Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Icons shortcut not working - please help!


  • This topic is locked This topic is locked

#1
Dave_83

Dave_83

    Member

  • Member
  • PipPip
  • 66 posts

Hi,

 

I tried download a pdf file and by mistake I download a '.exe' file and installed it (this happened fast before I could stop it), but it turned out to be a virus/Trojan, which made some of the software shortcuts to stop working. When I click a software shortcut link, here is the message I get: "the item you selected is unavailable. It might have been moved, renamed, or removed. Do you want to remove it from the list?", But I see these softwares in c drive programs, I have to go there and open each and every time.

 

Now I don't know how solve this issue, and need help for the same. Awaiting for an response.

 

My desktop computer system configuration are below:

OS: Windows 7 Ultimate with Service Pack 1

Processor: Pentium Dual Core CPU 3.00 GHz

RAM: 4 GB

System type: 64 bit operating system

 

Any other details required please let me know. Thank you for your time.


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi Zep516,

 

Thank you for taking time and responding for the issue. I have the scan done and below is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by admin (administrator) on ADMIN-PC on 27-12-2014 10:44:27
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
( New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2763776 2009-10-28] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2014-12-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [b3d7ad373951cd040fb05f6d6f5bf314] => "C:\Users\admin\AppData\Local\Temp\winlog.exe" ..
HKLM-x32\...\Run: [mbot_in_166] => "C:\Program Files (x86)\mbot_in_166\mbot_in_166.exe"
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.exe [321736 2014-09-13] ( New Softwares.net)
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2014-09-13] (New Softwares.net)
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3519936 2013-07-13] (Tonec Inc.)
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [uTorrent] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-27] (BitTorrent Inc.)
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [935936 2013-07-19] (Seekar Ltd)
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [b3d7ad373951cd040fb05f6d6f5bf314] => "C:\Users\admin\AppData\Local\Temp\winlog.exe" .. <===== ATTENTION
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: K - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: S - S:\AutoRun.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {0d06b142-bd94-11e2-a8db-806e6f6e6963} - J:\Autorun.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {736c575a-d190-11e2-a03c-806e6f6e6963} - "L:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {8b5c64b7-4763-11e3-8ff8-8c89a518f86b} - K:\Startme.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {9b81d4fc-9785-11e3-882f-001b10002aec} - K:\Setup.exe /Auto
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {aa85edd2-7eb9-11e3-b3cc-001b10002aec} - K:\setup.exe -a
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartse...03RFXX92S5K03RF
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> URL http://www.trovigo.c...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: DownloadHelper Class -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> C:\Program Files (x86)\Common Files\Download Helper\DownloadHelperx64.dll (IE Download Helper)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DownloadHelper Class -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll (IE Download Helper)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9mr8nlll.default-1418472141609
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: Fast Start - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9mr8nlll.default-1418472141609\Extensions\[email protected] [2014-12-25]
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9mr8nlll.default-1418472141609\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-17]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9mr8nlll.default-1418472141609\Extensions\[email protected] [2014-12-13]
FF Extension: MeasureIt - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9mr8nlll.default-1418472141609\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-12-13]
FF Extension: Web Developer - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9mr8nlll.default-1418472141609\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-12-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9mr8nlll.default-1418472141609\extensions\[email protected]
FF HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5 [2013-07-13]
FF HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.websse...03RFXX92S5K03RF

Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1419450276&from=exp&uid=TOSHIBAXMK1002TSKB_92S5K03RFXX92S5K03RF
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1419450276&from=exp&uid=TOSHIBAXMK1002TSKB_92S5K03RFXX92S5K03RF"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> http://istart.websse...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://toolbar.avg.c...earchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ()
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-15]
CHR Extension: (AVG Secure Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-11-06]
CHR Extension: (Google News) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-09-15]
CHR Extension: (Easy Clock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn [2014-09-15]
CHR Extension: (Freemake Video Converter) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-21]
CHR Extension: (Video Download Helper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-11-14]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (MeasureIt) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokhcahijjfkdccinalifdifljglhclm [2014-09-15]
CHR HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-07-18]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - No Path
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.websse...03RFXX92S5K03RF

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2013-04-12] (CrypKey (Canada) Ltd.) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed]
R2 FLService; C:\Windows\SysWow64\WinFLService.exe [92360 2014-09-13] (New Softwares.net)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-03-12] (Freemake) [File not signed]
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-29] ()
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 UDisk Monitor; C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe [405504 2011-09-26] () [File not signed]
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-10] (AVG Secure Search)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-10] (AVG Technologies)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-06] (Sony Mobile Communications)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [31416 2013-04-12] ()
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2013-12-08] ()
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2014-09-13] ()
R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2013-12-08] (NewSoftwares.net, Inc.)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 10:44 - 2014-12-27 10:44 - 00000171 _____ () C:\Users\admin\Desktop\to be done dec last week.txt
2014-12-27 10:33 - 2014-12-27 10:37 - 00000061 _____ () C:\Users\admin\Desktop\bank RD and FD.txt
2014-12-27 10:19 - 2014-12-27 10:44 - 00030427 _____ () C:\Users\admin\Desktop\FRST.txt
2014-12-27 10:19 - 2014-12-27 10:42 - 00047841 _____ () C:\Users\admin\Desktop\Addition.txt
2014-12-27 10:18 - 2014-12-27 10:44 - 00000000 ____D () C:\FRST
2014-12-27 10:07 - 2014-12-27 10:08 - 02122752 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-12-26 21:20 - 2014-12-26 21:21 - 00000000 ____D () C:\Users\admin\Downloads\The Secret pdf+mp3 audiobook Rhonda Byrne
2014-12-26 04:01 - 2014-12-26 04:01 - 00000122 _____ () C:\Users\admin\Desktop\geeks to go forum.txt
2014-12-26 01:10 - 2014-12-26 01:15 - 00757598 _____ () C:\Users\admin\Desktop\30 things to failure.psd
2014-12-25 23:41 - 2014-12-25 23:41 - 00000377 _____ () C:\Users\admin\Desktop\question at jagoinvestor website articles.txt
2014-12-25 22:35 - 2014-12-25 23:31 - 00000440 _____ () C:\Users\admin\Desktop\about loans and interests and investments.txt
2014-12-25 19:29 - 2014-12-25 19:38 - 00000000 ____D () C:\Users\admin\Downloads\Lynda.com - SEO Fundamentals
2014-12-25 19:27 - 2014-12-25 19:27 - 00034163 _____ () C:\Users\admin\Downloads\[kickass.so]lynda.com.seo.fundamentals.torrent
2014-12-25 18:49 - 2014-12-25 19:00 - 00000000 ____D () C:\Users\admin\Desktop\seo tuts
2014-12-25 13:17 - 2014-12-25 18:50 - 00000000 ____D () C:\Users\admin\Downloads\Lynda - SEO for Local Visibility
2014-12-25 13:12 - 2014-12-25 16:42 - 00000000 ____D () C:\Users\admin\Downloads\SEO Experts Academy (MP4)
2014-12-25 12:29 - 2014-12-25 12:29 - 00000019 _____ () C:\Users\admin\Desktop\advaith.txt
2014-12-25 03:57 - 2014-12-25 03:57 - 00000813 _____ () C:\Users\admin\Desktop\to be learnt.txt
2014-12-25 02:06 - 2014-12-25 02:06 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 01:15 - 2014-12-25 08:04 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-25 01:14 - 2014-12-26 21:00 - 00000000 ____D () C:\Program Files (x86)\mbot_in_166
2014-12-25 01:14 - 2014-12-25 02:04 - 00000000 ____D () C:\Users\admin\AppData\Local\mbot_in_166
2014-12-25 01:14 - 2014-12-25 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-12-25 01:13 - 2014-12-25 02:08 - 00000000 ____D () C:\Program Files (x86)\GoForFiles
2014-12-25 01:13 - 2014-12-25 01:14 - 00000000 ____D () C:\Program Files (x86)\GoForFilesUpdater
2014-12-25 01:13 - 2014-12-25 01:13 - 00003096 _____ () C:\Windows\System32\Tasks\Update Service GoForFiles
2014-12-25 01:13 - 2014-12-25 01:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\GoforFiles
2014-12-25 01:13 - 2014-12-25 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\GoForFiles
2014-12-25 01:10 - 2014-12-25 01:22 - 00000000 ____D () C:\Users\admin\Desktop\chats-ebooks
2014-12-25 00:08 - 2014-12-25 00:08 - 00000469 _____ () C:\Users\admin\Desktop\sites.lands.pots to look at buying from developers.txt
2014-12-24 23:58 - 2014-12-24 23:58 - 00003662 _____ () C:\Users\admin\Desktop\property authorities in bangalore.txt
2014-12-24 23:25 - 2014-12-24 23:26 - 00002032 _____ () C:\Users\admin\Desktop\upkar developers.txt
2014-12-24 21:53 - 2014-12-24 21:53 - 00000000 ____D () C:\Users\admin\Downloads\The UX Book Process and Guidelines- Hartson [PDF] [StormRG]
2014-12-24 10:47 - 2014-12-24 10:47 - 00000053 _____ () C:\Users\admin\Desktop\idea call from landline to customer care.txt
2014-12-24 10:06 - 2014-12-24 10:06 - 00000274 _____ () C:\Users\admin\Desktop\bma office address.txt
2014-12-20 19:54 - 2014-12-20 20:00 - 00000000 ____D () C:\Users\admin\Desktop\christmas stuff
2014-12-18 23:31 - 2014-12-18 23:57 - 00000000 ____D () C:\Users\admin\Desktop\print for chaitanya
2014-12-18 00:59 - 2014-12-18 01:45 - 00000000 ____D () C:\Users\admin\Downloads\Top 100 + Beatport Electro House (December 2014) Top100 [320kbps] [EDM RG] -B.Lee-
2014-12-18 00:36 - 2014-12-18 00:48 - 00000000 ____D () C:\Users\admin\Downloads\Ministry Of Sound The Sound Of Deep House 2 (2014)
2014-12-17 23:40 - 2014-12-18 00:12 - 00000000 ____D () C:\Users\admin\Downloads\DMC - DJ Promo 163 [Mp3][www.lokotorrents.com]
2014-12-17 00:48 - 2014-12-17 00:48 - 10804864 _____ () C:\Users\admin\Desktop\Dr_Dani_s_1_Creative_Thinking_Technique.mp4
2014-12-17 00:41 - 2014-12-17 00:42 - 37121595 _____ () C:\Users\admin\Desktop\Creative_thinking_-_how_to_get_out_of_the_box_and_generate_ideas_Giovanni_Corazza_at_TEDxRoma.mp4
2014-12-17 00:01 - 2014-12-17 00:02 - 41063641 _____ () C:\Users\admin\Desktop\Your_Personality_and_Your_Brain_Scott_Schwefel_TEDxBrookings.mp4
2014-12-15 23:22 - 2014-12-15 23:22 - 00000157 _____ () C:\Users\admin\Desktop\printxpress bangalore.txt
2014-12-15 03:12 - 2014-12-15 03:12 - 00000109 _____ () C:\Users\admin\Desktop\what does this mean.txt
2014-12-15 02:00 - 2014-12-15 02:00 - 00000063 _____ () C:\Users\admin\Desktop\awesome quotes.txt
2014-12-14 01:28 - 2014-12-14 01:28 - 00013863 _____ () C:\Users\admin\Desktop\[kickass.so]gnomon.syd.mead.1.thumbnail.sketching.and.line.drawing.avi.torrent
2014-12-14 01:12 - 2014-12-14 01:12 - 00000000 ____D () C:\Users\admin\Downloads\150 Masterpieces of Drawing
2014-12-14 01:11 - 2014-12-14 01:11 - 00009075 _____ () C:\Users\admin\Desktop\[kickass.so]150.masterpieces.of.drawing.dover.fine.art.history.of.art.gnv64.torrent
2014-12-14 01:05 - 2014-12-14 01:05 - 00000000 ____D () C:\Users\admin\Downloads\Illustrator's Guide to Pen and Pencil Drawing Techniques
2014-12-14 01:04 - 2014-12-14 01:04 - 00014405 _____ () C:\Users\admin\Desktop\[kickass.so]illustrator.s.guide.to.pen.and.pencil.drawing.techniques.gnv64.torrent
2014-12-14 00:46 - 2014-12-14 01:04 - 00000000 ____D () C:\Users\admin\Downloads\Transcendence (2014)
2014-12-14 00:39 - 2014-12-14 00:39 - 00009373 _____ () C:\Users\admin\Desktop\[kickass.so]transcendence.2014.720p.brrip.x264.yify.torrent
2014-12-14 00:25 - 2014-12-14 00:25 - 00000000 ____D () C:\Users\admin\Downloads\Gone.Girl.2014.HDRip.XviD-SaM[ETRG]
2014-12-14 00:24 - 2014-12-14 00:24 - 00015035 _____ () C:\Users\admin\Desktop\[kickass.so]gone.girl.2014.hdrip.xvid.sam.etrg.torrent
2014-12-14 00:22 - 2014-12-14 00:33 - 00000000 ____D () C:\Users\admin\Downloads\The Equalizer (2014)
2014-12-14 00:22 - 2014-12-14 00:22 - 00009530 _____ () C:\Users\admin\Desktop\[kickass.so]the.equalizer.2014.720p.brrip.x264.yify.torrent
2014-12-13 23:56 - 2014-12-25 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools PDF Unlocker - v3.0 (Demo Version)
2014-12-13 23:56 - 2014-12-13 23:57 - 00000000 ____D () C:\Program Files (x86)\SysTools PDF Unlocker - v3.0 (Demo Version)
2014-12-13 23:56 - 2014-12-13 23:56 - 00001144 _____ () C:\Users\Public\Desktop\SysTools PDF Unlocker - v3.0 (Demo Version).lnk
2014-12-13 23:55 - 2014-12-13 23:56 - 00000000 ____D () C:\Users\admin\Downloads\PDF Unlocker 3.0 incl Cracked-DJiNN
2014-12-13 23:55 - 2014-12-13 23:55 - 00001395 _____ () C:\Users\admin\Desktop\[kickass.so]pdf.unlocker.3.0.incl.cracked.djinn.torrent
2014-12-13 22:54 - 2014-12-25 08:04 - 00000182 ____N () C:\spyhunter.log
2014-12-13 17:32 - 2014-12-13 17:32 - 00000000 ____D () C:\Users\admin\Desktop\Old Firefox Data
2014-12-13 17:25 - 2014-12-25 02:35 - 00000441 _____ () C:\sh4_service.log
2014-12-13 17:10 - 2014-12-13 17:10 - 00003338 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-12-13 17:10 - 2014-12-13 17:10 - 00002291 _____ () C:\Users\admin\Desktop\SpyHunter.lnk
2014-12-13 17:10 - 2014-12-13 17:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-12-13 17:10 - 2014-12-13 17:10 - 00000000 ____D () C:\sh4ldr
2014-12-13 17:10 - 2014-12-13 17:10 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-12-13 17:09 - 2014-12-13 17:10 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-12-13 16:59 - 2014-12-13 17:00 - 00000000 ____D () C:\Users\admin\Downloads\SpyHunter 4.1.11.0 + Crack
2014-12-13 15:35 - 2014-12-13 15:35 - 00000000 _____ () C:\autoexec.bat
2014-12-13 02:30 - 2014-12-13 05:26 - 00020500 _____ () C:\Program Files\.tmp
2014-12-13 02:29 - 2014-09-27 17:52 - 00408064 _____ () C:\Program Files\Whatsapp spy tool.exe
2014-12-12 01:45 - 2014-12-12 01:53 - 00000000 ____D () C:\Users\admin\Downloads\Implementing Responsive Design V413HAV
2014-12-12 00:48 - 2014-12-12 00:51 - 00000000 ____D () C:\Users\admin\Downloads\Maxwell Maltz - Psycho-Cybernetics [Mind Control]
2014-12-11 20:20 - 2014-12-11 20:20 - 06126536 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-12-11 12:57 - 2014-12-11 12:58 - 00000000 ____D () C:\Users\admin\Downloads\OGWhatsAppv2.11.432 Cracked Apk Is Here From JT Uploader
2014-12-11 12:57 - 2014-12-11 12:57 - 00014388 _____ () C:\Users\admin\Desktop\[kickass.so]ogwhatsappv2.11.432.cracked.2.numbers.in.1.device.from.jt.uploader.torrent
2014-12-10 21:02 - 2014-12-10 21:02 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb
2014-12-10 00:58 - 2014-12-26 04:01 - 00004703 _____ () C:\Users\admin\Desktop\xx.txt
2014-12-06 22:31 - 2014-12-06 22:58 - 00000000 ____D () C:\Users\admin\Desktop\e-books
2014-12-05 20:52 - 2014-12-09 11:15 - 00000471 _____ () C:\Users\admin\Desktop\TO BE DONE FOR FREELANCE WORKS.txt
2014-12-05 20:48 - 2014-12-14 20:36 - 00000759 _____ () C:\Users\admin\Desktop\december expeneses.txt
2014-12-04 01:55 - 2014-12-04 01:55 - 00000201 _____ () C:\Users\admin\Desktop\ksrtc bus seats - What the... are those.txt
2014-12-01 03:04 - 2014-12-19 01:21 - 00000000 ____D () C:\Users\admin\Desktop\DOC XLS PPT
2014-12-01 03:03 - 2014-12-01 03:04 - 00000000 ____D () C:\Users\admin\Desktop\TEXT FILES
2014-12-01 03:02 - 2014-12-11 13:02 - 00000000 ____D () C:\Users\admin\Desktop\IMAGES
2014-12-01 01:08 - 2014-12-01 01:08 - 00001266 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2014-11-30 22:47 - 2014-11-30 22:47 - 00000000 ____D () C:\Users\admin\AppData\Local\Apps\2.0
2014-11-30 00:32 - 2014-11-30 20:14 - 00000000 ____D () C:\Users\admin\Downloads\The 7 Habits of Highly Effective People

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 10:44 - 2013-06-10 11:18 - 00000000 ____D () C:\Users\admin\Downloads\Video
2014-12-27 10:44 - 2013-05-16 00:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 10:42 - 2013-05-23 22:57 - 87677254 _____ () C:\Windows\setupact.log
2014-12-27 10:35 - 2013-06-15 01:32 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2014-12-27 10:35 - 2013-06-10 11:18 - 00000000 ____D () C:\Users\admin\AppData\Roaming\DMCache
2014-12-27 10:18 - 2013-06-10 11:22 - 00000000 ____D () C:\ProgramData\MCShield
2014-12-27 10:10 - 2013-05-16 00:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-27 10:06 - 2012-11-16 03:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 10:05 - 2009-07-14 10:15 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 10:05 - 2009-07-14 10:15 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 02:49 - 2012-11-16 02:49 - 00000000 ____D () C:\Users\admin
2014-12-27 02:19 - 2013-06-15 16:37 - 00000000 ____D () C:\Users\admin\AppData\Local\CutePDF Writer
2014-12-27 02:18 - 2012-11-16 04:53 - 00000000 ____D () C:\Users\admin\AppData\Roaming\PrimoPDF
2014-12-27 02:00 - 2014-07-19 14:21 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-12-26 22:35 - 2009-07-14 10:43 - 00793008 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 21:20 - 2014-01-27 15:31 - 00000000 ____D () C:\Users\admin\Desktop\new torrents
2014-12-26 21:06 - 2012-11-16 03:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-26 15:16 - 2012-11-16 03:03 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{69FEF8D0-DC7E-4175-BB5D-65F44A3CE54C}
2014-12-26 13:41 - 2014-11-16 14:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-26 13:40 - 2009-07-14 08:04 - 00000539 _____ () C:\Windows\win.ini
2014-12-26 13:39 - 2014-10-05 15:29 - 00011350 _____ () C:\Windows\errord.log
2014-12-26 13:39 - 2014-10-05 15:29 - 00009548 _____ () C:\Windows\error.log
2014-12-26 13:39 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 04:02 - 2014-11-06 23:55 - 00045762 _____ () C:\Windows\SysWOW64\debug.log
2014-12-26 03:42 - 2013-07-03 00:33 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla
2014-12-26 01:21 - 2014-11-22 14:40 - 01309270 _____ () C:\Users\admin\Desktop\MY ACHIEVEMENTS FOR REST OF THE LIFE - PERSONAL AND PROFESSIONAL GROWTH - WHERE I STAND ver02.ai
2014-12-25 23:11 - 2014-11-12 02:03 - 00000034 _____ () C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2014-12-25 04:02 - 2014-08-29 22:45 - 00000000 ____D () C:\Users\admin\Downloads\Self.Help.-.Hypnosis.-.NLP.-.Neuro.Linguistic.Programming.-.Evil.Minded.Guy.-.Curse.[bleep].Growth
2014-12-25 03:36 - 2014-09-11 00:53 - 00000000 ____D () C:\Users\admin\AppData\Local\Avg2015
2014-12-25 03:25 - 2013-08-11 03:05 - 00000000 ____D () C:\Program Files (x86)\Ares
2014-12-25 02:40 - 2014-11-10 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-25 02:03 - 2009-07-14 10:38 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-25 01:16 - 2014-11-16 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-25 01:16 - 2014-10-05 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AceMoney
2014-12-25 01:16 - 2014-10-05 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash
2014-12-25 01:16 - 2014-09-22 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
2014-12-25 01:16 - 2014-09-11 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-25 01:16 - 2014-08-28 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
2014-12-25 01:16 - 2014-08-28 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daossoft ZIP Password Recovery
2014-12-25 01:16 - 2014-02-07 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Make Your Words Sell!
2014-12-25 01:16 - 2013-12-08 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Lock
2014-12-25 01:16 - 2013-09-14 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R-Studio
2014-12-25 01:16 - 2013-08-25 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
2014-12-25 01:16 - 2013-08-11 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
2014-12-25 01:16 - 2013-07-18 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-12-25 01:16 - 2013-07-15 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2014-12-25 01:16 - 2013-07-13 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-12-25 01:16 - 2013-07-11 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-12-25 01:16 - 2013-07-06 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2014-12-25 01:16 - 2013-07-03 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-12-25 01:16 - 2013-06-29 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speed Gear
2014-12-25 01:16 - 2013-06-29 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thumbnail Selector
2014-12-25 01:16 - 2013-06-29 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WT-4 Setup Utility
2014-12-25 01:16 - 2013-06-15 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-12-25 01:16 - 2013-06-15 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk
2014-12-25 01:16 - 2013-06-11 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APC
2014-12-25 01:16 - 2013-05-23 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-12-25 01:16 - 2012-11-16 04:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
2014-12-25 01:16 - 2012-11-16 04:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
2014-12-25 01:16 - 2012-11-16 04:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-25 01:16 - 2012-11-16 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2014-12-25 01:16 - 2012-11-16 03:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-25 01:16 - 2012-11-16 03:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-25 01:16 - 2012-11-16 03:29 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-25 01:16 - 2012-11-16 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-25 01:16 - 2012-11-16 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-12-25 01:16 - 2009-07-14 11:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-25 01:16 - 2009-07-14 08:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-25 01:16 - 2009-07-14 08:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-25 01:15 - 2014-11-26 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-25 01:15 - 2014-09-13 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-12-25 01:15 - 2014-04-09 00:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Traktor DJ Studio 3
2014-12-25 01:15 - 2013-12-08 21:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IETester
2014-12-25 01:15 - 2013-09-17 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-25 01:15 - 2013-06-29 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capture NX 2
2014-12-25 01:15 - 2013-06-15 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-12-25 01:15 - 2013-06-10 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-12-25 01:15 - 2012-11-16 03:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-12-25 01:15 - 2012-11-16 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2014-12-25 01:14 - 2012-11-16 03:34 - 00002055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-25 01:14 - 2012-11-16 02:50 - 00001634 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-24 21:44 - 2014-10-05 15:29 - 00002240 _____ () C:\Windows\system32\esnecil.ind
2014-12-24 21:44 - 2014-10-05 15:29 - 00000004 _____ () C:\Windows\vx86036.dat
2014-12-24 21:44 - 2014-10-05 15:29 - 00000000 ____D () C:\Users\admin\Documents\MProfit Data
2014-12-24 04:48 - 2013-06-15 16:45 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-12-19 22:57 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-18 09:50 - 2013-05-16 00:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-18 09:50 - 2012-11-16 03:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-18 09:50 - 2012-11-16 03:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-17 00:01 - 2014-02-08 01:57 - 00000000 ____D () C:\Users\admin\dwhelper
2014-12-15 01:48 - 2012-11-16 03:35 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-12-14 02:02 - 2013-09-08 11:39 - 00001456 _____ () C:\Users\admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-13 18:36 - 2013-06-10 11:18 - 00000000 ____D () C:\Users\admin\Downloads\Compressed
2014-12-13 17:22 - 2014-03-21 22:39 - 00000000 ____D () C:\Users\admin\AppData\Local\cache
2014-12-13 17:21 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\Registration
2014-12-13 17:06 - 2013-06-15 14:10 - 00221964 _____ () C:\Windows\PFRO.log
2014-12-13 16:08 - 2014-09-11 00:56 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-11 10:15 - 2013-05-23 22:56 - 08924944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-11 10:15 - 2012-11-16 03:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 00:53 - 2013-05-23 22:57 - 00611064 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-10 22:07 - 2014-11-06 23:55 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-12-10 22:07 - 2014-11-06 23:55 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-12-02 21:35 - 2014-05-13 22:00 - 00000000 ____D () C:\Users\admin\Desktop\DOC AND XLS
2014-12-01 01:12 - 2013-09-01 14:08 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-01 01:07 - 2012-11-16 04:29 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-12-01 01:07 - 2012-11-16 04:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-01 01:05 - 2013-06-10 11:14 - 00068959 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 20:47 - 2014-08-28 00:50 - 00000000 ____D () C:\Users\admin\Desktop\personal
2014-11-29 17:09 - 2014-08-29 23:42 - 00000000 ____D () C:\Users\admin\Downloads\NLP Hypnosis Dr Richard  Bandler VIDEO seminars Compilation
2014-11-29 17:03 - 2013-09-01 13:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-29 17:03 - 2013-09-01 13:30 - 00000000 ____D () C:\Program Files\Adobe
2014-11-29 17:01 - 2012-11-16 04:29 - 00000000 ____D () C:\ProgramData\Adobe

Files to move or delete:
====================
C:\Users\admin\en_res.dll
C:\Users\admin\es_res.dll
C:\Users\admin\fr_res.dll
C:\Users\admin\grm_res.dll
C:\Users\admin\it_res.dll
C:\Users\admin\jp_res.dll
C:\Users\admin\mfc80u.dll
C:\Users\admin\msvcr80.dll
C:\Users\admin\PCPE Setup.exe
C:\Users\admin\pt_res.dll
C:\Users\admin\ResourceReader.dll
C:\Users\admin\ru_res.dll
C:\Users\admin\zh_res.dll
C:\ProgramData\win_mpwd_sys.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-26 22:30

==================== End Of Log ============================

 

And below is the Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by admin at 2014-12-27 10:44:59
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
AceMoney (HKLM-x32\...\AceMoney_is1) (Version:  - MechCAD Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{10ADF519-706B-6EC7-A1A7-A2580D920457}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Ares 2.2.5 (HKLM-x32\...\Ares) (Version: 2.2.5-Build#3049 - Seekar Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
CanSecure-Retail (HKLM-x32\...\{5E4D6466-1917-4F6A-91FC-0A3EE4F31181}) (Version: 1.1.912 - Canara Bank)
Capture NX 2 (HKLM-x32\...\Capture NX 2) (Version: 2.0.0 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x32 Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM-x32\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x32 Version: 16.0 - Corel Corporation) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Daossoft ZIP Password Recovery 7.0.0.1 (HKLM-x32\...\Daossoft ZIP Password Recovery) (Version: 7.0.0.1 - Daossoft)
DAPlayer 1.0.1.9 (HKLM-x32\...\DAPlayer_is1) (Version:  - Digiarty Software,Inc.)
Dropbox (HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
eMule (HKLM-x32\...\eMule) (Version:  - )
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: 1.0 - )
EVEREST Ultimate Edition v2.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 2.50 - Lavalys Inc)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.0.0 - Nikon)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.47 - FileZilla Project)
Folder Lock (HKLM-x32\...\Folder Lock) (Version:  - New Softwares.net)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
gBurner (HKLM-x32\...\gBurner) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GnuCash 2.6.3 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
GoForFiles (HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\GoForFiles) (Version: 3.14.52 - http://www.fansfile.biz) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}) (Version: 4.2.198.2451 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
High-Definition Video Playback (x32 Version: 11.1.10400.2.65 - Nero AG) Hidden
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
IE Download Helper (HKLM-x32\...\{424E1389-2414-4394-9476-5D26316F291F}) (Version: 3.5 - IE Download Helper)
IETester v0.5.2 (remove only) (HKLM-x32\...\IETester) (Version: 0.5.2 - Core Services)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Mega Codec Pack 10.7.1 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
Make Your Words Sell! (HKLM-x32\...\MYWSuninstall) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft SharePoint Designer 2013 (HKLM-x32\...\Office15.SharePointDesigner) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MoneyManagerEX 1.1.0 (HKLM\...\{2C48DC11-E113-4912-8AFC-366D1918101E}_is1) (Version: 1.1.0 - Money Manager EX)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MProfit Investor - Portfolio Management Software (HKLM-x32\...\{2656F6FE-7B95-4F33-9B56-8998C78C451C}) (Version: 9.4.1013 - MProfit)
MyBestOffersToday 016.166 (HKLM-x32\...\mbot_in_166_is1) (Version:  - MYBESTOFFERSTODAY) <==== ATTENTION
Native Instruments Traktor DJ Studio 3 (HKLM-x32\...\Native Instruments Traktor DJ Studio 3) (Version:  - )
Nero 11 (HKLM-x32\...\{F021D637-BBDA-486B-96F0-225B62596C3B}) (Version: 11.0.11000 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon RAW Codec (HKLM-x32\...\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}) (Version: 1.00.0000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.1.1 - Nikon)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.0.35659 - Symantec Corporation)
Opera 12.01 (HKLM-x32\...\Opera 12.01.1532) (Version: 12.01.1532 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.2 - Nikon)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Reliance Netconnect+ (HKLM\...\ZTEWireless-101_is1) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
R-Studio 5.0 (HKLM-x32\...\R-Studio 5.0NSIS) (Version: 5.0.129021 - R-Tools Technology Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
Sony Sound Forge 8.0 (HKLM-x32\...\{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}) (Version: 8.0.53 - Sony)
Speed Gear v7.2 (HKLM-x32\...\Speed Gear_is1) (Version:  - )
SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SysTools PDF Unlocker - v3.0 (HKLM-x32\...\{FBD68E88-2999-43B7-B249-E1B08FA2B065}_is1) (Version:  - SysTools Software)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TeraCopy 2.3 beta (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Thumbnail Selector (HKLM-x32\...\{DD6967E0-904C-4394-A4AE-C2335E495933}) (Version: 1.1.0 - Nikon)
Update Service GoForFiles (HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Update Service GoForFiles) (Version: 3.14.52 - http://www.fansfile.biz) <==== ATTENTION
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.1.1 - Nikon)
VirtuaGirl HD (HKLM\...\vghd) (Version:  - )
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
Who Is On My Wifi version 2.0.9 (HKLM-x32\...\{010D45A1-093D-4534-8147-4E10E80F81CC}_is1) (Version: 2.0.9 - IO3O LLC)
Winamp (HKLM-x32\...\Winamp) (Version: 5.56  - Nullsoft, Inc)
WinHTTrack Website Copier 3.47-21 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
WT-4 Setup Utility (HKLM-x32\...\{6C89746F-CB7A-4BCA-88B9-03BBD2BA5600}) (Version: 1.1.0 - Nikon)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.4.2012.1 - URSoft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-185604135-3677887699-3063072871-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-12-2014 00:08:14 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2014-12-26 13:39 - 00006959 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com

There are 169 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07FB937F-0DE2-452F-8D4F-55F8BBD251D6} - System32\Tasks\Update Service GoForFiles => C:\Program Files (x86)\GoForFilesUpdater\GoForFilesUpdater.exe <==== ATTENTION
Task: {2E8CF13D-A2CC-49A7-9413-39568BC0335C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {30FB5F1B-1184-407D-A75A-45B3C9C8559D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-04] ()
Task: {382ED54F-9F20-442F-892D-AEF7F3AA3912} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {5718ADA5-16AA-4529-9DA6-B280FD224AE1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5DE6264B-2042-4C12-9084-36127CB2865A} - System32\Tasks\AdobeAAMUpdater-1.0-admin-PC-admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {71B400E5-CDCE-4DF3-AFDE-F4C1C983C545} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-18] (Adobe Systems Incorporated)
Task: {C6448A3A-32A9-4C6E-B0B2-BE171EFD116B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {D6CD6B98-747E-4D6E-BBD2-C8E5F4004EBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {F99419AA-0A11-4879-9FFB-51B88C233367} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-12-13] (Enigma Software Group USA, LLC.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-16 04:29 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2012-11-16 04:30 - 2009-07-31 07:28 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2014-05-03 23:19 - 2013-06-06 11:54 - 00020472 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2013-06-29 01:38 - 2013-06-29 01:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-18 09:17 - 2011-09-26 12:05 - 00405504 _____ () C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
2014-12-10 22:08 - 2014-12-10 22:07 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-11-16 03:29 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-11-16 03:37 - 2012-01-20 10:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-05-02 00:59 - 2014-05-02 00:59 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-05-23 22:43 - 2009-05-07 14:21 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-23 22:43 - 2009-05-07 14:23 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-05-23 22:43 - 2008-01-18 12:20 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-05-23 22:43 - 2009-10-28 07:56 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-11-06 23:55 - 2014-12-10 22:07 - 03081752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2011-07-28 17:55 - 2011-07-28 17:55 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-10 22:08 - 2014-12-10 22:07 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2014-11-06 23:55 - 2014-11-06 23:55 - 01685528 ____N () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-09-06 22:14 - 2014-09-06 22:14 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 22:11 - 2014-05-24 22:11 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 22:11 - 2014-05-24 22:11 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-11-10 22:54 - 2014-12-10 22:08 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-18 09:50 - 2014-12-18 09:50 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk => C:\Windows\pss\APC UPS Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\Windows\pss\Nikon Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Who Is On My Wifi.lnk => C:\Windows\pss\Who Is On My Wifi.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk => C:\Windows\pss\DesktopVideoPlayer.lnk.Startup
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Display => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: uTorrent => "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup

========================= Accounts: ==========================

admin (S-1-5-21-185604135-3677887699-3063072871-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-185604135-3677887699-3063072871-500 - Administrator - Disabled)
ASPNET (S-1-5-21-185604135-3677887699-3063072871-1003 - Limited - Enabled)
Guest (S-1-5-21-185604135-3677887699-3063072871-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2014 10:22:23 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.17929 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 9036.  Message ID: [0x2509].

Error: (12/26/2014 01:41:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 11:13:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 02:36:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 02:06:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b88

Start Time: 01d01fb8f08ec72a

Termination Time: 37

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 7bcee2fd-8bac-11e4-a696-001b10002aec

Error: (12/25/2014 02:05:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 01:14:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1f90
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/23/2014 08:48:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 11:51:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 07:19:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/27/2014 02:51:45 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (12/26/2014 11:19:31 PM) (Source: Virtual Disk Service) (EventID: 9) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: [email protected]

Error: (12/26/2014 11:19:31 PM) (Source: Virtual Disk Service) (EventID: 9) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: [email protected]

Error: (12/26/2014 11:19:30 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (12/26/2014 11:19:30 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (12/26/2014 01:41:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

Error: (12/26/2014 04:02:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/25/2014 11:13:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

Error: (12/25/2014 04:45:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/25/2014 02:36:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-18 13:03:45.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-18 13:03:45.355
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-18 13:03:45.035
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-18 13:03:45.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-11 00:47:05.591
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-11 00:47:05.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-11 00:47:04.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-11 00:47:04.783
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-03 23:11:03.895
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-03 23:11:03.879
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 47%
Total physical RAM: 4095.18 MB
Available physical RAM: 2140.77 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 5155.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:150.39 GB) (Free:40.47 GB) NTFS
Drive d: (SKA) (Fixed) (Total:150.39 GB) (Free:17.96 GB) NTFS
Drive e: (MOVIES) (Fixed) (Total:150.39 GB) (Free:4.75 GB) NTFS
Drive f: (MUSIC) (Fixed) (Total:150.39 GB) (Free:8.36 GB) NTFS
Drive g: (GAMES) (Fixed) (Total:150.39 GB) (Free:7.03 GB) NTFS
Drive h: (SOFTWARES) (Fixed) (Total:165.33 GB) (Free:10.31 GB) NTFS
Drive i: (RECOVERY PARTITION) (Fixed) (Total:14.12 GB) (Free:6.3 GB) NTFS
Drive j: (GTA IV Disc 1) (CDROM) (Total:7.03 GB) (Free:0 GB) UDF
Drive l: (WD SmartWare) (CDROM) (Total:0.62 GB) (Free:0 GB) UDF
Drive n: (My Book) (Fixed) (Total:930.86 GB) (Free:8.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2CBCDF0E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=630.6 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 000564D0)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Dave_83, 26 December 2014 - 11:19 PM.

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Lets remove some of the addware, while I look over the logs you posted.


Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    Thanks
    Joe :)

  • 0

#5
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Log of AdwCleaner after scan and clean up:

 

# AdwCleaner v4.106 - Report created 27/12/2014 at 13:15:49
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : YahooAUService
Service Deleted : vToolbarUpdater18.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Folder Deleted : C:\Program Files (x86)\goforfiles
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\mbot_in_166
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\admin\AppData\Local\Mobogenie
Folder Deleted : C:\Users\admin\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\admin\AppData\Local\mbot_in_166
Folder Deleted : C:\Users\admin\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\admin\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\admin\AppData\Roaming\vghd
Folder Deleted : C:\Users\admin\AppData\Roaming\webssearches
Folder Deleted : C:\Users\admin\Documents\Mobogenie
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9mr8nlll.default-1418472141609\Extensions\[email protected]
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
File Deleted : C:\END
File Deleted : C:\Users\admin\daemonprocess.txt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage-journal
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_in_166]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Update Service GoForFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_in_166_is1
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[9mr8nlll.default-1418472141609\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[9mr8nlll.default-1418472141609\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "webssearches");
[9mr8nlll.default-1418472141609\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[9mr8nlll.default-1418472141609\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v39.0.2171.95

[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP54D1857A-A769-45AE-A0B7-9B93E742D84D&q={searchTerms}&SSPV=
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP54D1857A-A769-45AE-A0B7-9B93E742D84D&q={searchTerms}&SSPV=
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1419450276&from=exp&uid=TOSHIBAXMK1002TSKB_92S5K03RFXX92S5K03RF&q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1419450276&from=exp&uid=TOSHIBAXMK1002TSKB_92S5K03RFXX92S5K03RF&q={searchTerms}

*************************

AdwCleaner[R0].txt - [15537 octets] - [27/12/2014 13:08:37]
AdwCleaner[S0].txt - [13950 octets] - [27/12/2014 13:15:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14011 octets] ##########
 


  • 0

#6
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by admin on Sat 12/27/2014 at 13:22:57.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\admin\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/27/2014 at 13:33:13.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello

At this time I'd like you to run a Malwarebytes scan. Here's the instructions looks as though you already have Malwarebytes so you may not have to download it, just run according to instructions below:

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Thanks
Joe :)
  • 0

#8
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi Joe,

 

Below is the Anti-Malware Logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/27/2014
Scan Time: 11:48:42 PM
Logfile: anti malware scan logo.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.27.06
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354096
Time Elapsed: 15 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|b3d7ad373951cd040fb05f6d6f5bf314, "C:\Users\admin\AppData\Local\Temp\winlog.exe" .., Quarantined, [4400c3a3a1dbf640765c5f1c996a35cb]
Trojan.Agent, HKU\S-1-5-21-185604135-3677887699-3063072871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|b3d7ad373951cd040fb05f6d6f5bf314, "C:\Users\admin\AppData\Local\Temp\winlog.exe" .., Quarantined, [fd472e381e5e4ee84d849be0df242ad6]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.GoForFiles, C:\Program Files (x86)\GoForFilesUpdater, Quarantined, [0c38c79feb91cb6b6787588323e118e8],
PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoForFiles, Quarantined, [57ed97cf1369d363e50ae7f47e8627d9],

Files: 6
PUP.Optional.MyStartSearch.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage, Quarantined, [f64e33333349ab8be2dc302e867d2ad6],
PUP.Optional.MyStartSearch.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal, Quarantined, [390be87ef884a69010ae78e63bc82ad6],
PUP.Optional.GoForFiles, C:\Program Files (x86)\GoForFilesUpdater\htmlayout.dll, Quarantined, [0c38c79feb91cb6b6787588323e118e8],
PUP.Optional.GoForFiles, C:\Program Files (x86)\GoForFilesUpdater\Uninstall.exe, Quarantined, [0c38c79feb91cb6b6787588323e118e8],
PUP.Optional.GoForFiles, C:\ProgramData\Microsoft\Windows\Start Menu\GoForFiles\GoForFiles.lnk, Quarantined, [57ed97cf1369d363e50ae7f47e8627d9],
PUP.Optional.GoForFiles, C:\Windows\System32\Tasks\Update Service GoForFiles, Quarantined, [c381580e83f9a393975acd0ee71dce32],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Programs to remove, if found. They maybe gone already, but check please.
GoForFiles
MyBestOffersToday
Update Service GoForFiles

Next
A few items to fix;

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2014-12-10] ()
HKLM-x32\...\Run: [b3d7ad373951cd040fb05f6d6f5bf314] => "C:\Users\admin\AppData\Local\Temp\winlog.exe" ..
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [uTorrent] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-27] (BitTorrent Inc.)
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [b3d7ad373951cd040fb05f6d6f5bf314] => "C:\Users\admin\AppData\Local\Temp\winlog.exe" .. <===== ATTENTION
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: K - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: S - S:\AutoRun.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {0d06b142-bd94-11e2-a8db-806e6f6e6963} - J:\Autorun.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {736c575a-d190-11e2-a03c-806e6f6e6963} - "L:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {8b5c64b7-4763-11e3-8ff8-8c89a518f86b} - K:\Startme.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {9b81d4fc-9785-11e3-882f-001b10002aec} - K:\Setup.exe /Auto
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {aa85edd2-7eb9-11e3-b3cc-001b10002aec} - K:\setup.exe -a
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartse...03RFXX92S5K03RF
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> URL http://www.trovigo.c...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...q={searchTerms}
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1419450276&from=exp&uid=TOSHIBAXMK1002TSKB_92S5K03RFXX92S5K03RF
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1419450276&from=exp&uid=TOSHIBAXMK1002TSKB_92S5K03RFXX92S5K03RF"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> http://istart.websse...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://toolbar.avg.c...earchTerms}&o=1
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll No File
CHR Extension: (AVG Secure Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-11-06]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - No Path
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.websse...03RFXX92S5K03RF
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
U2 V2iMount; No ImagePath
C:\Users\admin\AppData\Roaming\uTorrent
C:\Users\admin\en_res.dll
C:\Users\admin\es_res.dll
C:\Users\admin\fr_res.dll
C:\Users\admin\grm_res.dll
C:\Users\admin\it_res.dll
C:\Users\admin\jp_res.dll
C:\Users\admin\mfc80u.dll
C:\Users\admin\msvcr80.dll
C:\Users\admin\PCPE Setup.exe
C:\Users\admin\pt_res.dll
C:\Users\admin\ResourceReader.dll
C:\Users\admin\ru_res.dll
C:\Users\admin\zh_res.dll
C:\ProgramData\win_mpwd_sys.dat
Task: {07FB937F-0DE2-452F-8D4F-55F8BBD251D6} - System32\Tasks\Update Service GoForFiles => C:\Program Files (x86)\GoForFilesUpdater\GoForFilesUpdater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the Fixlog.txt, found on desktop.

Joe
  • 0

#10
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

The Fixlist is done, below is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by admin at 2014-12-28 11:47:36 Run:1
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2014-12-10] ()
HKLM-x32\...\Run: [b3d7ad373951cd040fb05f6d6f5bf314] => "C:\Users\admin\AppData\Local\Temp\winlog.exe" ..
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [uTorrent] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-27] (BitTorrent Inc.)
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\Run: [b3d7ad373951cd040fb05f6d6f5bf314] => "C:\Users\admin\AppData\Local\Temp\winlog.exe" .. <===== ATTENTION
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: K - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: S - S:\AutoRun.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {0d06b142-bd94-11e2-a8db-806e6f6e6963} - J:\Autorun.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {736c575a-d190-11e2-a03c-806e6f6e6963} - "L:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {8b5c64b7-4763-11e3-8ff8-8c89a518f86b} - K:\Startme.exe
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {9b81d4fc-9785-11e3-882f-001b10002aec} - K:\Setup.exe /Auto
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\...\MountPoints2: {aa85edd2-7eb9-11e3-b3cc-001b10002aec} - K:\setup.exe -a
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...03RFXX92S5K03RF
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartse...03RFXX92S5K03RF
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> URL http://www.trovigo.c...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-185604135-3677887699-3063072871-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...q={searchTerms}
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1419450276&from=exp&uid=TOSHIBAXMK1002TSKB_92S5K03RFXX92S5K03RF
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1419450276&from=exp&uid=TOSHIBAXMK1002TSKB_92S5K03RFXX92S5K03RF"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> http://istart.websse...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://toolbar.avg.c...earchTerms}&o=1
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll No File
CHR Extension: (AVG Secure Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-11-06]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - No Path
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.websse...03RFXX92S5K03RF
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
U2 V2iMount; No ImagePath
C:\Users\admin\AppData\Roaming\uTorrent
C:\Users\admin\en_res.dll
C:\Users\admin\es_res.dll
C:\Users\admin\fr_res.dll
C:\Users\admin\grm_res.dll
C:\Users\admin\it_res.dll
C:\Users\admin\jp_res.dll
C:\Users\admin\mfc80u.dll
C:\Users\admin\msvcr80.dll
C:\Users\admin\PCPE Setup.exe
C:\Users\admin\pt_res.dll
C:\Users\admin\ResourceReader.dll
C:\Users\admin\ru_res.dll
C:\Users\admin\zh_res.dll
C:\ProgramData\win_mpwd_sys.dat
Task: {07FB937F-0DE2-452F-8D4F-55F8BBD251D6} - System32\Tasks\Update Service GoForFiles => C:\Program Files (x86)\GoForFilesUpdater\GoForFilesUpdater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\b3d7ad373951cd040fb05f6d6f5bf314 => Value not found.
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\Software\Microsoft\Windows\CurrentVersion\Run\\b3d7ad373951cd040fb05f6d6f5bf314 => Value not found.
"HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J" => Key deleted successfully.
"HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K" => Key deleted successfully.
"HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S" => Key deleted successfully.
"HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d06b142-bd94-11e2-a8db-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{0d06b142-bd94-11e2-a8db-806e6f6e6963} => Key not found.
"HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{736c575a-d190-11e2-a03c-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{736c575a-d190-11e2-a03c-806e6f6e6963} => Key not found.
"HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b5c64b7-4763-11e3-8ff8-8c89a518f86b}" => Key deleted successfully.
HKCR\CLSID\{8b5c64b7-4763-11e3-8ff8-8c89a518f86b} => Key not found.
"HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b81d4fc-9785-11e3-882f-001b10002aec}" => Key deleted successfully.
HKCR\CLSID\{9b81d4fc-9785-11e3-882f-001b10002aec} => Key not found.
"HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa85edd2-7eb9-11e3-b3cc-001b10002aec}" => Key deleted successfully.
HKCR\CLSID\{aa85edd2-7eb9-11e3-b3cc-001b10002aec} => Key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
HKU\S-1-5-21-185604135-3677887699-3063072871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Key not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
Chrome DefaultSuggestURL not detected.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll not found.
C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll not found.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
aspnet_state => Service deleted successfully.
BAPIDRV => Service deleted successfully.
V2iMount => Service deleted successfully.
C:\Users\admin\AppData\Roaming\uTorrent => Moved successfully.
C:\Users\admin\en_res.dll => Moved successfully.
C:\Users\admin\es_res.dll => Moved successfully.
C:\Users\admin\fr_res.dll => Moved successfully.
C:\Users\admin\grm_res.dll => Moved successfully.
C:\Users\admin\it_res.dll => Moved successfully.
C:\Users\admin\jp_res.dll => Moved successfully.
C:\Users\admin\mfc80u.dll => Moved successfully.
C:\Users\admin\msvcr80.dll => Moved successfully.
C:\Users\admin\PCPE Setup.exe => Moved successfully.
C:\Users\admin\pt_res.dll => Moved successfully.
C:\Users\admin\ResourceReader.dll => Moved successfully.
C:\Users\admin\ru_res.dll => Moved successfully.
C:\Users\admin\zh_res.dll => Moved successfully.
C:\ProgramData\win_mpwd_sys.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07FB937F-0DE2-452F-8D4F-55F8BBD251D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07FB937F-0DE2-452F-8D4F-55F8BBD251D6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Update Service GoForFiles not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service GoForFiles" => Key deleted successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys" => Key deleted successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 1.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:49:19 ====


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

What is the state of the computer, how is running ? Any browser issues etc.

Joe
  • 0

#12
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi,

 

Now browser issues....but still some of the programs shortcuts are not working. I still get that message "the item you selected is unavailable. It might have been moved, renamed, or removed. Do you want to remove it from the list?"


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello Dave_83

You can delete the shorts that are not working and recreate them. Navigate to the program and a Simple right-click on the executable and select Send to Desktop (create shortcut)should do the trick for you.

Thanks
Joe :)
  • 0

#14
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Okay then....i will do that. BTW, What should i do to keep the desktop safe, from happening this things?

 

Thanks for all your time Joe.


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi dave_83

I'll provide tips at the end. I'd like to run an online scan called ESET, might take a while to run that. After that we need to remove my tools an clean up, so stick around for a bit more almost done.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET log in your next reply

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP