Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP ME BOOSTWEBAPP MALWARE SOMETHIN

Started by HELLOHALO , May 27 2015 07:20 PM
malware emergency windows 8

  • This topic is locked This topic is locked

#1
HELLOHALO
Posted 27 May 2015 - 07:20 PM

HELLOHALO

    Member

  • Member
  • PipPip
  • 21 posts

Help me I have this adware or something in my windows 8, it is listed in task manger as ukewdla.exe or I don't know.  (first time with this sry and I don't wanna type) im very scared and I tried what I could, it seems to be in this folder called boostwebapp which I cant open due to "invalid parameters" For more info please reply. Thank You! h.png k.png


  • 0

Advertisements

#2
zep516
Posted 27 May 2015 - 07:30 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
HELLOHALO
Posted 27 May 2015 - 07:36 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

ok, I did know what, shall I post the log?


  • 0

#4
HELLOHALO
Posted 27 May 2015 - 07:39 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by msingh (administrator) on SINGH on 27-05-2015 17:35:50
Running from C:\Users\msingh\Downloads
Loaded Profiles: msingh & Guest (Available Profiles: msingh & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\boostwebapp\1.1.0.31\ukewla.EXE
() C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\ProgramData\boostwebapp\1.1.0.31\ukedla.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015408 2013-03-05] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [Google Update] => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-03] (Google Inc.)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [Flvto Youtube Downloader] => C:\Users\msingh\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe [528384 2015-05-25] (Hotger)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [Window Hide Tool] => C:\Users\msingh\Downloads\Sahaj\Window Hide Tool\Window Hide Tool.exe
HKU\S-1-5-21-814935137-3960788824-2020595886-501\...\Run: [Flvto Youtube Downloader] => C:\Users\Guest\Documents\FlvtoYoutubeDownloader.exe [494592 2014-12-29] (Hotger)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2014-08-19]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\archimedes-ships-1-6-4 (1).lnk [2015-03-14]
ShortcutTarget: archimedes-ships-1-6-4 (1).lnk -> C:\ProgramData\{60f6bfdc-e75d-1009-60f6-6bfdce75ff73}\archimedes-ships-1-6-4 (1).exe (No File)
Startup: C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\archimedes-ships-1-6-4.lnk [2015-03-14]
ShortcutTarget: archimedes-ships-1-6-4.lnk -> C:\ProgramData\{5e5b9afa-55d1-9505-5e5b-b9afa55d6be9}\archimedes-ships-1-6-4.exe (No File)
Startup: C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2014-08-19]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = www.roblox.com
HKU\S-1-5-21-814935137-3960788824-2020595886-501\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-814935137-3960788824-2020595886-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-1001 -> {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-501 -> DefaultScope {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-501 -> {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Cifliaejgi.dll [286720 2015-05-26] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Cifliaejgi.dll [286720 2015-05-26] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Cifliaejgi.dll [286720 2015-05-26] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Cifliaejgi.dll [286720 2015-05-26] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Cifliaejgi.dll [286720 2015-05-26] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Cifliaejgi64.dll [360448 2015-05-26] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Cifliaejgi64.dll [360448 2015-05-26] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Cifliaejgi64.dll [360448 2015-05-26] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Cifliaejgi64.dll [360448 2015-05-26] ()
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Cifliaejgi64.dll [360448 2015-05-26] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1
Tcpip\..\Interfaces\{0AD46076-7C3C-4822-AD70-9805CA3D3AAD}: [NameServer] 8.8.8.8

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-02] (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-16] (Pando Networks)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @nsroblox.roblox.com/launcher -> C:\Users\msingh\AppData\Local\Roblox\Versions\version-482ae366f82d4d7c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\msingh\AppData\Local\Roblox\Versions\version-482ae366f82d4d7c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\msingh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @talk.google.com/O1DPlugin -> C:\Users\msingh\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @tools.google.com/Google Update;version=3 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @tools.google.com/Google Update;version=9 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\msingh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-16] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\msingh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\msingh\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2014-07-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Kaspersky Protection) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-02-11]
CHR Extension: (YouTube) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Google Search) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-02-11]
CHR Extension: (Rainbow City) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmhabfigjhoechkebmkmjdnkadpfekpj [2015-05-23]
CHR Extension: (Bookmark Manager) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Hangouts) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.googl...mnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.googl...mnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Locked "luonilhkog" service could not be unlocked. <===== ATTENTION
Locked "tammgF119" service could not be unlocked. <===== ATTENTION
Locked "tammgR119" service could not be unlocked. <===== ATTENTION
Locked "UnogjuCuwgy" service could not be unlocked. <===== ATTENTION
Locked "vemifotj" service could not be unlocked. <===== ATTENTION

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S4 Cifliaejgi; C:\ProgramData\boostwebapp\1.1.0.31\Cifliaejgi.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [182304 2014-11-07] (EasyAntiCheat Ltd)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-18] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-09] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 PredatorACM; "G:\LOL\PredatorACM.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-07-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-07-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-07-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-07-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-07-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-07-11] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-06-01] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-03-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-05] (Synaptics Incorporated)
R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [37496 2015-05-26] () [File not signed]
R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [36472 2015-05-26] () [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R5 luonilhkog;  <===== ATTENTION Locked Service
R5 tammgF119;  <===== ATTENTION Locked Service
R5 tammgR119;  <===== ATTENTION Locked Service
U5 UnogjuCuwgy;  <===== ATTENTION Locked Service
R5 vemifotj;  <===== ATTENTION Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 17:35 - 2015-05-27 17:36 - 00023829 _____ () C:\Users\msingh\Downloads\FRST.txt
2015-05-27 17:35 - 2015-05-27 17:35 - 02108928 _____ (Farbar) C:\Users\msingh\Downloads\FRST64.exe
2015-05-27 17:35 - 2015-05-27 17:35 - 00000000 ____D () C:\FRST
2015-05-27 16:59 - 2015-05-27 16:59 - 01190415 _____ () C:\Users\msingh\Downloads\ProcessExplorer.zip
2015-05-27 16:59 - 2015-05-27 16:59 - 00000000 ____D () C:\Users\msingh\Downloads\ProcessExplorer
2015-05-27 16:49 - 2015-05-27 16:49 - 00000000 ____D () C:\Users\msingh\Documents\ProcessExplorer
2015-05-27 16:46 - 2015-05-27 16:46 - 05005031 _____ () C:\WINDOWS\shost.bin
2015-05-26 18:58 - 2015-05-26 18:58 - 00002232 _____ () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk
2015-05-26 18:58 - 2015-05-26 18:58 - 00001522 _____ () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk
2015-05-26 18:58 - 2015-05-26 18:58 - 00000000 ____D () C:\Users\msingh\AppData\Local\Flvto YouTube Downloader
2015-05-26 17:45 - 2015-05-26 17:45 - 00457824 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\71CB6FB8.sys
2015-05-26 16:42 - 2015-05-26 16:42 - 00332120 _____ () C:\WINDOWS\Minidump\052615-22625-01.dmp
2015-05-26 16:17 - 2015-05-27 17:17 - 00003154 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.job
2015-05-26 16:17 - 2015-05-27 17:17 - 00002128 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00003154 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00002462 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00002462 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00000970 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00000966 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-26 16:17 - 2015-05-26 18:17 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-26 16:17 - 2015-05-26 17:26 - 00004688 _____ () C:\WINDOWS\SysWOW64\Cifliaejgi.ini
2015-05-26 16:17 - 2015-05-26 17:26 - 00002592 _____ () C:\WINDOWS\SysWOW64\CifliaejgiOff.ini
2015-05-26 16:17 - 2015-05-26 17:26 - 00002592 _____ () C:\WINDOWS\system32\CifliaejgiOff.ini
2015-05-26 16:17 - 2015-05-26 16:17 - 00037496 _____ () C:\WINDOWS\system32\Drivers\tammgF119.sys
2015-05-26 16:17 - 2015-05-26 16:17 - 00036472 _____ () C:\WINDOWS\system32\Drivers\tammgR119.sys
2015-05-26 16:17 - 2015-05-26 16:17 - 00006158 _____ () C:\WINDOWS\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6
2015-05-26 16:17 - 2015-05-26 16:17 - 00005466 _____ () C:\WINDOWS\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5
2015-05-26 16:17 - 2015-05-26 16:17 - 00000000 ____D () C:\Users\msingh\AppData\Local\globalUpdate
2015-05-26 16:17 - 2015-05-26 16:17 - 00000000 ____D () C:\ProgramData\boostwebapp
2015-05-26 16:17 - 2015-05-26 13:10 - 00360448 _____ () C:\WINDOWS\system32\Cifliaejgi64.dll
2015-05-26 16:17 - 2015-05-26 13:10 - 00286720 _____ () C:\WINDOWS\SysWOW64\Cifliaejgi.dll
2015-05-25 12:16 - 2015-05-25 12:16 - 00000000 ____D () C:\Users\msingh\Documents\FTB
2015-05-23 17:51 - 2015-05-23 17:51 - 00000512 _____ () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OS ©.lnk
2015-05-22 19:38 - 2015-05-25 11:21 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-05-16 21:59 - 2015-05-16 22:00 - 00000000 ____D () C:\Users\msingh\.gradle
2015-05-16 21:56 - 2015-05-16 21:56 - 00000000 ____D () C:\Users\msingh\Downloads\WorldEdit-master
2015-05-16 21:52 - 2015-05-16 21:55 - 01332432 _____ () C:\Users\msingh\Downloads\WorldEdit-master.zip
2015-05-16 14:40 - 2015-05-22 19:41 - 00000000 ____D () C:\Users\msingh\AppData\Local\Roblox
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 ____D () C:\Users\msingh\Documents\Curse
2015-05-16 11:40 - 2015-05-20 15:03 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\Curse Client
2015-05-16 11:40 - 2015-05-16 11:40 - 00001072 _____ () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2015-05-16 11:39 - 2015-05-16 11:39 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\Curse
2015-05-15 15:57 - 2015-05-15 15:57 - 00000000 ____D () C:\Users\msingh\vsxu
2015-05-15 15:34 - 2015-04-24 14:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-15 15:34 - 2015-04-09 17:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-15 15:34 - 2015-04-09 17:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-15 15:34 - 2015-04-02 17:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-15 15:34 - 2015-04-02 17:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-15 15:34 - 2015-04-01 15:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-15 15:34 - 2015-04-01 15:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-15 15:34 - 2015-03-31 20:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-15 15:34 - 2015-03-31 19:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-15 15:34 - 2015-03-19 18:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-15 15:34 - 2015-03-17 10:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-15 15:34 - 2015-03-12 21:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-15 15:34 - 2015-03-12 21:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-15 15:34 - 2015-03-12 19:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-15 15:34 - 2015-03-12 18:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-15 15:34 - 2015-03-12 17:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-15 15:34 - 2015-03-12 17:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-15 15:34 - 2015-03-10 18:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-15 15:34 - 2015-03-10 18:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-15 15:34 - 2015-03-08 19:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-15 15:34 - 2015-03-05 20:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-15 15:34 - 2015-03-05 19:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-15 15:34 - 2015-03-05 19:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-15 15:34 - 2015-03-04 16:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-15 15:34 - 2015-03-03 18:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-15 15:34 - 2015-03-03 18:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-15 15:34 - 2015-02-17 16:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-15 15:34 - 2015-01-29 17:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-15 15:34 - 2014-11-13 23:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-13 15:36 - 2015-04-30 13:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:36 - 2015-04-30 13:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:57 - 2015-03-29 22:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 21:57 - 2015-03-26 20:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 21:57 - 2015-03-26 19:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 21:57 - 2015-03-26 19:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 21:56 - 2015-04-09 18:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 21:56 - 2015-04-09 17:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 21:56 - 2015-04-08 15:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 21:55 - 2015-04-30 16:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 21:55 - 2015-04-30 15:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 21:55 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 21:55 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 21:55 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 21:55 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 21:55 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 21:55 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 21:55 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 21:55 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 21:55 - 2015-04-21 09:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 21:55 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 21:55 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 21:55 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 09:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 21:55 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 21:55 - 2015-04-21 08:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 21:55 - 2015-04-21 08:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 21:55 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 21:55 - 2015-04-21 08:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 21:55 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 08:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 21:55 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 08:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 21:55 - 2015-04-21 08:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 21:55 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 21:55 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 08:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 21:55 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 21:55 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 21:55 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 21:55 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 21:55 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 21:55 - 2015-04-13 15:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 21:55 - 2015-04-09 17:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-07 19:46 - 2015-05-07 19:46 - 00000000 ____D () C:\KVRT_Data
2015-05-07 19:44 - 2015-05-07 19:46 - 302786560 _____ () C:\Users\msingh\Downloads\kav_rescue_10.iso
2015-05-07 19:44 - 2015-05-07 19:45 - 110656344 _____ (Kaspersky Lab ZAO) C:\Users\msingh\Downloads\KVRT.exe
2015-05-07 19:30 - 2015-05-07 19:30 - 00000017 _____ () C:\Users\msingh\AppData\Local\resmon.resmoncfg
2015-05-07 15:41 - 2015-05-07 15:42 - 00761600 _____ () C:\WINDOWS\Minidump\050715-24718-01.dmp
2015-05-06 15:13 - 2015-05-06 15:13 - 00340320 _____ () C:\WINDOWS\Minidump\050615-35187-01.dmp
2015-05-04 18:41 - 2015-05-04 18:41 - 00008664 _____ () C:\Users\msingh\Downloads\A606.tmp
2015-04-28 17:00 - 2015-04-28 17:00 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 17:32 - 2014-03-01 19:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-27 17:26 - 2014-01-04 18:38 - 01659915 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-27 17:19 - 2014-10-17 12:04 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 17:17 - 2013-12-15 10:47 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-814935137-3960788824-2020595886-1001
2015-05-27 17:17 - 2013-11-14 00:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-27 17:15 - 2015-02-03 20:01 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001UA.job
2015-05-27 17:14 - 2014-01-04 19:24 - 00000000 ___DO () C:\Users\msingh\SkyDrive
2015-05-27 17:12 - 2013-12-15 11:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-27 17:11 - 2015-01-01 18:18 - 00008873 _____ () C:\WINDOWS\setupact.log
2015-05-27 17:11 - 2014-10-17 12:04 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 17:11 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-27 17:10 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-27 17:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-27 16:48 - 2014-01-07 15:16 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{098A15F4-7D2F-4B1B-9498-3B85E71CABE5}
2015-05-27 16:15 - 2015-02-03 20:01 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001Core.job
2015-05-27 16:06 - 2015-02-14 20:28 - 00009210 _____ () C:\WINDOWS\PFRO.log
2015-05-26 19:02 - 2015-02-04 17:14 - 00000000 ____D () C:\Users\msingh\Downloads\Sahaj
2015-05-26 18:58 - 2015-02-04 19:22 - 00000000 ____D () C:\Users\msingh\AppData\Local\Hotger
2015-05-26 17:42 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-26 17:36 - 2013-09-19 13:42 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-26 16:46 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-26 16:42 - 2015-01-02 21:58 - 679212332 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-26 16:42 - 2014-04-09 11:44 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-26 16:42 - 2014-01-04 18:27 - 00000000 ____D () C:\Users\msingh
2015-05-25 12:26 - 2014-10-11 09:07 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\SpaceEngineers
2015-05-25 12:17 - 2015-01-26 18:35 - 00000000 ____D () C:\Users\msingh\AppData\Local\ftblauncher
2015-05-25 12:16 - 2015-01-26 18:35 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\ftblauncher
2015-05-19 15:15 - 2013-12-18 15:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-17 17:17 - 2014-01-14 19:16 - 00108544 ___SH () C:\Users\msingh\Desktop\Thumbs.db
2015-05-17 16:10 - 2013-08-22 07:44 - 00493392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-17 16:05 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 19:10 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-15 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-15 16:10 - 2015-02-03 20:01 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001UA
2015-05-15 16:10 - 2015-02-03 20:01 - 00003492 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001Core
2015-05-14 18:56 - 2013-12-15 10:32 - 00000000 ____D () C:\Users\msingh\AppData\Local\Packages
2015-05-14 17:58 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 15:34 - 2013-11-14 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-05 10:59 - 2014-10-18 18:42 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 10:59 - 2014-10-18 18:42 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 19:03 - 2014-12-22 13:55 - 00094720 ___SH () C:\Users\msingh\Downloads\Thumbs.db
2015-05-02 19:56 - 2015-01-22 21:46 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2015-05-07 19:30 - 2015-05-07 19:30 - 0000017 _____ () C:\Users\msingh\AppData\Local\resmon.resmoncfg
2015-03-18 19:09 - 2015-03-18 19:09 - 0000406 _____ () C:\Users\msingh\AppData\Local\Temp-log.txt
2013-09-19 13:42 - 2013-09-19 13:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-09-19 13:38 - 2013-09-19 13:39 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-09-19 13:39 - 2013-09-19 13:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-09-19 13:37 - 2013-09-19 13:38 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-09-19 13:40 - 2013-09-19 13:42 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\iExplorer_Setup_3690.exe
C:\Users\msingh\AppData\Local\Temp\ginstall.dll
C:\Users\msingh\AppData\Local\Temp\iExplorer_Setup_3690.exe
C:\Users\msingh\AppData\Local\Temp\minecraft-server.exe
C:\Users\msingh\AppData\Local\Temp\SpOrder.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-22 20:41

==================== End of log ============================

 

This is the FRST.txt log.


  • 0

#5
HELLOHALO
Posted 27 May 2015 - 07:41 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

This is the Addition.txt log, I believe it has found some of the problems.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by msingh at 2015-05-27 17:36:35
Running from C:\Users\msingh\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-814935137-3960788824-2020595886-500 - Administrator - Disabled)
Guest (S-1-5-21-814935137-3960788824-2020595886-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-814935137-3960788824-2020595886-1005 - Limited - Enabled)
msingh (S-1-5-21-814935137-3960788824-2020595886-1001 - Administrator - Enabled) => C:\Users\msingh

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Block N Load (HKLM-x32\...\Steam App 299360) (Version:  - Jagex)
Bloggie Software (HKLM-x32\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
Bloggie Software (x32 Version: 3.3.1.73 - Sony Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
boostwebapp (HKLM-x32\...\{5EE391DF-2ACE-41AA-aC9D-0353D11363F6}) (Version: 1.1.0.31 - boostwebapp) <==== ATTENTION
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{C0C47F85-F48F-4709-9150-3FA62FA2DEAF}) (Version: 2.6.1000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.13.5 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Flvto YouTube Downloader (HKLM-x32\...\Flvto YouTube Downloader) (Version: 0.6.7 - Hotger)
FMS (HKLM-x32\...\FMS) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HQCinema Pro 2.1V26.05 (HKLM-x32\...\HQCinema Pro 2.1V26.05) (Version: 1.36.01.22 - HQ-VideoV26.05) <==== ATTENTION
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iExplorer 3.6.9.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Predator (HKLM-x32\...\{017B444A-4C86-43AC-A9A8-D3C99143E073}) (Version: 3 - Predator-Usb)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
ROBLOX Player for msingh (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for msingh (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Unity Web Player (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Vovoid VSXu 0.5.0 (HKLM-x32\...\VSXu 0.5.0) (Version: 0.5.0 - Vovoid Media Technologies AB)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Speech Recognition Macros (HKLM-x32\...\{8DC197D6-F4AB-44E0-ACF7-210355E6F389}) (Version: 1.0.6862.19 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\msingh\AppData\Local\Roblox\Versions\version-482ae366f82d4d7c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

13-05-2015 15:33:36 Windows Update
16-05-2015 19:04:57 Removed Ji_Ga_Zo
22-05-2015 20:41:38 Windows Update
26-05-2015 18:45:13 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04697E68-1434-4621-A505-E17C8C8BE11D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {1095FF67-AD00-4234-8368-A9FA0295510E} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-10.exe <==== ATTENTION
Task: {110D54CC-228E-4F5C-B45D-0795FB4DE504} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5 => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: {15822A82-BA76-4861-85A5-4828920E698E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1FBAA91C-0093-478C-85A4-D665F4A28447} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2042DC01-A2E2-40BD-A9DC-FC5EB5528E10} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-02] (CyberLink Corp.)
Task: {2C71DF42-A5E9-4989-AE32-F9E9DE7236CF} - \6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7 No Task File <==== ATTENTION
Task: {328A3643-3B8D-4B4C-B2E6-E45E5CDD0A71} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6 => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.exe <==== ATTENTION
Task: {3ED59CBC-C834-4D04-843B-26D1BD155F81} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {3F056410-9CA3-4C9A-B114-D61D5FAB2344} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001UA => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {58B13CCF-D30D-4DE2-B635-00E9AEF9655E} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {59C6E8D4-3F8B-47B5-9E3D-0566F870D2E3} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: {60EE4C2C-2572-4478-AAD8-18825985BAA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {652009CD-07EB-4517-9CE2-2C9E1C508E6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6BDE436D-9F4B-4CBE-BA02-8ED7D5C4434C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {6C00C75C-1FD0-48BD-9452-568F2670EA94} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {783F0C23-AFC1-48AD-8DEE-A4E9777487AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {8641F42D-7D9E-45C2-8C02-4072AB45C705} - System32\Tasks\{1C2FE9C9-ACEC-4D47-AC62-C2367C22CA4F} => pcalua.exe -a C:\Users\msingh\Downloads\FMS\fms2alpha85.exe -d C:\Users\msingh\Downloads\FMS
Task: {A1ABA4E2-18E1-420D-A793-F33CAA96980C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-06-05] (PC-Doctor, Inc.)
Task: {A943BFF0-67B2-4C73-A273-4B23ADEA2B03} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A94BF97C-A5B3-4B0E-910E-D845D2A785A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-18] (Microsoft Corporation)
Task: {AE24E647-F4B2-4222-95B4-4C681B6CE6D9} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-05] (Synaptics Incorporated)
Task: {B821194B-8CBC-47BA-A9EE-49B8FE40EF21} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C65A8DEE-AD1D-44C4-9801-E5408115AD96} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-02] (CyberLink)
Task: {CFEF160A-B3D6-4FBF-966B-BF4A53BE4188} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001Core => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {D41691DE-5A3E-43D8-9140-CEFBCBC77495} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-06-05] (PC-Doctor, Inc.)
Task: {D49B6050-1E54-45D1-83F0-4D939EA5673D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D9A65C48-7A97-4BD0-917D-AC3C229A5A0A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-18] (Microsoft Corporation)
Task: {F2D4D2E9-CE7C-4309-A678-E118CCA6B8EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001Core.job => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001UA.job => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-26 16:17 - 2015-05-26 13:10 - 00360448 _____ () C:\WINDOWS\system32\Cifliaejgi64.dll
2014-03-19 21:12 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-14 13:40 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 19:11 - 2013-02-28 19:11 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 19:15 - 2013-02-28 19:15 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-06-17 09:35 - 2013-06-17 09:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 11:52 - 2013-05-08 11:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2013-09-19 13:38 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\msingh\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Cifliaejgi => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Theme1\img6.jpg
HKU\S-1-5-21-814935137-3960788824-2020595886-501\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Cifliaejgi => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: ZAtheros Wlan Agent => 2
HKLM\...\StartupApproved\StartupFolder: => "Bloggie Watcher Utility.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\StartupFolder: => "Bloggie Watcher Utility.lnk"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\StartupFolder: => "archimedes-ships-1-6-4 (1).lnk"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\StartupFolder: => "archimedes-ships-1-6-4.lnk"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "Flvto Youtube Downloader"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "Window Hide Tool"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B1AEDFFD-EF10-4B42-A867-7FD5E1654349}] => (Allow) C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{ADE91327-AE6A-4EFF-82F2-6A887F20AB27}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B9315DFC-4F7B-4B6B-A0B3-744411BE6080}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BF765730-5CE8-4134-9215-F0B88A218363}] => (Allow) LPort=1900
FirewallRules: [{63657DF8-30FD-4045-940E-A55059334063}] => (Allow) LPort=2869
FirewallRules: [{49245A28-C149-4BD8-8CCC-CE2F06E0FB4D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{42903FFD-F5DB-4070-8A8D-97597FFDD49F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{73D94D51-A362-4EA0-BB01-C5C7871310C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{5B36D55B-038D-4CA5-8901-82318BF8A073}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CEBA69AA-193E-4B0A-AF37-7642BF0B8F87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E2F2A52-F0C1-4764-8085-0760647486AA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD68416E-06F4-4844-A829-07A161ECF6B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C6AE1991-79D0-4A27-A2AF-17811FD0DD1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B18C5AF4-B569-4E9D-831A-D771847FA5B6}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{75C04C89-960B-45BB-9BE9-9232EF6E549D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A797E3DD-9913-4606-9196-57FF1BA2D763}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{100260BE-6CDE-4070-8FEA-BCEA9FD374BD}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BA1F0C57-F37A-4EFB-A9F1-A83E8F11F5A0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{92BC0707-F06A-4E4F-971E-DF7E30447CE1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{69D75E92-CF56-4A00-85E3-B2265880A8AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{541F4F80-096A-4DC7-A5AC-D78FE5F33940}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D5D3870-17C2-4AC2-A654-1693FA338C33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{290E1C08-01E8-4209-AA3A-B243F7B3CB9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C35E6038-BC16-4AF8-9037-B72F497C3636}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A5387EC1-BAD4-4799-B958-FE2C4C46F61B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{48969441-7CD1-4AFF-8D1F-934843778314}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{303808D2-7887-4738-962A-F47D18BE9F50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [TCP Query User{F1FFF5D7-A9A9-4F20-A713-72E5C93A8A3E}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7AFA88EB-4369-4799-86BD-DD602E619A04}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{76CB0885-60D1-4E25-9212-136EF0E15F71}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsy3562.tmp\CnetInstaller-75115673.exe
FirewallRules: [{8AF417F2-7C28-45AD-869E-4EC8FB7D788E}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsy3562.tmp\CnetInstaller-75115673.exe
FirewallRules: [{1A08B4D6-17C6-4D1D-A520-B73E2B9CCAA0}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsg2D2A.tmp\CnetInstaller-75864009.exe
FirewallRules: [{74BD9766-73C6-400D-8C82-21AC93007164}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsg2D2A.tmp\CnetInstaller-75864009.exe
FirewallRules: [{2095777F-32CA-426C-853B-5735116C13C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{AD5D2B99-1013-4F08-8E04-4AC0B4C26947}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{43A93CD5-9E8F-4955-8AEB-CB0C3E7259AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{E4F472CA-E3EB-48D3-B0EE-B2CA9F790FE4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{EF820659-9275-4690-8D63-FA3FC089B67F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dizzel\Dizzel.exe
FirewallRules: [{A0D67918-BA45-4033-9178-10B257FE469F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dizzel\Dizzel.exe
FirewallRules: [TCP Query User{389D619A-D1E2-42A6-9C7A-A713835E9D19}C:\users\msingh\desktop\kodi\kodi.exe] => (Allow) C:\users\msingh\desktop\kodi\kodi.exe
FirewallRules: [UDP Query User{BDC23E07-5061-43F1-8634-34E67D62EB87}C:\users\msingh\desktop\kodi\kodi.exe] => (Allow) C:\users\msingh\desktop\kodi\kodi.exe
FirewallRules: [TCP Query User{0551EC1B-6990-45A8-A32F-A3A798B5D571}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{121F8948-A2BF-413D-92EE-B8DEB755D4A1}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{826F9FF0-024B-4E10-AE2D-5C27BFA16D81}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A07C2A66-751F-4A71-AD67-B51645790FC5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{22B896D0-1148-46F1-A086-E0088B169E96}C:\program files (x86)\ffsplit\ffsplit.exe] => (Allow) C:\program files (x86)\ffsplit\ffsplit.exe
FirewallRules: [UDP Query User{72785844-481F-470E-913D-7956D673D34C}C:\program files (x86)\ffsplit\ffsplit.exe] => (Allow) C:\program files (x86)\ffsplit\ffsplit.exe
FirewallRules: [TCP Query User{527935E6-2E84-41D1-999A-2FA43A15808C}C:\users\msingh\downloads\sahaj\world_of_tanks\wotlauncher.exe] => (Block) C:\users\msingh\downloads\sahaj\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{301E4999-9CF1-4DA8-B85E-76962ECD0F67}C:\users\msingh\downloads\sahaj\world_of_tanks\wotlauncher.exe] => (Block) C:\users\msingh\downloads\sahaj\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{22747CD7-2A64-4E31-8D48-82B641B95773}C:\users\msingh\downloads\sahaj\world_of_tanks\worldoftanks.exe] => (Allow) C:\users\msingh\downloads\sahaj\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{ECEAA333-B6D8-46CA-8DA6-AE9A69D31768}C:\users\msingh\downloads\sahaj\world_of_tanks\worldoftanks.exe] => (Allow) C:\users\msingh\downloads\sahaj\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{8706CB4E-72F5-4FBA-9148-FAE5F6B4FAEB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8080160C-472A-4152-B6E6-5B7DDE383C2E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{056ABB18-2EE9-4446-88E4-1C39A83932D5}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{E76191AC-CD52-42DD-BA10-082AEFD9334C}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{0D889415-5D66-4061-A2F1-32CD722B6A70}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{B8654F89-0431-4165-8113-81ECFE770CBC}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{1B8B5C47-D2D7-458D-9C77-23FDE162A03C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FA551CF9-0EDF-4E60-910A-0C89D7BC260B}] => (Allow) C:\Users\msingh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78CB0F21-C711-4022-A6EA-F220AFC2666B}] => (Allow) C:\Users\msingh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{38A6EA0B-ABD0-4CA3-95F9-6DB27029AC4D}C:\program files (x86)\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{9034D7A2-4BC9-4F51-AC8F-7B088D0033E3}C:\program files (x86)\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\java.exe
FirewallRules: [TCP Query User{071948A1-ADC3-49C8-A70C-3F55E97D9E15}C:\users\msingh\downloads\sahaj\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\msingh\downloads\sahaj\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B24264E2-3F99-471B-AD4E-ED8B735CF08D}C:\users\msingh\downloads\sahaj\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\msingh\downloads\sahaj\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A97543E4-17B7-4E0A-9532-EDA24D4F2D3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{ABBD2C04-1315-4885-BBCC-9769951B8694}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{6270F254-0334-449C-9546-2D2D67B2C181}C:\users\msingh\downloads\sahaj\mcpe server\pocketmine-mp\bin\php\php.exe] => (Allow) C:\users\msingh\downloads\sahaj\mcpe server\pocketmine-mp\bin\php\php.exe
FirewallRules: [UDP Query User{7C9F9F54-0BDF-4DB8-BB3A-6CC8EEE1E175}C:\users\msingh\downloads\sahaj\mcpe server\pocketmine-mp\bin\php\php.exe] => (Allow) C:\users\msingh\downloads\sahaj\mcpe server\pocketmine-mp\bin\php\php.exe
FirewallRules: [TCP Query User{33B38B44-3FA0-4B1B-AA19-76C0C53553E1}C:\users\msingh\downloads\sahaj\pocketmine-mp\bin\php\php.exe] => (Allow) C:\users\msingh\downloads\sahaj\pocketmine-mp\bin\php\php.exe
FirewallRules: [UDP Query User{BD7DC619-7DDB-4EDF-8C35-DDD652CA9786}C:\users\msingh\downloads\sahaj\pocketmine-mp\bin\php\php.exe] => (Allow) C:\users\msingh\downloads\sahaj\pocketmine-mp\bin\php\php.exe
FirewallRules: [{2F02D50B-B5E3-46F8-9867-2901F033BD84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{4D8B1DD6-D67F-4DE0-A577-1308A933B97B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{4A91C558-652D-48C0-89B0-F5F30E3E97F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3DAD9FCB-AFDF-467B-8A4F-99D909E07A64}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{3D22F3D9-6D43-451B-8F03-82DBAC577C8D}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{950F25B7-A9D3-404A-8622-BC0692DE2B11}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{80F9A9AE-A090-4C11-B8B1-113481107EAB}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{EECA6D09-29D3-4C4C-84D7-0999C27F0777}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2015 05:12:02 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3792) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (05/27/2015 05:12:00 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3588) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (05/27/2015 05:09:45 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.

Error: (05/27/2015 05:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ukeala.exe, version: 0.0.0.0, time stamp: 0x5564d302
Faulting module name: RPCRT4.dll, version: 6.3.9600.17415, time stamp: 0x54503de4
Exception code: 0xc0020043
Fault offset: 0x000552e2
Faulting process id: 0x780
Faulting application start time: 0xukeala.exe0
Faulting application path: ukeala.exe1
Faulting module path: ukeala.exe2
Report Id: ukeala.exe3
Faulting package full name: ukeala.exe4
Faulting package-relative application ID: ukeala.exe5

Error: (05/27/2015 05:02:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SINGH)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/27/2015 04:46:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 2.76.57.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ebc

Start Time: 01d098d7060b7831

Termination Time: 0

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: 9aae7a47-04ca-11e5-bed8-74867a3d23a5

Faulting package full name:

Faulting package-relative application ID:

Error: (05/27/2015 04:07:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BaxeuLitojo.exe, version: 0.0.0.0, time stamp: 0x5564d328
Faulting module name: RPCRT4.dll, version: 6.3.9600.17415, time stamp: 0x54503de4
Exception code: 0xc0020043
Fault offset: 0x000552e2
Faulting process id: 0x76c
Faulting application start time: 0xBaxeuLitojo.exe0
Faulting application path: BaxeuLitojo.exe1
Faulting module path: BaxeuLitojo.exe2
Report Id: BaxeuLitojo.exe3
Faulting package full name: BaxeuLitojo.exe4
Faulting package-relative application ID: BaxeuLitojo.exe5

Error: (05/26/2015 07:39:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1570

Start Time: 01d09825375ad902

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8549fa7a-0419-11e5-bed7-74867a3d23a5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/26/2015 07:31:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SINGH)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/26/2015 06:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlvtoYoutubeDownloader.exe, version: 0.6.0.40, time stamp: 0x54c8bc63
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x11f0
Faulting application start time: 0xFlvtoYoutubeDownloader.exe0
Faulting application path: FlvtoYoutubeDownloader.exe1
Faulting module path: FlvtoYoutubeDownloader.exe2
Report Id: FlvtoYoutubeDownloader.exe3
Faulting package full name: FlvtoYoutubeDownloader.exe4
Faulting package-relative application ID: FlvtoYoutubeDownloader.exe5

System errors:
=============
Error: (05/27/2015 05:22:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The UnogjuCuwgy service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/27/2015 05:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (05/27/2015 05:11:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:10:35 PM on ‎5/‎27/‎2015 was unexpected.

Error: (05/27/2015 05:03:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The vemifotj service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/27/2015 04:08:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (05/27/2015 04:07:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The UnogjuCuwgy service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/27/2015 04:06:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Predator ACM Service service failed to start due to the following error:
%%2

Error: (05/26/2015 06:32:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cifliaejgi service terminated unexpectedly.  It has done this 2 time(s).

Error: (05/26/2015 06:26:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/26/2015 06:14:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Microsoft Office:
=========================
Error: (05/27/2015 05:12:02 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3792WindowsMail0:

Error: (05/27/2015 05:12:00 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3588WindowsMail0:

Error: (05/27/2015 05:09:45 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\WINDOWS\system32\lsass.exe1

Error: (05/27/2015 05:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ukeala.exe0.0.0.05564d302RPCRT4.dll6.3.9600.1741554503de4c0020043000552e278001d098d1c0e9385cC:\ProgramData\boostwebapp\1.1.0.31\ukeala.exeC:\WINDOWS\SYSTEM32\RPCRT4.dll00a96548-04cd-11e5-bed8-74867a3d23a5

Error: (05/27/2015 05:02:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SINGH)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/27/2015 04:46:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.76.57.191ebc01d098d7060b78310C:\Program Files (x86)\Steam\Steam.exe9aae7a47-04ca-11e5-bed8-74867a3d23a5

Error: (05/27/2015 04:07:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BaxeuLitojo.exe0.0.0.05564d328RPCRT4.dll6.3.9600.1741554503de4c0020043000552e276c01d098d1c0daea32C:\ProgramData\boostwebapp\1.1.0.31\BaxeuLitojo.exeC:\WINDOWS\SYSTEM32\RPCRT4.dll2d5c76c5-04c5-11e5-bed8-645a04614d3e

Error: (05/26/2015 07:39:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856157001d09825375ad9024294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe8549fa7a-0419-11e5-bed7-74867a3d23a5microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/26/2015 07:31:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SINGH)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927148

Error: (05/26/2015 06:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlvtoYoutubeDownloader.exe0.6.0.4054c8bc63KERNELBASE.dll6.3.9600.1741554504adee04343520001459811f001d0981fd20d3246C:\Program Files (x86)\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll100f7bfd-0413-11e5-bed7-74867a3d23a5

CodeIntegrity Errors:
===================================
  Date: 2015-05-15 21:18:39.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.973
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.723
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 27%
Total physical RAM: 7908.96 MB
Available physical RAM: 5729.99 MB
Total Pagefile: 15844.96 MB
Available Pagefile: 13691.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.82 GB) (Free:810.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E648430E)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

#6
zep516
Posted 27 May 2015 - 07:41 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Post both logs, FRST.txt and Additions.txt both logs will be found on the desktop.
  • 0

#7
zep516
Posted 27 May 2015 - 07:42 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK,

Thanks for the logs. I need time to look them over.
  • 0

#8
HELLOHALO
Posted 27 May 2015 - 07:42 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Ok, there they are, now what? Thanks a lot for helping me!

EDIT: Sorry I didn't say, but im a Windows 8.1 Dell, it is a fairly new laptop, if u need more just ask


Edited by HELLOHALO, 27 May 2015 - 07:50 PM.

  • 0

#9
zep516
Posted 27 May 2015 - 08:19 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Please take your time with these instructions, it's best to view them on another computer. Read all the instructions and become familiar with then, then proceed to do them. We have a lot to do here.

First do this:
Farber Recovery Scanner needs to be running from the desktop. You have it in the downloads folder. Please move to desktop
To do that:
  • Navigate to your downloads folder-->C:\Users\msingh\Downloads
  • In the downloads folder find FRST (Farber recovery scan tool)
  • Right click on it,Choose cut.
  • Go back to the desktop.
  • On an empty space right click, choose paste.
  • Farber will now have been successfully moved to desktop.
No need to another scan after doing that.

Next

Please remove these programs from your programs an features list, Start > Control panel > Programs an features. (Windows 8 users: Learn how to access the Control Panel) In the list find the program listed below and uninstall it.
  • boostwebapp
  • HQCinema Pro 2.1V26.05
If a program will not remove skip it and keep following instructions please.

Next

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-1001 -> {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-501 -> DefaultScope {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-501 -> {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-16] (Pando Networks)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
Locked "luonilhkog" service could not be unlocked. <===== ATTENTION
Locked "tammgF119" service could not be unlocked. <===== ATTENTION
Locked "tammgR119" service could not be unlocked. <===== ATTENTION
Locked "UnogjuCuwgy" service could not be unlocked. <===== ATTENTION
Locked "vemifotj" service could not be unlocked. <===== ATTENTION
S4 Cifliaejgi; C:\ProgramData\boostwebapp\1.1.0.31\Cifliaejgi.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
C:\ProgramData\boostwebapp
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 PredatorACM; "G:\LOL\PredatorACM.exe" [X]
R5 luonilhkog;  <===== ATTENTION Locked Service
R5 tammgF119;  <===== ATTENTION Locked Service
R5 tammgR119;  <===== ATTENTION Locked Service
U5 UnogjuCuwgy;  <===== ATTENTION Locked Service
R5 vemifotj;  <===== ATTENTION Locked Service
2015-05-26 16:17 - 2015-05-27 17:17 - 00003154 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.job
2015-05-26 16:17 - 2015-05-27 17:17 - 00002128 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00003154 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00002462 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00002462 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00000970 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00000966 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-26 16:17 - 2015-05-26 18:17 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-26 16:17 - 2015-05-26 17:26 - 00004688 _____ () C:\WINDOWS\SysWOW64\Cifliaejgi.ini
2015-05-26 16:17 - 2015-05-26 17:26 - 00002592 _____ () C:\WINDOWS\SysWOW64\CifliaejgiOff.ini
2015-05-26 16:17 - 2015-05-26 17:26 - 00002592 _____ () C:\WINDOWS\system32\CifliaejgiOff.ini
2015-05-26 16:17 - 2015-05-26 16:17 - 00037496 _____ () C:\WINDOWS\system32\Drivers\tammgF119.sys
2015-05-26 16:17 - 2015-05-26 16:17 - 00036472 _____ () C:\WINDOWS\system32\Drivers\tammgR119.sys
2015-05-26 16:17 - 2015-05-26 16:17 - 00006158 _____ () C:\WINDOWS\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6
2015-05-26 16:17 - 2015-05-26 16:17 - 00005466 _____ () C:\WINDOWS\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5
2015-05-26 16:17 - 2015-05-26 16:17 - 00000000 ____D () C:\Users\msingh\AppData\Local\globalUpdate
2015-05-26 16:17 - 2015-05-26 16:17 - 00000000 ____D () C:\ProgramData\boostwebapp
2015-05-26 16:17 - 2015-05-26 13:10 - 00360448 _____ () C:\WINDOWS\system32\Cifliaejgi64.dll
2015-05-26 16:17 - 2015-05-26 13:10 - 00286720 _____ () C:\WINDOWS\SysWOW64\Cifliaejgi.dll
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
C:\Users\msingh\AppData\Local\globalUpdate
C:\WINDOWS\SysWOW64\Cifliaejgi.ini
C:\WINDOWS\SysWOW64\CifliaejgiOff.ini
C:\WINDOWS\system32\CifliaejgiOff.ini
C:\WINDOWS\system32\Drivers\tammgF119.sys
C:\WINDOWS\system32\Drivers\tammgR119.sys
C:\WINDOWS\system32\Cifliaejgi64.dll
C:\WINDOWS\SysWOW64\Cifliaejgi.dll
Task: {1095FF67-AD00-4234-8368-A9FA0295510E} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-10.exe <==== ATTENTION
C:\Program Files (x86)\HQCinema Pro 2.1V26.05
Task: {110D54CC-228E-4F5C-B45D-0795FB4DE504} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5 => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: {1FBAA91C-0093-478C-85A4-D665F4A28447} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2C71DF42-A5E9-4989-AE32-F9E9DE7236CF} - \6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7 No Task File <==== ATTENTION
Task: {328A3643-3B8D-4B4C-B2E6-E45E5CDD0A71} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6 => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.exe <==== ATTENTION
Task: {59C6E8D4-3F8B-47B5-9E3D-0566F870D2E3} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: {B821194B-8CBC-47BA-A9EE-49B8FE40EF21} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Cifliaejgi => ""="service"
FirewallRules: [{76CB0885-60D1-4E25-9212-136EF0E15F71}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsy3562.tmp\CnetInstaller-75115673.exe
FirewallRules: [{8AF417F2-7C28-45AD-869E-4EC8FB7D788E}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsy3562.tmp\CnetInstaller-75115673.exe
FirewallRules: [{1A08B4D6-17C6-4D1D-A520-B73E2B9CCAA0}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsg2D2A.tmp\CnetInstaller-75864009.exe
FirewallRules: [{74BD9766-73C6-400D-8C82-21AC93007164}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsg2D2A.tmp\CnetInstaller-75864009.exe
FirewallRules: [{3DAD9FCB-AFDF-467B-8A4F-99D909E07A64}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{3D22F3D9-6D43-451B-8F03-82DBAC577C8D}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{950F25B7-A9D3-404A-8622-BC0692DE2B11}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{80F9A9AE-A090-4C11-B8B1-113481107EAB}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{EECA6D09-29D3-4C4C-84D7-0999C27F0777}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fixlog.txt, that log will be found on your desktop after fix has run.

Thanks
Joe :)
  • 0

#10
HELLOHALO
Posted 27 May 2015 - 08:35 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Ok, did it, is it weird that is the first thing that showed up with the windows backgroung black and then it refreshed windows, probs not but ok. EDIT: Predator isn't adware or anything I think, it sis a program that I made long ago so that I have to plug in my USB to unlock the computer but I brke and couldn't delete it :P

heres the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by msingh at 2015-05-27 19:29:07 Run:1
Running from C:\Users\msingh\Desktop
Loaded Profiles: msingh & Guest (Available Profiles: msingh & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-1001 -> {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-501 -> DefaultScope {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
SearchScopes: HKU\S-1-5-21-814935137-3960788824-2020595886-501 -> {B65F21C7-7FF5-49D1-91E0-D071880B77F7} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-16] (Pando Networks)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
Locked "luonilhkog" service could not be unlocked. <===== ATTENTION
Locked "tammgF119" service could not be unlocked. <===== ATTENTION
Locked "tammgR119" service could not be unlocked. <===== ATTENTION
Locked "UnogjuCuwgy" service could not be unlocked. <===== ATTENTION
Locked "vemifotj" service could not be unlocked. <===== ATTENTION
S4 Cifliaejgi; C:\ProgramData\boostwebapp\1.1.0.31\Cifliaejgi.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
C:\ProgramData\boostwebapp
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 PredatorACM; "G:\LOL\PredatorACM.exe" [X]
R5 luonilhkog;  <===== ATTENTION Locked Service
R5 tammgF119;  <===== ATTENTION Locked Service
R5 tammgR119;  <===== ATTENTION Locked Service
U5 UnogjuCuwgy;  <===== ATTENTION Locked Service
R5 vemifotj;  <===== ATTENTION Locked Service
2015-05-26 16:17 - 2015-05-27 17:17 - 00003154 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.job
2015-05-26 16:17 - 2015-05-27 17:17 - 00002128 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00003154 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00002462 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00002462 _____ () C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00000970 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-26 16:17 - 2015-05-27 17:11 - 00000966 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-26 16:17 - 2015-05-26 18:17 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-26 16:17 - 2015-05-26 17:26 - 00004688 _____ () C:\WINDOWS\SysWOW64\Cifliaejgi.ini
2015-05-26 16:17 - 2015-05-26 17:26 - 00002592 _____ () C:\WINDOWS\SysWOW64\CifliaejgiOff.ini
2015-05-26 16:17 - 2015-05-26 17:26 - 00002592 _____ () C:\WINDOWS\system32\CifliaejgiOff.ini
2015-05-26 16:17 - 2015-05-26 16:17 - 00037496 _____ () C:\WINDOWS\system32\Drivers\tammgF119.sys
2015-05-26 16:17 - 2015-05-26 16:17 - 00036472 _____ () C:\WINDOWS\system32\Drivers\tammgR119.sys
2015-05-26 16:17 - 2015-05-26 16:17 - 00006158 _____ () C:\WINDOWS\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6
2015-05-26 16:17 - 2015-05-26 16:17 - 00005466 _____ () C:\WINDOWS\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5
2015-05-26 16:17 - 2015-05-26 16:17 - 00000000 ____D () C:\Users\msingh\AppData\Local\globalUpdate
2015-05-26 16:17 - 2015-05-26 16:17 - 00000000 ____D () C:\ProgramData\boostwebapp
2015-05-26 16:17 - 2015-05-26 13:10 - 00360448 _____ () C:\WINDOWS\system32\Cifliaejgi64.dll
2015-05-26 16:17 - 2015-05-26 13:10 - 00286720 _____ () C:\WINDOWS\SysWOW64\Cifliaejgi.dll
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
C:\Users\msingh\AppData\Local\globalUpdate
C:\WINDOWS\SysWOW64\Cifliaejgi.ini
C:\WINDOWS\SysWOW64\CifliaejgiOff.ini
C:\WINDOWS\system32\CifliaejgiOff.ini
C:\WINDOWS\system32\Drivers\tammgF119.sys
C:\WINDOWS\system32\Drivers\tammgR119.sys
C:\WINDOWS\system32\Cifliaejgi64.dll
C:\WINDOWS\SysWOW64\Cifliaejgi.dll
Task: {1095FF67-AD00-4234-8368-A9FA0295510E} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-10.exe <==== ATTENTION
C:\Program Files (x86)\HQCinema Pro 2.1V26.05
Task: {110D54CC-228E-4F5C-B45D-0795FB4DE504} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5 => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: {1FBAA91C-0093-478C-85A4-D665F4A28447} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2C71DF42-A5E9-4989-AE32-F9E9DE7236CF} - \6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7 No Task File <==== ATTENTION
Task: {328A3643-3B8D-4B4C-B2E6-E45E5CDD0A71} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6 => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.exe <==== ATTENTION
Task: {59C6E8D4-3F8B-47B5-9E3D-0566F870D2E3} - System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: {B821194B-8CBC-47BA-A9EE-49B8FE40EF21} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V26.05\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Cifliaejgi => ""="service"
FirewallRules: [{76CB0885-60D1-4E25-9212-136EF0E15F71}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsy3562.tmp\CnetInstaller-75115673.exe
FirewallRules: [{8AF417F2-7C28-45AD-869E-4EC8FB7D788E}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsy3562.tmp\CnetInstaller-75115673.exe
FirewallRules: [{1A08B4D6-17C6-4D1D-A520-B73E2B9CCAA0}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsg2D2A.tmp\CnetInstaller-75864009.exe
FirewallRules: [{74BD9766-73C6-400D-8C82-21AC93007164}] => (Allow) C:\Users\msingh\AppData\Local\Temp\nsg2D2A.tmp\CnetInstaller-75864009.exe
FirewallRules: [{3DAD9FCB-AFDF-467B-8A4F-99D909E07A64}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{3D22F3D9-6D43-451B-8F03-82DBAC577C8D}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{950F25B7-A9D3-404A-8622-BC0692DE2B11}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{80F9A9AE-A090-4C11-B8B1-113481107EAB}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
FirewallRules: [{EECA6D09-29D3-4C4C-84D7-0999C27F0777}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
end
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-814935137-3960788824-2020595886-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-814935137-3960788824-2020595886-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B65F21C7-7FF5-49D1-91E0-D071880B77F7}" => key Removed successfully
HKCR\CLSID\{B65F21C7-7FF5-49D1-91E0-D071880B77F7} => key not found.
HKU\S-1-5-21-814935137-3960788824-2020595886-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKU\S-1-5-21-814935137-3960788824-2020595886-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B65F21C7-7FF5-49D1-91E0-D071880B77F7}" => key Removed successfully
HKCR\CLSID\{B65F21C7-7FF5-49D1-91E0-D071880B77F7} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key Removed successfully
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key Removed successfully
Locked "luonilhkog" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Locked "tammgF119" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Locked "tammgR119" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Locked "UnogjuCuwgy" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Locked "vemifotj" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Cifliaejgi => Service Removed successfully

"C:\ProgramData\boostwebapp" folder move:

Could not move "C:\ProgramData\boostwebapp" folder => Scheduled to move on reboot.

gupdate => Service Removed successfully
gupdatem => Service Removed successfully
PredatorACM => Service Removed successfully
luonilhkog => Unable to stop service.
luonilhkog => Service could not remove
tammgF119 => Unable to stop service.
tammgF119 => Service could not remove
tammgR119 => Unable to stop service.
tammgR119 => Service could not remove
UnogjuCuwgy => Service could not remove
vemifotj => Unable to stop service.
vemifotj => Service could not remove
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.job => Moved successfully.
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user.job => Moved successfully.
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.job => Moved successfully.
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user.job => Moved successfully.
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.job => Moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\WINDOWS\SysWOW64\Cifliaejgi.ini => Moved successfully.
C:\WINDOWS\SysWOW64\CifliaejgiOff.ini => Moved successfully.
C:\WINDOWS\system32\CifliaejgiOff.ini => Moved successfully.
Could not move "C:\WINDOWS\system32\Drivers\tammgF119.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\tammgR119.sys" => Scheduled to move on reboot.
C:\WINDOWS\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6 => Moved successfully.
C:\WINDOWS\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5 => Moved successfully.
C:\Users\msingh\AppData\Local\globalUpdate => Moved successfully.

"C:\ProgramData\boostwebapp" folder move:

Could not move "C:\ProgramData\boostwebapp" folder => Scheduled to move on reboot.

C:\WINDOWS\system32\Cifliaejgi64.dll => Moved successfully.
C:\WINDOWS\SysWOW64\Cifliaejgi.dll => Moved successfully.
"HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key Removed successfully
"C:\Users\msingh\AppData\Local\globalUpdate" => File/Folder not found.
"C:\WINDOWS\SysWOW64\Cifliaejgi.ini" => File/Folder not found.
"C:\WINDOWS\SysWOW64\CifliaejgiOff.ini" => File/Folder not found.
"C:\WINDOWS\system32\CifliaejgiOff.ini" => File/Folder not found.
Could not move "C:\WINDOWS\system32\Drivers\tammgF119.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\tammgR119.sys" => Scheduled to move on reboot.
"C:\WINDOWS\system32\Cifliaejgi64.dll" => File/Folder not found.
"C:\WINDOWS\SysWOW64\Cifliaejgi.dll" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1095FF67-AD00-4234-8368-A9FA0295510E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1095FF67-AD00-4234-8368-A9FA0295510E}" => key Removed successfully
C:\Windows\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user" => key Removed successfully
"C:\Program Files (x86)\HQCinema Pro 2.1V26.05" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{110D54CC-228E-4F5C-B45D-0795FB4DE504}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{110D54CC-228E-4F5C-B45D-0795FB4DE504}" => key Removed successfully
C:\Windows\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6eafdbe6-6a18-4664-b7df-8da9285fab19-5" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FBAA91C-0093-478C-85A4-D665F4A28447}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FBAA91C-0093-478C-85A4-D665F4A28447}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C71DF42-A5E9-4989-AE32-F9E9DE7236CF}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C71DF42-A5E9-4989-AE32-F9E9DE7236CF}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{328A3643-3B8D-4B4C-B2E6-E45E5CDD0A71}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{328A3643-3B8D-4B4C-B2E6-E45E5CDD0A71}" => key Removed successfully
C:\Windows\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59C6E8D4-3F8B-47B5-9E3D-0566F870D2E3}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59C6E8D4-3F8B-47B5-9E3D-0566F870D2E3}" => key Removed successfully
C:\Windows\System32\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B821194B-8CBC-47BA-A9EE-49B8FE40EF21}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B821194B-8CBC-47BA-A9EE-49B8FE40EF21}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key Removed successfully
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-6.job not found.
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-1-7.job not found.
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-10_user.job not found.
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5.job not found.
C:\WINDOWS\Tasks\6eafdbe6-6a18-4664-b7df-8da9285fab19-5_user.job not found.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Cifliaejgi" => key Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76CB0885-60D1-4E25-9212-136EF0E15F71} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AF417F2-7C28-45AD-869E-4EC8FB7D788E} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A08B4D6-17C6-4D1D-A520-B73E2B9CCAA0} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74BD9766-73C6-400D-8C82-21AC93007164} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DAD9FCB-AFDF-467B-8A4F-99D909E07A64} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D22F3D9-6D43-451B-8F03-82DBAC577C8D} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{950F25B7-A9D3-404A-8622-BC0692DE2B11} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80F9A9AE-A090-4C11-B8B1-113481107EAB} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EECA6D09-29D3-4C4C-84D7-0999C27F0777} => value Removed successfully

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {8F10C91A-BE7F-4E13-9A2A-E28913D55DAA}.
Unable to cancel {36AB2C4C-25A5-4171-BE7C-3329E63DE546}.
Unable to cancel {C59AF76B-809F-4E18-81C8-33309B50B19B}.
{F7B2C195-3BB2-4484-9CF8-71261FBFE1D5} canceled.
{6333584E-B2CB-4786-861C-7A1C7617B9F4} canceled.
{BA72B2FD-7038-4511-A643-B3EA981D6691} canceled.
{C4859DAD-D82E-4956-843E-72E3CFA67C5B} canceled.
4 out of 7 jobs canceled.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-27 19:31:36)<=

C:\ProgramData\boostwebapp => Is moved successfully
C:\WINDOWS\system32\Drivers\tammgF119.sys => Is moved successfully
C:\WINDOWS\system32\Drivers\tammgR119.sys => Is moved successfully
C:\ProgramData\boostwebapp => Is moved successfully
C:\WINDOWS\system32\Drivers\tammgF119.sys => Is moved successfully
C:\WINDOWS\system32\Drivers\tammgR119.sys => Is moved successfully

==== End of Fixlog 19:31:36 ====


Edited by HELLOHALO, 27 May 2015 - 08:37 PM.

  • 0

Advertisements

#11
zep516
Posted 27 May 2015 - 08:41 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#12
HELLOHALO
Posted 27 May 2015 - 08:54 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

FYI still doin what you asked, but when I uninstalled boostwebapp with ctrl panel, it wasn't real was it?


  • 0

#13
zep516
Posted 27 May 2015 - 09:01 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
What do you mean by "Real"

I may need to sign off soon, so after you post the Malwarebutes log, please follow the next set of instructions and post the log files.


Clean out your temporary internet files and temp files.
Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.
Right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#14
HELLOHALO
Posted 27 May 2015 - 09:33 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I meant real as in that wasn't the actual adware/malware thing removed. It was just pretending and is still in the system. I'm also loggin off soon.


  • 0

#15
HELLOHALO
Posted 27 May 2015 - 09:35 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/27/2015
Scan Time: 7:47:12 PM
Logfile: Log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.27.05
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: msingh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413314
Time Elapsed: 33 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 70
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [d0d1c8d0008ae353bd27472c49bc7a86],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [49587f19d2b8dc5aad37066d7392c838],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [841dc7d1e1a9b58127bd2251bb4ae21e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoCreateAsync, Quarantined, [51503f590c7e9d99a342de95739216ea],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [564b9404b3d753e335b0a7ccd62f07f9],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass, Quarantined, [b7ea8d0bbfcb49ed1cc97ef5749153ad],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass.1, Quarantined, [40615147a5e571c54e97f182da2bb749],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreMachineClass, Quarantined, [e0c1edab6d1d2016e8fd97dccb3a669a],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [5d448f091476cd69e9fcd1a23acbfb05],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [1b860b8d7515c6705f86fd763bca23dd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [ebb607919af00630f6efc5ae6e97b050],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [435e178198f2b77fffe6d89be025728e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [7b26e8b04644aa8c38ade48fed188c74],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [09985e3a6f1bc3739c490f64d233ef11],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [8e133761d6b4c67034b10b68877ec43c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [0899f4a4ff8bed4923c2b2c1ab5abb45],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [aaf750488bff0234f5f0c3b0ce37649c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.ProcessLauncher, Quarantined, [8c15b0e83c4e75c18a5bd0a3ea1bdb25],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [7d24c7d1becc5ed829bc6e05fc093cc4],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService, Quarantined, [c1e00593f59552e403e2492a9c6947b9],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [aff25444cfbb05315f868ee56a9be21e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachine, Quarantined, [950c8c0ccdbdff37499c0370cd381de3],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [d7ca8315355591a5895c0e6539ccad53],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [346dbddbccbe0d2918cda8cbec19936d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [c4ddc4d4880295a1994cf083040156aa],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc, Quarantined, [b8e91f796921b086667f5f14f1148b75],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [acf51e7a0189d165d213f77c13f2748c],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\CLASSES\APPID\GLOBALUPDATE.EXE, Quarantined, [5a47b3e5f595300635dcd7a1a95c8878],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\GLOBALUPDATE.EXE, Quarantined, [277ac9cfed9d979f9b7683f504015ba5],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\HQCinema Pro 2.1V26.05, Quarantined, [881905938406c076924d6198fc0709f7],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\HQCinema Pro 2.1V26.05-nv-ie, Quarantined, [346de0b83d4dca6cc619e01958ab40c0],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [f0b13d5b1872ec4a3bc09a46f31045bb],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [70315e3a58325cdac420a9caec190bf5],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [5f424256494151e5657f383beb1a916f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [534e227697f3a09643a1b0c30bfa4cb4],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoCreateAsync, Quarantined, [455c732568225ed80bdac6adc63fb34d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [21802b6d32580c2aac3988ebf60f9d63],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass, Quarantined, [524f6038dab06dc9469f353ec63ff709],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass.1, Quarantined, [e7ba4553b0dac0760bdacda693725aa6],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreMachineClass, Quarantined, [2b76a8f0e4a6bc7a03e2056e7f862fd1],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [aaf74652cebce35384610b6857ae6f91],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [dec3692fed9dcd6944a1561d11f4dd23],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [61406b2dccbef3437d68056e32d3f010],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [f9a8f4a4cfbbc1750dd87300ea1b7e82],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [d7cab8e0cbbfd95d43a25f142adbe818],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [564b95036a202b0b35b0264de3229769],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [039edeba5931b185fbea2a495ca943bd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [3869e8b0612954e2f0f572010ff6748c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [534ed1c71476a294c223c2b1fb0a5fa1],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.ProcessLauncher, Quarantined, [1a87fd9b12784ee81fc6d1a2ed188e72],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [bbe68810622844f2c02585eee61fcf31],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService, Quarantined, [9f0211873c4eed495e8799daa75e1ae6],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [20816038e3a7fe38f4f14033fa0b41bf],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachine, Quarantined, [326f296fdcaee353f4f10f647c895fa1],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [445d0b8dd5b52313b72ea8cb976e22de],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [ffa22e6a9af075c184612d4664a1c33d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [cad73266c2c8b38365803241da2b17e9],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc, Quarantined, [b8e94751cdbd4aecc91c512260a56799],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [b2ef197f2763c1755e87ee85fd08649c],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\GLOBALUPDATE.EXE, Quarantined, [b6eb66322664ca6c24edef8952b328d8],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, Quarantined, [a2ff148421693600d919bdbcfb0a16ea],
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tammgF119, Quarantined, [920faeea91f964d298f4ee895baa08f8],
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tammgR119, Quarantined, [dcc58c0c325887afbdcf9add2adb6b95],
PUP.Optional.BoostWebApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LUONILHKOG, Quarantined, [425f6830cdbdf04629530a6e1ee737c9],
PUP.Optional.BoostWebApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UNOGJUCUWGY, Quarantined, [039ed6c2c2c8360092eab7c11ee7bb45],
PUP.Optional.BoostWebApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VEMIFOTJ, Quarantined, [adf41a7eabdf9c9a423adc9c689d22de],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [9908c0d89befb87e464ada9c8c79867a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-814935137-3960788824-2020595886-1001\SOFTWARE\HQCinema Pro 2.1V26.05, Quarantined, [7d24a4f495f57cbaac343dbc3ac9fb05],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-814935137-3960788824-2020595886-1001\SOFTWARE\HQCinema Pro 2.1V26.05-nv-ie, Quarantined, [a001fd9bd7b3da5cd7096c8dea19fc04],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-814935137-3960788824-2020595886-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [01a01a7e2c5e3bfb249706521bea6a96],

Registry Values: 7
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\CLASSES\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [5a47b3e5f595300635dcd7a1a95c8878]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [277ac9cfed9d979f9b7683f504015ba5]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [b6eb66322664ca6c24edef8952b328d8]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, Quarantined, [d8c94d4bb7d30432c3caa73bd82b817f]
PUP.Optional.BoostWebApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\luonilhkog|ImagePath, "C:\ProgramData\boostwebapp\1.1.0.31\ukewla.exe" -cms, Quarantined, [425f6830cdbdf04629530a6e1ee737c9]
PUP.Optional.BoostWebApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UnogjuCuwgy|ImagePath, "C:\ProgramData\boostwebapp\1.1.0.31\BaxeuLitojo.exe" -cmd, Quarantined, [039ed6c2c2c8360092eab7c11ee7bb45]
PUP.Optional.BoostWebApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vemifotj|ImagePath, "C:\ProgramData\boostwebapp\1.1.0.31\ukeala.exe" /ts2=1, Quarantined, [adf41a7eabdf9c9a423adc9c689d22de]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.GlobalUpdate.A, C:\Users\msingh\AppData\Local\Temp\comh.484883, Quarantined, [7d240d8b3951c86e0e781ea3b44fd030],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, Quarantined, [821f34645733fb3b2c7ee6e17c873ec2],
PUP.Optional.EzDownloader.A, C:\Users\msingh\AppData\Roaming\EZDownloader, Quarantined, [425fe0b87218bd793a4c488df013cc34],
PUP.Optional.EzDownloader.A, C:\Users\msingh\AppData\Roaming\EZDownloader\Errors, Quarantined, [425fe0b87218bd793a4c488df013cc34],

Files: 9
PUP.Optional.OpenCandy, C:\Users\Guest\AppData\Local\Temp\nslEFE5.tmp\OCSetupHlp.dll, Quarantined, [7c252276e2a843f34a27ff547b8bc53b],
PUP.Optional.SuperOptimizer.A, C:\Users\msingh\AppData\Local\Temp\81432682190\1QVRFLEpSTA==3.exe, Quarantined, [80212f6971190b2b6a0072ee7989a759],
PUP.Optional.Alerts.A, C:\Users\msingh\AppData\Local\Temp\81432682190\1QVRFLEpSTA==4.exe, Quarantined, [bfe210882565b086f084043dc33fff01],
PUP.Optional.Nosibay.A, C:\Users\msingh\AppData\Local\Temp\81432682190\1QVRFLEpSTA==5.exe, Quarantined, [d2cf99ffb1d942f4233cf474818514ec],
PUP.Optional.ModGoog, C:\Users\msingh\AppData\Local\Temp\comh.484883\goopdate.dll, Quarantined, [a2ff9107bbcf4de960a3a6a513ef7090],
PUP.Optional.ModGoog, C:\Users\msingh\AppData\Local\Temp\comh.484883\goopdateres_en.dll, Quarantined, [643d6236d6b40d2962a1aba05da50cf4],
PUP.Optional.OpenCandy, C:\Users\Guest\Downloads\FYDLoad_flvto_2.exe, Quarantined, [a2ff2771256512240e63eb68c145fc04],
PUP.Optional.Shost.A, C:\Windows\shost.bin, Quarantined, [f1b08d0b2367d85ef264c12fc142659b],
Trojan.SpyEyes, C:\iExplorer\iExplorer.exe, Quarantined, [bce52e6adeac45f1847b8cc208fcf709],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, emergency, windows 8

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP