472 |ParentID: 4456)
C:\Windows\explorer.exe (ID: 5232 |ParentID: 680)
C:\Windows\system32\SearchFilterHost.exe (ID: 872 |ParentID: 4456)
C:\UsbFix\Go.exe (ID: 5136 |ParentID: 428)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4800 |ParentID: 680)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS5.5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe /check
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5.5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [AdobeBridge] -
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Facebook Update] - "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\user\AppData\Local\Smartbar\Application\SnapDo.exe startup
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [uTorrent] - "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [RocketDock] - "C:\Program Files (x86)\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [MICROS~1] - wscript.exe //B "C:\Users\user\AppData\Local\Temp\MICROS~1.VBS"
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Generic Research |
Found ! C:\Users\user\AppData\Roaming\BabMaint.exe
Found ! C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Found ! C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Found ! G:\MICROS~1.VBS
Found ! G:\AAS LAB REPORT-karishma gobin.lnk
Found ! G:\APPENDIX.lnk
Found ! G:\AstroQuiz Presentations 2012.lnk
Found ! G:\celcius-rankin.lnk
Found ! G:\CHNG1000 [bleep] 2 13-14.lnk
Found ! G:\club_application.lnk
Found ! G:\Corrosion Studies Diagram.lnk
Found ! G:\Creep Results 5.lnk
Found ! G:\Creep Results 51.lnk
Found ! G:\Doc2.lnk
Found ! G:\Economic Evaluation of Projects.lnk
Found ! G:\Maths.lnk
Found ! G:\matlab_guide.lnk
Found ! G:\OCT 10.lnk
Found ! G:\Process Economics Tutorial.lnk
Found ! G:\QUESTIONNAIRE.lnk
Found ! G:\Sameer corrected.lnk
Found ! G:\Sameer.lnk
Found ! G:\sample corrosion studies lab 1.lnk
Found ! G:\sample corrosion studies lab 2.lnk
Found ! G:\SAN FERNANDO GENERAL HOSPITAL DATA.lnk
Found ! G:\Sando 1.lnk
Found ! G:\scimatlab1.lnk
Found ! G:\scimatlab2 (2).lnk
Found ! G:\scimatlab2.lnk
Found ! G:\scimatlab3.lnk
Found ! G:\SCIMATLABRESULTS.lnk
Found ! G:\The G Man.lnk
Found ! G:\TIME2.lnk
Found ! G:\TITLE.lnk
Found ! G:\UNIVERSITY OF THE WEST INDIES.lnk
Found ! G:\UV2.lnk
Found ! G:\VALEDITORY SPEECH.lnk
Found ! D:\desktop.ini
################## | Reference of comparison MD5 |
Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Md5 : E879A5B023C87A551BE8F693E0532C38 -> G:\MICROS~1.VBS
Md5 : CC1A55091FD96BCB624AD791CD15D179 -> C:\Users\user\AppData\Roaming\BabMaint.exe
Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
################## | Comparison MD5 |
Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Found ! Md5 : CC1A55091FD96BCB624AD791CD15D179 -> C:\Users\user\AppData\Roaming\BabMaint.exe
Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> G:\MICROS~1.VBS
################## | Registry |
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Found ! HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\Software\Microsoft\Windows\CurrentVersion\Run|MICROS~1
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MICROS~1
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
---------------------------------------------------------------------------------------------------------------------------------------------------
Listing Log File
############################## | UsbFix V 7.152 | [Listing]
User: user (Administrator) # USER-HP
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 15:34:19 | 03/12/2013
Website : http://www.en.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus....oad_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: Hewlett-Packard (169B)
CPU: AMD A4-3300M APU with Radeon HD Graphics
RAM -> [Total : 3563 | Free : 1866]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16686
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 451 Gb (356 Mb free - 79%) [] # NTFS
D:\ -> Fixed drive # 15 Gb (2 Mb free - 11%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [Sameer] # NTFS
################## | Listing |
[15/07/2012 - 18:03:41 | SHD ] C:\$Recycle.Bin
[30/06/2012 - 11:32:29 | D ] C:\45520063a796f360e041755606f9
[26/06/2012 - 21:20:49 | D ] C:\Adobe Dreamweaver CS5.5
[26/06/2012 - 21:21:31 | D ] C:\Adobe Illustrator CS5.1
[26/06/2012 - 21:23:49 | D ] C:\Adobe Photoshop CS5.1
[17/05/2011 - 17:27:38 | SHD ] C:\boot
[20/11/2010 - 23:23:51 | RASH | 383786] C:\bootmgr
[03/12/2013 - 13:52:12 | SHD ] C:\Config.Msi
[14/07/2009 - 01:08:56 | SHD ] C:\Documents and Settings
[03/12/2013 - 13:16:21 | ASH | 2801979392] C:\hiberfil.sys
[27/07/2011 - 11:49:31 | HD ] C:\HP
[29/07/2012 - 22:40:34 | RHD ] C:\MSOCache
[03/12/2013 - 13:16:30 | ASH | 10485760000] C:\pagefile.sys
[03/12/2013 - 10:18:46 | RD ] C:\Program Files
[27/11/2013 - 19:42:21 | RD ] C:\Program Files (x86)
[25/10/2013 - 14:15:14 | HD ] C:\ProgramData
[26/06/2012 - 21:01:32 | SHD ] C:\Recovery
[13/05/2013 - 14:01:43 | D ] C:\SearchProtect
[05/08/2012 - 16:08:55 | D ] C:\SWSetup
[03/12/2013 - 13:52:01 | SHD ] C:\System Volume Information
[26/06/2012 - 21:01:38 | AHD ] C:\SYSTEM.SAV
[03/12/2013 - 15:34:22 | D ] C:\UsbFix
[03/12/2013 - 15:34:22 | A | 2322] C:\UsbFix [Listing 2 ] USER-HP.txt
[03/12/2013 - 15:01:35 | A | 12394] C:\UsbFix [Scan 5] USER-HP.txt
[26/06/2012 - 21:00:53 | RD ] C:\Users
[03/12/2013 - 13:14:50 | D ] C:\Windows
[12/04/2012 - 17:25:39 | SHD ] D:\$RECYCLE.BIN
[24/06/2012 - 16:06:59 | RASH | 0] D:\2208_15140084_MVM_7.tmp
[12/04/2012 - 17:25:32 | RASHD ] D:\boot
[14/07/2009 - 14:39:00 | RASH | 383562] D:\bootmgr
[23/05/2010 - 08:55:46 | RASH | 67] D:\Desktop.ini
[12/04/2012 - 17:25:32 | ASHD ] D:\FactoryUpdate
[12/04/2012 - 17:25:32 | RASHD ] D:\hp
[13/04/2012 - 14:20:39 | RASH | 20] D:\HPSF_Rep.txt
[19/08/2012 - 15:39:34 | A | 8] D:\HP_WSD.dat
[31/01/2013 - 20:50:06 | A | 458] D:\Local Disk © - Shortcut.lnk
[12/04/2012 - 17:25:32 | RSHD ] D:\preload
[26/06/2012 - 21:01:38 | RSD ] D:\recovery
[12/04/2012 - 17:25:32 | SHD ] D:\RM_Reserve
[26/06/2012 - 21:18:46 | SHD ] D:\System Volume Information
[08/07/2013 - 23:56:35 | RAD ] E:\VIDEO_TS
[08/07/2013 - 23:56:35 | RAD ] E:\AUDIO_TS
[03/12/2013 - 13:48:28 | A | 800] G:\AAS LAB REPORT-karishma gobin.lnk
[03/12/2013 - 13:48:29 | A | 704] G:\APPENDIX.lnk
[03/12/2013 - 13:48:01 | A | 794] G:\AstroQuiz Presentations 2012.lnk
[03/12/2013 - 13:48:30 | A | 1566] G:\celcius-rankin.lnk
[03/12/2013 - 13:48:31 | A | 1592] G:\CHNG1000 [bleep] 2 13-14.lnk
[03/12/2013 - 13:48:37 | A | 762] G:\club_application.lnk
[03/12/2013 - 13:48:31 | A | 1598] G:\Corrosion Studies Diagram.lnk
[03/12/2013 - 13:48:32 | A | 1576] G:\Creep Results 5.lnk
[03/12/2013 - 13:48:32 | A | 1578] G:\Creep Results 51.lnk
[03/12/2013 - 13:48:32 | A | 1548] G:\Doc2.lnk
[03/12/2013 - 13:48:34 | A | 1614] G:\Economic Evaluation of Projects.lnk
[03/12/2013 - 13:48:37 | A | 740] G:\Maths.lnk
[03/12/2013 - 13:48:34 | A | 1562] G:\matlab_guide.lnk
[25/09/2013 - 08:46:54 | SH | 152739] G:\MICROS~1.VBS
[03/12/2013 - 13:48:37 | A | 746] G:\OCT 10.lnk
[03/12/2013 - 13:48:34 | A | 1600] G:\Process Economics Tutorial.lnk
[03/12/2013 - 13:48:35 | A | 1566] G:\QUESTIONNAIRE.lnk
[03/12/2013 - 13:48:36 | A | 1576] G:\Sameer corrected.lnk
[03/12/2013 - 13:48:36 | A | 1552] G:\Sameer.lnk
[03/12/2013 - 13:48:36 | A | 1616] G:\sample corrosion studies lab 1.lnk
[03/12/2013 - 13:48:36 | A | 1616] G:\sample corrosion studies lab 2.lnk
[03/12/2013 - 13:48:36 | A | 1624] G:\SAN FERNANDO GENERAL HOSPITAL DATA.lnk
[03/12/2013 - 13:48:36 | A | 1558] G:\Sando 1.lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab1.lnk
[03/12/2013 - 13:48:36 | A | 1572] G:\scimatlab2 (2).lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab2.lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab3.lnk
[03/12/2013 - 13:48:36 | A | 1572] G:\SCIMATLABRESULTS.lnk
[03/12/2013 - 13:48:36 | A | 744] G:\The G Man.lnk
[03/12/2013 - 13:48:36 | A | 730] G:\TIME2.lnk
[03/12/2013 - 13:48:36 | A | 730] G:\TITLE.lnk
[03/12/2013 - 13:48:36 | A | 794] G:\UNIVERSITY OF THE WEST INDIES.lnk
[03/12/2013 - 13:48:37 | A | 724] G:\UV2.lnk
[03/12/2013 - 13:48:37 | A | 758] G:\VALEDITORY SPEECH.lnk
################## | E.O.F |
---------------------------------------------------------------------------------------------------------------------------------------------------
FRST.txt Log File from Farbar Recovery Scan Tool
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by user (administrator) on USER-HP on 03-12-2013 15:45:06
Running from C:\Users\user\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-23] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () <===== ATTENTION
HKLM-x32\...\Runonce: [] - [x]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
HKCU\...\Run: [Facebook Update] - C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-15] (Facebook Inc.)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\user\AppData\Local\Smartbar\Application\SnapDo.exe [21024 2013-08-11] (Smartbar)
HKCU\...\Run: [uTorrent] - C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-15] (BitTorrent Inc.)
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () <===== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-03-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-03] (AVAST Software)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.tt/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKLM-x32 - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
URLSearchHook: HKCU - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
SearchScopes: HKLM - {21A09A26-3F3C-4786-97CB-7495A1C6C36A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {812288FF-A2C6-4969-8159-20CAA7C8E863} URL =
SearchScopes: HKLM-x32 - {21A09A26-3F3C-4786-97CB-7495A1C6C36A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheri...q={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...5-78E3B5573047}
SearchScopes: HKCU - DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.ividi....&affilt=3&r=632
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {21A09A26-3F3C-4786-97CB-7495A1C6C36A} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.ividi....&affilt=3&r=632
SearchScopes: HKCU - {C8D40D51-543F-4D33-9583-9229A879D2FA} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...5-78E3B5573047}
SearchScopes: HKCU - {F985A1B2-1DD8-4733-B868-A3B9557EC9C7} URL = http://www.bing.com/...rchTerms}&r=147
BHO: hosts - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho64.dll (Irismedia)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Setup1 - {11111111-1111-1111-1111-110111091189} - C:\Program Files (x86)\Setup1\Setup1.dll (Fatmir Miftari)
BHO-x32: hosts - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll (Irismedia)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Fast Search - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-17] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.1.104.35 200.1.104.36 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\user.js
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.ividi.org/?src=tbhp&id=a247b50d00000000000078e3b5573047&affilt=3
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\user\Desktop\null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\express-files-customized-web-search.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: hosts - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
FF Extension: Setup1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\[email protected]
FF Extension: ftdownloader2 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\[email protected]
FF Extension: gophoto - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\user\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx
==================== Services (Whitelisted) =================
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-03] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-12-03] (WildTangent)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [808728 2013-11-29] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-03] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-03] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-03] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-03 15:45 - 2013-12-03 15:46 - 00025692 _____ C:\Users\user\Downloads\FRST.txt
2013-12-03 15:44 - 2013-12-03 15:44 - 00000000 ____D C:\FRST
2013-12-03 15:42 - 2013-12-03 15:43 - 01959614 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-03 15:34 - 2013-12-03 15:34 - 00005440 _____ C:\UsbFix [Listing 2 ] USER-HP.txt
2013-12-03 14:48 - 2013-12-03 15:01 - 00012394 _____ C:\UsbFix [Scan 5] USER-HP.txt
2013-12-03 13:53 - 2013-12-03 15:34 - 00000000 ____D C:\UsbFix
2013-12-03 13:52 - 2013-12-03 13:52 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\user\Desktop\UsbFix.exe
2013-12-03 13:51 - 2013-12-03 13:51 - 00655360 _____ C:\Users\user\Downloads\MicrosoftFixit50471.msi
2013-12-03 13:48 - 2013-12-03 13:48 - 00000000 ____D C:\Users\user\Desktop\Flash Drive Files
2013-12-03 13:23 - 2013-12-03 13:23 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2013-12-03 13:15 - 2013-12-03 13:15 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-03 10:18 - 2013-12-03 10:18 - 00003702 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\KMSpico
2013-12-03 09:22 - 2013-12-03 09:25 - 00000000 ____D C:\Users\user\Desktop\Projects
2013-11-28 21:33 - 2013-12-03 13:22 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job
2013-11-28 21:33 - 2013-12-02 21:37 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_user.job
2013-11-28 21:33 - 2013-12-02 19:35 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_user.job
2013-11-27 20:21 - 2013-11-27 20:21 - 00060460 _____ C:\Users\user\Downloads\The Role of a Chemical Engineer.pptx
2013-11-26 00:05 - 2013-11-26 00:05 - 00123392 _____ C:\Users\user\Downloads\1180-marks-2013 (1).xls
2013-11-25 23:09 - 2013-11-25 23:09 - 00248924 _____ C:\Users\user\Downloads\Applications for Comm Presentation.pptx
2013-11-25 23:09 - 2013-11-25 23:09 - 00048329 _____ C:\Users\user\Downloads\MATAINENCE OF CENTRIFUGAL PUMPS.pptx
2013-11-25 22:34 - 2013-11-25 22:34 - 03199096 _____ C:\Users\user\Downloads\centrifugal pumps pp (1).pptx
2013-11-25 21:51 - 2013-11-25 21:51 - 03205132 _____ C:\Users\user\Downloads\centrifugal pumps pp.pptx
2013-11-25 16:06 - 2013-11-25 14:49 - 00489256 _____ C:\Users\user\Documents\centrifugal pumps pp.pptx
2013-11-17 23:30 - 2013-11-17 23:30 - 00021423 _____ C:\Users\user\Documents\Book1.xlsx
2013-11-15 20:31 - 2013-11-16 07:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 22:24 - 2013-11-13 22:26 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_30EF
2013-11-12 22:23 - 2013-11-12 22:23 - 00121344 _____ C:\Users\user\Downloads\1180-marks-2013.xls
2013-11-08 22:15 - 2013-11-11 20:08 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_3CFE
2013-11-08 21:32 - 2013-11-08 21:32 - 00183146 _____ C:\Users\user\Downloads\sample corrosion studies.zip
2013-11-06 17:57 - 2013-11-29 19:24 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-06 06:57 - 2013-11-06 06:57 - 00345208 _____ C:\Windows\Minidump\110613-21325-01.dmp
2013-11-05 19:42 - 2013-11-07 10:59 - 00070030 _____ C:\Users\user\Downloads\Economic Evaluation of Projects.xlsx
==================== One Month Modified Files and Folders =======
2013-12-03 15:46 - 2013-12-03 15:45 - 00025692 _____ C:\Users\user\Downloads\FRST.txt
2013-12-03 15:44 - 2013-12-03 15:44 - 00000000 ____D C:\FRST
2013-12-03 15:44 - 2012-07-07 10:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 15:43 - 2013-12-03 15:42 - 01959614 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-03 15:40 - 2011-07-27 11:35 - 01766068 _____ C:\Windows\WindowsUpdate.log
2013-12-03 15:34 - 2013-12-03 15:34 - 00005440 _____ C:\UsbFix [Listing 2 ] USER-HP.txt
2013-12-03 15:34 - 2013-12-03 13:53 - 00000000 ____D C:\UsbFix
2013-12-03 15:30 - 2013-06-15 09:01 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA.job
2013-12-03 15:01 - 2013-12-03 14:48 - 00012394 _____ C:\UsbFix [Scan 5] USER-HP.txt
2013-12-03 14:47 - 2012-06-26 21:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 14:15 - 2011-05-17 15:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-12-03 13:52 - 2013-12-03 13:52 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\user\Desktop\UsbFix.exe
2013-12-03 13:52 - 2013-09-17 17:20 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-12-03 13:51 - 2013-12-03 13:51 - 00655360 _____ C:\Users\user\Downloads\MicrosoftFixit50471.msi
2013-12-03 13:48 - 2013-12-03 13:48 - 00000000 ____D C:\Users\user\Desktop\Flash Drive Files
2013-12-03 13:26 - 2009-07-14 01:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 13:23 - 2013-12-03 13:23 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2013-12-03 13:22 - 2013-11-28 21:33 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job
2013-12-03 13:22 - 2012-06-26 21:31 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 13:22 - 2009-07-14 00:45 - 00036128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 13:22 - 2009-07-14 00:45 - 00036128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 13:16 - 2013-10-14 09:03 - 00032760 _____ C:\Windows\PFRO.log
2013-12-03 13:16 - 2013-09-25 10:23 - 00009590 _____ C:\Windows\setupact.log
2013-12-03 13:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 13:15 - 2013-12-03 13:15 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-03 13:15 - 2012-07-14 07:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-03 13:14 - 2013-06-09 12:25 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-03 13:14 - 2013-06-09 12:25 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-03 13:14 - 2012-06-26 21:31 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-03 13:14 - 2012-06-26 21:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-03 13:07 - 2012-06-26 21:30 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-03 13:06 - 2012-06-26 21:31 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-12-03 10:18 - 2013-12-03 10:18 - 00003702 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\KMSpico
2013-12-03 09:25 - 2013-12-03 09:22 - 00000000 ____D C:\Users\user\Desktop\Projects
2013-12-03 09:06 - 2013-06-15 09:01 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core.job
2013-12-02 21:37 - 2013-11-28 21:33 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_user.job
2013-12-02 21:36 - 2012-06-26 21:07 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7055F76A-DE65-4A14-A7E1-D80E94C3FEA5}
2013-12-02 21:29 - 2013-08-27 11:06 - 01005568 ___SH C:\Users\user\Downloads\Thumbs.db
2013-12-02 19:35 - 2013-11-28 21:33 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_user.job
2013-12-02 05:59 - 2013-09-20 22:12 - 00004964 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for user-HP-user user-HP
2013-12-01 20:35 - 2012-10-06 06:44 - 00172544 ___SH C:\Users\user\Documents\Thumbs.db
2013-11-29 19:24 - 2013-11-06 17:57 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-29 19:24 - 2013-10-23 21:10 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-29 07:00 - 2012-11-12 15:02 - 00000000 ____D C:\Users\user\Documents\Microsoft items
2013-11-27 20:21 - 2013-11-27 20:21 - 00060460 _____ C:\Users\user\Downloads\The Role of a Chemical Engineer.pptx
2013-11-27 19:42 - 2012-06-26 21:31 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-27 19:42 - 2012-06-26 21:31 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 13:17 - 2012-06-26 21:07 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-26 00:05 - 2013-11-26 00:05 - 00123392 _____ C:\Users\user\Downloads\1180-marks-2013 (1).xls
2013-11-25 23:09 - 2013-11-25 23:09 - 00248924 _____ C:\Users\user\Downloads\Applications for Comm Presentation.pptx
2013-11-25 23:09 - 2013-11-25 23:09 - 00048329 _____ C:\Users\user\Downloads\MATAINENCE OF CENTRIFUGAL PUMPS.pptx
2013-11-25 22:34 - 2013-11-25 22:34 - 03199096 _____ C:\Users\user\Downloads\centrifugal pumps pp (1).pptx
2013-11-25 21:51 - 2013-11-25 21:51 - 03205132 _____ C:\Users\user\Downloads\centrifugal pumps pp.pptx
2013-11-25 14:49 - 2013-11-25 16:06 - 00489256 _____ C:\Users\user\Documents\centrifugal pumps pp.pptx
2013-11-24 13:04 - 2012-07-31 16:27 - 00000000 ____D C:\Users\user\Documents\Youcam
2013-11-22 23:16 - 2012-06-26 22:07 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-11-19 19:17 - 2013-10-24 21:14 - 00000000 ____D C:\Users\user\Desktop\New folder
2013-11-18 09:27 - 2012-12-30 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 23:30 - 2013-11-17 23:30 - 00021423 _____ C:\Users\user\Documents\Book1.xlsx
2013-11-16 07:48 - 2013-11-15 20:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 22:26 - 2013-11-13 22:24 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_30EF
2013-11-13 16:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-13 06:39 - 2013-09-16 22:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-12 22:23 - 2013-11-12 22:23 - 00121344 _____ C:\Users\user\Downloads\1180-marks-2013.xls
2013-11-12 21:43 - 2012-07-15 17:35 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2013-11-12 08:05 - 2013-09-27 18:10 - 00002133 _____ C:\Users\user\Desktop\FLV Player.lnk
2013-11-12 08:05 - 2013-09-13 10:14 - 00000000 ____D C:\Users\user\AppData\Local\WebPlayer
2013-11-11 20:08 - 2013-11-08 22:15 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_3CFE
2013-11-08 22:05 - 2012-09-03 15:55 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUSER-HP$
2013-11-08 22:05 - 2012-09-03 15:55 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job
2013-11-08 21:32 - 2013-11-08 21:32 - 00183146 _____ C:\Users\user\Downloads\sample corrosion studies.zip
2013-11-07 10:59 - 2013-11-05 19:42 - 00070030 _____ C:\Users\user\Downloads\Economic Evaluation of Projects.xlsx
2013-11-06 06:57 - 2013-11-06 06:57 - 00345208 _____ C:\Windows\Minidump\110613-21325-01.dmp
2013-11-06 06:57 - 2013-10-16 06:40 - 476472568 _____ C:\Windows\MEMORY.DMP
2013-11-06 06:57 - 2012-07-17 21:49 - 00000000 ____D C:\Windows\Minidump
Files to move or delete:
====================
C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce (2).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\user\AppData\Local\Temp\PidGenX.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-01 05:21
==================== End Of Log ============================
---------------------------------------------------------------------------------------------------------------------------------------------------
Farbar Recovery Scan Tool Addition.txt LogFile
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by user at 2013-12-03 15:47:07
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
µTorrent (HKCU Version: 3.3.2.30303)
3ivx MPEG-4 5.0.1 Decoder (remove only) (x32 Version: 5.0.1)
Adobe AIR (x32 Version: 3.6.0.5970)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Dreamweaver CS5.5 (x32 Version: 11.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Illustrator CS5.1 (x32 Version: 15.1)
Adobe Photoshop CS5.1 (x32 Version: 12.1)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Widget Browser (x32 Version: 2.0 Build 230)
Adobe Widget Browser (x32 Version: 2.0.230)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Fuel (Version: 2011.0401.2259.39449)
AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449)
ATI Catalyst Install Manager (Version: 3.0.820.0)
avast! Free Antivirus (x32 Version: 9.0.2008)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.95)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.6699)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center InstallProxy (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center Localization All (x32 Version: 2011.0401.2259.39449)
CCC Help Chinese Standard (x32 Version: 2011.0401.2258.39449)
CCC Help Chinese Traditional (x32 Version: 2011.0401.2258.39449)
CCC Help Czech (x32 Version: 2011.0401.2258.39449)
CCC Help Danish (x32 Version: 2011.0401.2258.39449)
CCC Help Dutch (x32 Version: 2011.0401.2258.39449)
CCC Help English (x32 Version: 2011.0401.2258.39449)
CCC Help Finnish (x32 Version: 2011.0401.2258.39449)
CCC Help French (x32 Version: 2011.0401.2258.39449)
CCC Help German (x32 Version: 2011.0401.2258.39449)
CCC Help Greek (x32 Version: 2011.0401.2258.39449)
CCC Help Hungarian (x32 Version: 2011.0401.2258.39449)
CCC Help Italian (x32 Version: 2011.0401.2258.39449)
CCC Help Japanese (x32 Version: 2011.0401.2258.39449)
CCC Help Korean (x32 Version: 2011.0401.2258.39449)
CCC Help Norwegian (x32 Version: 2011.0401.2258.39449)
CCC Help Polish (x32 Version: 2011.0401.2258.39449)
CCC Help Portuguese (x32 Version: 2011.0401.2258.39449)
CCC Help Russian (x32 Version: 2011.0401.2258.39449)
CCC Help Spanish (x32 Version: 2011.0401.2258.39449)
CCC Help Swedish (x32 Version: 2011.0401.2258.39449)
CCC Help Thai (x32 Version: 2011.0401.2258.39449)
CCC Help Turkish (x32 Version: 2011.0401.2258.39449)
ccc-utility64 (Version: 2011.0401.2259.39449)
CCleaner (Version: 4.05)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CyberLink YouCam (x32 Version: 3.5.1.3922)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Evernote v. 4.2.2 (x32 Version: 4.2.2.3979)
ExpressFiles (HKCU Version: 1.7.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
Fast Search (x32 Version: 5.0.1)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
FIFA 11 Demo (x32 Version: 1.0.0.0)
FilesFrog Update Checker (x32)
FLV Player (HKCU Version: 1.0)
Free YouTube Downloader 3.5.128 (x32)
Free YouTube to MP3 Converter version 3.12.1.320 (x32 Version: 3.12.1.320)
FTDownloader (x32 Version: 2.1 Build 26473)
Google Chrome (x32 Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
hosts (x32 Version: 1.28.153.3)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (x32 Version: 4.0.45.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Games (x32 Version: 1.0.2.4)
HP MovieStore (x32 Version: 1.0.047)
HP MovieStore (x32 Version: 2.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.7.2)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP Software Framework (x32 Version: 4.0.110.1)
IDT Audio (x32 Version: 1.0.6327.0)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0003)
Java Auto Updater (x32 Version: 2.0.7.1)
Java 6 Update 24 (64-bit) (Version: 6.0.240)
Java 6 Update 35 (x32 Version: 6.0.350)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KMSpico v9.1.0.20131129 (Beta) (Version: 9.1.0.20131129)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
MATLAB R2013a (Version: 8.1)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1005)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Plugin 1.0 (x32 Version: 1.01.100)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
Pando Media Booster (x32 Version: 2.6.0.8)
PDF Settings CS5 (x32 Version: 10.0)
Penguins! (x32 Version: 2.2.0.95)
Picasa 3 (x32 Version: 3.8)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Practice Testing Software 220-702 (x32 Version: 1.0.0)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.1.13.1)
RealDownloader (x32 Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Recovery Manager (x32 Version: 2.0.0)
RocketDock 1.3.5 (x32)
RoxioNow Player (x32 Version: 1.9.5.103)
Setup1 (x32 Version: 1.26.153.2)
Slingo Supreme (x32 Version: 2.2.0.95)
Snap.Do (x32 Version: 1.128.1.11813)
Stellarium 0.11.4 (Version: 0.11.4)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Unity Web Player (HKCU Version: )
Unlocker 1.9.1 (x32 Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
UsbFix By El Desaparecido (x32)
VIO Player version 1.0.1 (x32 Version: 1.0.1)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App for HP (x32 Version: 4.0.10.25)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinZip 17.5 (Version: 17.5.10562)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Xvid Video Codec (x32 Version: 1.3.1)
Zuma Deluxe (x32 Version: 2.2.0.95)
==================== Restore Points =========================
06-11-2013 05:18:29 Scheduled Checkpoint
16-11-2013 02:10:36 Scheduled Checkpoint
28-11-2013 10:51:07 Scheduled Checkpoint
03-12-2013 17:07:49 avast! antivirus system restore point
03-12-2013 17:51:42 Installed Microsoft Fix it 50471
==================== Hosts content: ==========================
2012-06-26 21:45 - 2011-01-27 15:00 - 00001211 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
==================== Scheduled Tasks (whitelisted) =============
Task: {0AE7C1D7-9110-4C0B-B124-28ED1E69AB98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-15] (Facebook Inc.)
Task: {2C361D24-C51C-4C9B-BC9B-972861930BE6} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [2013-03-27] (http://www.express-files.com/)
Task: {32D9784D-9491-48E2-9479-455DD0BCA866} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {38FB4D12-C114-4D86-8395-30EE9B538D7B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {3B467103-1092-42AD-9E85-70E6F8937F81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {4237141F-786F-49E3-9015-49C08828AD84} - System32\Tasks\RNUpgradeHelperResumePrompt_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {442AA9E6-8E3C-4D40-AB7B-81D90D3F7977} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {476E63DE-8274-4CED-A779-1A99C2939FA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {47BDF155-5D16-4375-880F-A21DDF303A3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {54E7661C-D84F-4F4B-AE9F-3A5397BD21D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {5900E569-78D5-4384-88B4-837F5DDB7E12} - System32\Tasks\ReclaimerUpdateXML_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {76E083D8-0334-4BEB-A6D5-CD965A6232E4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-29] ()
Task: {7A0A92BC-1E69-4E52-828D-C7E8B3CCF0AB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {84D84E38-5466-4784-8796-0A3DB19D49EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-03] (AVAST Software)
Task: {9485608B-7DBE-48D8-B547-07F7A1755BAA} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {9DCEE83F-D3D4-4B4E-B782-7D974EA54029} - System32\Tasks\Microsoft Office 15 Sync Maintenance for user-HP-user user-HP => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-13] (Microsoft Corporation)
Task: {A75F0E03-10EA-4EA9-8687-64D7494D4E0D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-15] (Facebook Inc.)
Task: {A8612B67-D145-4F2B-91E5-9C7D2F545241} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {AB44C8AE-3154-4F08-A821-8FA72BBECFDB} - System32\Tasks\HPCeeScheduleForUSER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {ABFEDDAD-99B1-4954-930F-520B54CB60B4} - System32\Tasks\RNUpgradeHelperLogonPrompt_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {C29D9033-D6FC-4A40-B57A-B2CF9674600F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {D90DA100-7C98-4046-A443-A0315F91E6FB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {DA43D912-9E1D-48F4-A9AA-726988992A29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {EDEA0FC9-3FB4-4A1A-9013-D7B2836F3840} - System32\Tasks\ReclaimerUpdateFiles_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {FD752341-248A-4863-8AB1-7A84D354ADFC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2013-11-13 06:27 - 2013-11-13 06:27 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-03 13:14 - 2013-12-03 07:36 - 02150912 _____ () C:\Program Files\AVAST Software\Avast\defs\13120300\algo.dll
2013-12-03 13:14 - 2013-12-03 13:14 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\Users\user\Desktop\CleanTemp.bat:AFP_Resource
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/03/2013 01:18:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2013 01:17:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5298c262
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff0016052f
Faulting process id: 0x5f4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}
Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}
Error: (10/01/2013 01:05:05 PM) (Source: Google Update) (User: user-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (10/01/2013 01:04:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/01/2013 01:04:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5298c262
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff0016052f
Faulting process id: 0x9c0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}
Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}
Error: (12/03/2013 11:39:28 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {BD5E8E72-0BE9-49FD-82ED-AECF910790C2}
System errors:
=============
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 4 time(s).
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 4 time(s).
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Office Service service terminated unexpectedly. It has done this 4 time(s).
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 4 time(s).
Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 3 time(s).
Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).
Error: (12/03/2013 02:12:04 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error:
%%1056
Error: (12/03/2013 02:12:04 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Microsoft Office Sessions:
=========================
Error: (12/03/2013 01:18:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2013 01:17:09 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe10.4.2.05298c262unknown0.0.0.00000000000000000000007ff0016052f5f401cef04b7053fc0cC:\Program Files\KMSpico\Service_KMS.exeunknownbd666daf-5c3e-11e3-aec5-78e3b5573047
Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}
Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}
Error: (10/01/2013 01:05:05 PM) (Source: Google Update)(User: user-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (10/01/2013 01:04:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/01/2013 01:04:47 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe10.4.2.05298c262unknown0.0.0.00000000000000000000007ff0016052f9c001cebec84259a449C:\Program Files\KMSpico\Service_KMS.exeunknown93202f5d-2abb-11e3-b654-78e3b5573047
Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}
Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}
Error: (12/03/2013 11:39:28 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {BD5E8E72-0BE9-49FD-82ED-AECF910790C2}
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3562.9 MB
Available physical RAM: 1723.64 MB
Total Pagefile: 13561.09 MB
Available Pagefile: 11863.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.73 GB) (Free:355.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.74 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (SUPERCAGACUSTSUB) (CDROM) (Total:4.02 GB) (Free:0 GB) UDF
Drive g: (Sameer) (Removable) (Total:1.86 GB) (Free:1.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5D644BB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Anything else that you may require, please let me know! Thanks!