Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

windows 8.1 cant run any antivirus program PLZ HELP [Solved]

Started by 143mithrandil , Jul 07 2015 06:33 AM

antivirus antimalware windows defender

This topic is locked

#1
143mithrandil

Posted 07 July 2015 - 06:33 AM

New Member

Member
6 posts

Hi, I was using Windows defender worked fine til this morning, but a cursed flash drive left some malicious entity in our computer such that windows defender is now turned off and whever we press the strat button, its says that the app isnt monitoring and nothing happens. tried mcafee too and it didnt start even. fed up tried to install avast, and when ran a scan it said "no more endpoints available at endpoints mapping".. however soon after that too stopped running.
here we have no antivirus programs running and need some helping out here.
we tried a system recovery, but the system protection seems to be turned off and that too we cant turn on at all in the settings. this malware seems to be a really bad one.
presently dowloading vipre rescue.
would be so grateful if someone would help us get rid of the problem.

Edited by 143mithrandil, 07 July 2015 - 07:11 AM.

#2
Essexboy

Posted 07 July 2015 - 07:48 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there, lets see what we can do for you..

First we will clear the flash drive and anything it has put on the system and then check the computer out
Avast is not running due to McAfee

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#3
143mithrandil

Posted 08 July 2015 - 05:14 AM

New Member

Topic Starter
Member
6 posts

Hello, thank you for a prompt reply! So I ran the program FRST64.exe and the attached herewith are the text files that were saved after the scan was completed. I hope you'll be able to help out..

Attached Files

FRST.txt 56.18KB 409 downloads
Addition.txt 59.46KB 407 downloads

#4
143mithrandil

Posted 08 July 2015 - 05:23 AM

New Member

Topic Starter
Member
6 posts

here attaching the FRST.txt.. Vipre didnt work, system restore too didnt work..Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Rooha (administrator) on SPARKLING_STARS on 08-07-2015 16:17:47
Running from C:\Users\Rooha\Downloads\Programs
Loaded Profiles: Rooha (Available Profiles: Rooha)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Microsoft Corporation) C:\Users\Rooha\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Godzilla Shopper\godzilla_shopper_helper_service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\livecomm.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(installdaddy) C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-nova.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2014-03-26] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-03-18] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4494848 2014-06-23] (Research In Motion Limited)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-09] (WordWeb Software)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [928656 2011-04-14] (Samsung)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-04-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-04-14] ()
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [SkyDrive] => C:\Users\Rooha\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-15] (Microsoft Corporation)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [Facebook Update] => C:\Users\Rooha\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-05] (Facebook Inc.)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-03-16] (Tonec Inc.)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Run: [BlackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1462520 2014-06-24] (Research In Motion)
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\MountPoints2: {039a2d56-ef5c-11e4-beda-1c3e8499d3e4} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL H:\start.exe
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\MountPoints2: {492c5620-1057-11e5-bee0-1c3e8499d3e4} - "H:\setup.exe"
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\MountPoints2: {50b5ce18-ff85-11e4-bedf-1c3e8499d3e4} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL H:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rooha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e.lnk [2015-06-05]
ShortcutTarget: e.lnk -> C:\Users\Rooha\AppData\Roaming\obibafktai.exe ()
Startup: C:\Users\Rooha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-11-17]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...ZN3RSTLP3RSTLPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...ZN3RSTLP3RSTLPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...ZN3RSTLP3RSTLPX
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...ZN3RSTLP3RSTLPX
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...123621&tsp=5029
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL13/26
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com...q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-11-29] (Internet Download Manager, Tonec Inc.)
BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll No File
BHO: sauve nEt -> {3EC13336-07E6-23FB-1D9F-F1368407973B} -> C:\Program Files (x86)\sauve nEt\pxigY7.x64.dll No File
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-09-16] (Skype Technologies S.A.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-11-29] (Internet Download Manager, Tonec Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll No File
BHO-x32: sauve nEt -> {3EC13336-07E6-23FB-1D9F-F1368407973B} -> C:\Program Files (x86)\sauve nEt\pxigY7.dll No File
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-15] (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Rich Media Downloader -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> C:\Users\Rooha\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll No File
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-09-16] (Skype Technologies S.A.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-09-16] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-09-16] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{55F16B10-3269-458D-BBE7-52C6E9B490DA}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-10-13] ( )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-06-24] ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-05-19] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-05-19] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2010-07-30] (the VideoLAN Team)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-11-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1071033344-2270758295-2084488698-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Rooha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
FF HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WCaptureX - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-07-21]
FF HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Rooha\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Rooha\AppData\Roaming\IDM\idmmzcc5 [2014-03-16]

Chrome:
=======
CHR Profile: C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (IDM Integration Module) - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-12-29]
CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2015-06-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-29]
CHR Extension: (Google Wallet) - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-29]
CHR Extension: (Gmail) - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Web Cake\WebCakeLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-01-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2013-07-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-03-18] (BlackBerry Limited) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-28] (WildTangent)
S4 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-19] (globalUpdate) [File not signed] <==== ATTENTION
S4 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-19] (globalUpdate) [File not signed] <==== ATTENTION
S4 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-13] (Hewlett-Packard)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-15] (XTab system)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-06-23] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1325568 2014-06-23] (Research In Motion Limited) [File not signed]
R2 VSSS; C:\Users\Rooha\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106348544 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-01-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [24576 2014-04-15] (BlackBerry)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
S4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
S4 BthHFSrv; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-01-01] (DT Soft Ltd)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 16:17 - 2015-07-08 16:17 - 00000000 ____D C:\FRST
2015-07-08 10:55 - 2015-07-08 10:55 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-07 19:12 - 2015-07-08 10:50 - 00000000 ____D C:\VIPRERESCUE
2015-07-07 17:59 - 2015-07-08 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-07-07 17:59 - 2015-07-08 08:49 - 00000000 ____D C:\Program Files (x86)\TweakBit
2015-07-07 17:59 - 2015-07-07 18:21 - 00000000 ____D C:\ProgramData\TweakBit
2015-07-07 17:36 - 2015-07-07 17:36 - 00000000 ____D C:\Users\Rooha\AppData\Roaming\AVAST Software
2015-07-07 16:30 - 2015-07-07 16:30 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-07 12:56 - 2015-07-07 12:56 - 00000000 ____D C:\Program Files (x86)\sauve nEt
2015-07-04 20:30 - 2015-07-04 20:30 - 00019369 _____ C:\Users\Rooha\Downloads\Naruto Shippuden 418 [EnG SuB] 480p L@mBerT ---[www.bts.to]--- .torrent
2015-06-29 22:32 - 2015-07-08 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-29 22:20 - 2015-07-08 12:40 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 22:20 - 2015-06-29 22:25 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-29 22:20 - 2015-06-29 22:20 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-29 22:20 - 2015-06-29 22:20 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-29 22:19 - 2015-06-29 22:20 - 00000000 ____D C:\Users\Rooha\AppData\Local\Deployment
2015-06-26 16:55 - 2015-06-26 16:55 - 00000000 ____D C:\Users\Rooha\AppData\Local\GWX
2015-06-26 15:07 - 2015-03-11 07:19 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-06-26 15:07 - 2015-03-11 06:39 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-06-26 15:00 - 2015-05-22 18:38 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-26 15:00 - 2015-05-21 18:38 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-26 15:00 - 2015-05-21 18:38 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-26 15:00 - 2015-05-21 18:38 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-26 15:00 - 2015-05-21 18:38 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-26 15:00 - 2015-05-21 18:38 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-26 15:00 - 2015-05-21 18:38 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-26 15:00 - 2015-04-17 03:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-25 18:59 - 2015-06-25 18:59 - 00280888 _____ C:\WINDOWS\Minidump\062515-26359-01.dmp
2015-06-25 18:59 - 2015-06-25 18:59 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-25 12:23 - 2015-04-10 06:10 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-25 12:23 - 2015-04-10 05:47 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-25 12:18 - 2015-04-01 09:48 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-25 12:18 - 2015-04-01 09:16 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-25 12:18 - 2015-04-01 08:47 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-25 12:18 - 2015-04-01 08:15 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-25 12:18 - 2015-04-01 07:44 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-25 12:17 - 2015-04-09 04:11 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-25 12:17 - 2015-04-02 03:52 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-06-25 12:17 - 2015-04-02 03:50 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-06-25 12:17 - 2015-04-01 09:51 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-25 12:17 - 2015-04-01 09:47 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-25 12:17 - 2015-04-01 09:38 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-25 12:17 - 2015-04-01 09:15 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-06-25 12:17 - 2015-04-01 08:47 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-25 12:17 - 2015-04-01 08:23 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-25 12:17 - 2015-04-01 08:23 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-25 12:17 - 2015-04-01 08:15 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-25 12:17 - 2015-04-01 08:01 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-06-25 12:17 - 2015-04-01 07:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-25 12:17 - 2015-03-20 07:26 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-06-25 12:17 - 2015-03-13 07:32 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-06-25 12:17 - 2015-03-06 08:17 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-06-25 12:17 - 2015-03-02 07:13 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-25 12:17 - 2015-03-02 06:51 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-25 12:17 - 2015-01-30 06:23 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-06-25 12:11 - 2015-02-18 04:49 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-06-25 12:10 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-25 12:10 - 2015-05-25 18:37 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-25 12:10 - 2015-04-03 06:05 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-06-25 12:10 - 2015-04-03 05:44 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-06-25 12:10 - 2015-03-06 08:38 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-06-25 12:10 - 2015-03-06 08:13 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-06-25 12:05 - 2015-04-10 06:04 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-06-25 12:05 - 2015-04-10 05:41 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-06-25 12:05 - 2015-04-09 03:37 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-25 12:05 - 2015-03-20 09:19 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-25 12:05 - 2015-03-20 08:38 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-25 12:05 - 2015-03-20 08:07 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-25 12:05 - 2015-03-20 07:37 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-25 12:05 - 2015-03-17 22:56 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-06-25 12:05 - 2015-03-09 07:32 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-06-25 12:04 - 2015-04-16 11:47 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-25 12:04 - 2015-04-14 04:07 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-25 12:04 - 2015-04-14 04:04 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-25 12:04 - 2015-04-02 04:12 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-25 12:04 - 2015-04-02 04:00 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-25 12:04 - 2015-03-13 09:33 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-06-25 12:04 - 2015-03-13 09:33 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-06-25 12:04 - 2015-03-13 06:41 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-06-25 12:04 - 2015-03-13 06:09 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-06-25 12:04 - 2015-03-04 07:02 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-06-25 12:04 - 2015-03-04 06:42 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-22 11:05 - 2015-06-26 11:04 - 00003178 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRooha
2015-06-22 11:05 - 2015-06-26 11:04 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRooha.job
2015-06-11 16:22 - 2015-05-27 20:05 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-11 16:22 - 2015-05-27 19:38 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-11 16:21 - 2015-05-23 00:22 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-11 16:20 - 2015-05-22 23:20 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-11 16:19 - 2015-05-23 07:58 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-11 16:19 - 2015-05-23 07:50 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-11 16:17 - 2015-05-23 08:45 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-11 16:17 - 2015-05-23 08:44 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-11 16:17 - 2015-05-23 08:40 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-11 16:17 - 2015-05-23 08:35 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-11 16:17 - 2015-05-23 08:34 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-11 16:17 - 2015-05-23 08:18 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-11 16:17 - 2015-05-23 08:17 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-11 16:17 - 2015-05-23 08:17 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-11 16:17 - 2015-05-23 08:08 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-11 16:17 - 2015-05-23 08:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-11 16:17 - 2015-05-23 08:07 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-11 16:17 - 2015-05-23 07:58 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-11 16:17 - 2015-05-23 07:46 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-11 16:17 - 2015-05-23 07:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-11 16:17 - 2015-05-23 00:30 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-11 16:17 - 2015-05-23 00:30 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-11 16:17 - 2015-05-23 00:30 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-11 16:17 - 2015-05-23 00:18 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-11 16:17 - 2015-05-23 00:17 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-11 16:17 - 2015-05-23 00:17 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-11 16:17 - 2015-05-22 23:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-11 16:17 - 2015-05-22 23:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-11 16:17 - 2015-05-22 23:51 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-11 16:17 - 2015-05-22 23:39 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-11 16:17 - 2015-05-22 23:38 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-11 16:17 - 2015-05-22 23:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-11 16:17 - 2015-05-22 23:35 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-11 16:17 - 2015-05-22 23:27 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-11 16:17 - 2015-05-22 23:19 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-11 16:17 - 2015-05-22 23:08 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-11 16:17 - 2015-05-22 22:56 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-11 16:16 - 2015-05-23 08:17 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-11 16:16 - 2015-05-23 08:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-11 16:16 - 2015-05-22 23:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 18:42 - 2015-06-10 18:42 - 00000000 ____D C:\Users\Rooha\Documents\BLACKBERRY-5607
2015-06-10 18:37 - 2015-05-21 22:17 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 18:37 - 2015-04-25 08:04 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 18:37 - 2015-04-25 08:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 16:17 - 2014-05-19 22:17 - 00001384 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job
2015-07-08 16:17 - 2014-05-19 22:17 - 00001322 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job
2015-07-08 16:12 - 2012-09-26 09:53 - 00000950 _____ C:\WINDOWS\SysWOW64\bscs.ini
2015-07-08 16:11 - 2013-07-21 21:38 - 00000000 ____D C:\Users\Rooha\OneDrive
2015-07-08 16:10 - 2015-01-01 18:10 - 01657118 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-08 16:08 - 2015-01-01 18:41 - 00003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-07-08 16:08 - 2015-01-01 18:41 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-07-08 16:08 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-08 12:45 - 2013-07-21 12:44 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1071033344-2270758295-2084488698-1002
2015-07-08 12:44 - 2013-07-21 14:56 - 00000000 ____D C:\Users\Rooha\AppData\Roaming\vlc
2015-07-08 12:40 - 2015-05-30 22:26 - 00000570 _____ C:\WINDOWS\Tasks\godzilla_shopper_helper_service.job
2015-07-08 12:40 - 2015-04-18 18:26 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-08 12:40 - 2015-04-11 10:26 - 00001328 _____ C:\WINDOWS\Tasks\kin_kon_notification_service.job
2015-07-08 12:40 - 2015-04-11 10:26 - 00000690 _____ C:\WINDOWS\Tasks\kin_kon_updating_service.job
2015-07-08 12:40 - 2014-05-19 22:18 - 00001472 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job
2015-07-08 12:40 - 2014-05-19 22:17 - 00002278 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job
2015-07-08 12:40 - 2014-05-19 22:17 - 00001374 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job
2015-07-08 12:40 - 2014-05-19 22:17 - 00001348 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job
2015-07-08 12:40 - 2014-05-19 22:16 - 00000972 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-08 12:40 - 2014-04-28 23:22 - 00001456 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.job
2015-07-08 12:40 - 2014-04-28 23:22 - 00001376 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1.job
2015-07-08 12:40 - 2014-04-28 23:22 - 00001348 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.job
2015-07-08 12:40 - 2014-04-28 23:21 - 00002806 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.job
2015-07-08 12:40 - 2014-04-28 23:21 - 00002274 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job
2015-07-08 12:04 - 2013-07-21 13:01 - 00000000 ____D C:\Users\Rooha\AppData\Roaming\DMCache
2015-07-08 11:59 - 2015-05-16 07:35 - 00000000 ____D C:\Program Files (x86)\XTab
2015-07-08 11:59 - 2015-01-01 18:23 - 00000000 ____D C:\Users\Rooha
2015-07-08 11:58 - 2013-08-22 20:16 - 00323695 _____ C:\WINDOWS\setupact.log
2015-07-08 11:58 - 2013-08-22 20:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-08 11:58 - 2013-08-22 20:14 - 00495128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-08 10:56 - 2013-08-22 18:55 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-07-08 10:55 - 2014-12-22 23:58 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-08 10:55 - 2014-09-24 15:28 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-08 10:55 - 2013-08-22 21:06 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-08 10:55 - 2013-08-22 21:06 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-08 10:51 - 2015-04-04 20:37 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-08 10:51 - 2014-02-22 13:00 - 00000000 ____D C:\Users\Rooha\AppData\Roaming\uTorrent
2015-07-08 10:51 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\rescache
2015-07-08 10:51 - 2013-08-22 19:06 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-08 10:50 - 2015-05-30 22:26 - 00000000 ____D C:\Program Files (x86)\Godzilla Shopper
2015-07-08 10:50 - 2015-04-11 10:26 - 00000000 ____D C:\Program Files (x86)\kin kon
2015-07-08 10:50 - 2015-03-21 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-08 10:50 - 2015-03-21 17:54 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-08 10:50 - 2015-03-19 17:54 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-08 10:50 - 2014-12-27 11:19 - 00000000 ____D C:\Program Files (x86)\DeltaFix
2015-07-08 10:50 - 2014-12-27 11:15 - 00000000 ____D C:\Program Files (x86)\Google Quick Scroll
2015-07-08 10:50 - 2014-12-27 11:13 - 00000000 ____D C:\ProgramData\nknlmlajddmfpkhpijbcpdgmlgimhoik
2015-07-08 10:50 - 2014-12-23 16:11 - 00000000 ____D C:\ProgramData\ajfplcaclbebhbehdgdjnalgdmglafln
2015-07-08 10:50 - 2014-12-04 23:34 - 00000000 ____D C:\Users\Rooha\AppData\Local\bluesoleil
2015-07-08 10:50 - 2014-05-19 22:16 - 00000000 ____D C:\Program Files (x86)\Torntv V9.0
2015-07-08 10:50 - 2014-04-22 21:38 - 00000000 ____D C:\ProgramData\sauve nEt
2015-07-08 10:50 - 2014-04-22 21:37 - 00000000 ____D C:\ProgramData\fa7b41d15429ec4b
2015-07-08 10:50 - 2013-10-08 17:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-08 10:50 - 2013-07-21 13:14 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-07-08 10:37 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\registration
2015-07-08 10:34 - 2014-12-27 11:24 - 00000000 ____D C:\ProgramData\IePluginServices
2015-07-08 08:44 - 2013-10-10 18:31 - 00510976 ___SH C:\Users\Rooha\Desktop\Thumbs.db
2015-07-07 12:57 - 2014-09-24 12:38 - 00021700 _____ C:\WINDOWS\PFRO.log
2015-07-06 09:55 - 2013-08-26 18:59 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-07-05 20:27 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-29 22:38 - 2015-01-04 18:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-29 22:37 - 2013-07-21 13:04 - 00000000 ____D C:\Users\Rooha\AppData\Local\Google
2015-06-29 22:32 - 2013-07-21 13:04 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-29 22:25 - 2014-05-19 22:16 - 00000976 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-06-29 22:16 - 2014-11-20 12:01 - 00000000 ____D C:\Users\Rooha\Documents\My Games
2015-06-29 22:16 - 2014-11-20 11:45 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-06-29 21:50 - 2013-10-05 21:45 - 00000960 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1071033344-2270758295-2084488698-1002UA.job
2015-06-29 21:50 - 2013-10-05 21:45 - 00000938 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1071033344-2270758295-2084488698-1002Core.job
2015-06-29 21:41 - 2015-01-01 21:07 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7DA67A9C-25BC-4DAF-AEBC-3F94EAD821DD}
2015-06-27 15:54 - 2013-07-21 12:48 - 00000000 ____D C:\Users\Rooha\AppData\Local\Adobe
2015-06-27 15:49 - 2015-05-17 13:26 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-27 15:45 - 2015-01-04 18:00 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-26 15:55 - 2012-07-26 13:29 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-26 15:53 - 2015-04-04 20:37 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-25 18:59 - 2013-09-15 11:34 - 462096501 _____ C:\WINDOWS\MEMORY.DMP
2015-06-21 12:51 - 2014-09-24 12:50 - 00960544 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-21 09:10 - 2015-03-29 12:57 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-06-21 09:10 - 2015-03-29 12:57 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-06-21 09:10 - 2015-03-29 12:48 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-06-21 09:10 - 2015-03-29 12:47 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-06-21 09:10 - 2013-08-22 16:52 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-06-21 09:10 - 2013-08-22 16:52 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-06-21 09:10 - 2013-08-22 16:47 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-06-21 09:10 - 2013-08-22 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-06-21 09:10 - 2013-08-22 16:47 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-06-21 09:10 - 2013-08-22 09:26 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-06-21 09:10 - 2013-08-22 09:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-06-21 09:10 - 2013-08-22 09:21 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-06-21 09:10 - 2013-08-22 09:21 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-06-21 09:10 - 2013-08-22 09:21 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-06-20 21:45 - 2014-01-03 14:33 - 00000000 ____D C:\Users\Rooha\Documents\Electronic Arts
2015-06-20 21:41 - 2015-05-30 20:52 - 00001203 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2015-06-20 21:41 - 2015-05-30 20:43 - 00000000 ____D C:\Program Files (x86)\The Sims 4
2015-06-20 21:41 - 2015-05-30 20:31 - 00001215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk
2015-06-20 08:32 - 2015-01-03 17:42 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 08:32 - 2015-01-03 17:42 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieUserList
2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieSiteList
2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieBrowserModeList
2015-06-11 21:59 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-11 21:58 - 2013-07-21 14:31 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2013-10-05 21:44 - 2013-10-05 21:44 - 0501248 _____ (Facebook Inc.) C:\Program Files (x86)\FacebookVideoCallSetup_v1.2.205.0.exe
2013-12-09 12:20 - 2013-12-18 12:41 - 0000174 _____ () C:\Users\Rooha\AppData\Roaming\default.rss
2015-06-05 01:44 - 2015-06-05 01:44 - 68300800 __RSH () C:\Users\Rooha\AppData\Roaming\obibafktai.exe
2013-07-21 14:44 - 2013-11-05 23:06 - 0009216 _____ () C:\Users\Rooha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-22 00:18 - 2013-07-22 00:18 - 0000525 _____ () C:\ProgramData\CyberlinkOutput.txt
2013-07-22 01:14 - 2013-07-22 01:14 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Rooha\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\Rooha\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\Rooha\AppData\Local\Temp\cdo1004585366.dll
C:\Users\Rooha\AppData\Local\Temp\cdo1443936661.dll
C:\Users\Rooha\AppData\Local\Temp\cdo2071162365.dll
C:\Users\Rooha\AppData\Local\Temp\cdo2281370893.dll
C:\Users\Rooha\AppData\Local\Temp\cdo3231177448.dll
C:\Users\Rooha\AppData\Local\Temp\cdo3758318046.dll
C:\Users\Rooha\AppData\Local\Temp\cdo4247270696.dll
C:\Users\Rooha\AppData\Local\Temp\DesktopInstaller.exe
C:\Users\Rooha\AppData\Local\Temp\Extract.exe
C:\Users\Rooha\AppData\Local\Temp\SP58496.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-07 22:54

==================== End of log ============================

#5
Essexboy

Posted 08 July 2015 - 07:54 AM

GeekU Moderator

Retired Staff
69,964 posts

OK on completion of the FRST fix McAfee should start again, let me know if it does not

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
Startup: C:\Users\Rooha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e.lnk [2015-06-05]
ShortcutTarget: e.lnk -> C:\Users\Rooha\AppData\Roaming\obibafktai.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...ZN3RSTLP3RSTLPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...ZN3RSTLP3RSTLPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...ZN3RSTLP3RSTLPX
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...ZN3RSTLP3RSTLPX
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...123621&tsp=5029
HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://do-search.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com...q={searchTerms}
BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll No File
BHO: sauve nEt -> {3EC13336-07E6-23FB-1D9F-F1368407973B} -> C:\Program Files (x86)\sauve nEt\pxigY7.x64.dll No File
BHO-x32: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll No File
BHO-x32: sauve nEt -> {3EC13336-07E6-23FB-1D9F-F1368407973B} -> C:\Program Files (x86)\sauve nEt\pxigY7.dll No File
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-15] (Thinknice Co. Limited)
BHO-x32: Rich Media Downloader -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> C:\Users\Rooha\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-05-19] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-05-19] (globalUpdate)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Web Cake\WebCakeLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [Not Found]
S4 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-19] (globalUpdate) [File not signed] <==== ATTENTION
S4 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-19] (globalUpdate) [File not signed] <==== ATTENTION
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-15] (XTab system)
R2 VSSS; C:\Users\Rooha\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106348544 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
U4 BthAvrcpTg; No ImagePath
S4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
S4 BthHFSrv; No ImagePath
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-07-08 10:55 - 2015-07-08 10:55 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-07 17:59 - 2015-07-08 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-07-07 17:59 - 2015-07-08 08:49 - 00000000 ____D C:\Program Files (x86)\TweakBit
2015-07-07 17:59 - 2015-07-07 18:21 - 00000000 ____D C:\ProgramData\TweakBit
2015-07-07 12:56 - 2015-07-07 12:56 - 00000000 ____D C:\Program Files (x86)\sauve nEt
2015-07-04 20:30 - 2015-07-04 20:30 - 00019369 _____ C:\Users\Rooha\Downloads\Naruto Shippuden 418 [EnG SuB] 480p L@mBerT ---[www.bts.to]--- .torrent
2015-07-08 16:17 - 2014-05-19 22:17 - 00001384 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job
2015-07-08 16:17 - 2014-05-19 22:17 - 00001322 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job
2015-07-08 12:40 - 2015-05-30 22:26 - 00000570 _____ C:\WINDOWS\Tasks\godzilla_shopper_helper_service.job
2015-07-08 12:40 - 2015-04-18 18:26 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-08 12:40 - 2015-04-11 10:26 - 00001328 _____ C:\WINDOWS\Tasks\kin_kon_notification_service.job
2015-07-08 12:40 - 2015-04-11 10:26 - 00000690 _____ C:\WINDOWS\Tasks\kin_kon_updating_service.job
2015-07-08 12:40 - 2014-05-19 22:18 - 00001472 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job
2015-07-08 12:40 - 2014-05-19 22:17 - 00002278 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job
2015-07-08 12:40 - 2014-05-19 22:17 - 00001374 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job
2015-07-08 12:40 - 2014-05-19 22:17 - 00001348 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job
2015-07-08 12:40 - 2014-05-19 22:16 - 00000972 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-08 12:40 - 2014-04-28 23:22 - 00001456 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.job
2015-07-08 12:40 - 2014-04-28 23:22 - 00001376 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1.job
2015-07-08 12:40 - 2014-04-28 23:22 - 00001348 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.job
2015-07-08 12:40 - 2014-04-28 23:21 - 00002806 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.job
2015-07-08 12:40 - 2014-04-28 23:21 - 00002274 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job
2015-07-08 12:04 - 2013-07-21 13:01 - 00000000 ____D C:\Users\Rooha\AppData\Roaming\DMCache
2015-07-08 11:59 - 2015-05-16 07:35 - 00000000 ____D C:\Program Files (x86)\XTab
2015-07-08 10:50 - 2015-05-30 22:26 - 00000000 ____D C:\Program Files (x86)\Godzilla Shopper
2015-07-08 10:50 - 2015-04-11 10:26 - 00000000 ____D C:\Program Files (x86)\kin kon
2015-07-08 10:50 - 2014-12-27 11:19 - 00000000 ____D C:\Program Files (x86)\DeltaFix
2015-07-08 10:50 - 2014-12-27 11:15 - 00000000 ____D C:\Program Files (x86)\Google Quick Scroll
2015-07-08 10:50 - 2014-12-27 11:13 - 00000000 ____D C:\ProgramData\nknlmlajddmfpkhpijbcpdgmlgimhoik
2015-07-08 10:50 - 2014-12-23 16:11 - 00000000 ____D C:\ProgramData\ajfplcaclbebhbehdgdjnalgdmglafln
2015-07-08 10:50 - 2014-05-19 22:16 - 00000000 ____D C:\Program Files (x86)\Torntv V9.0
2015-07-08 10:50 - 2014-04-22 21:38 - 00000000 ____D C:\ProgramData\sauve nEt
2015-07-08 10:50 - 2014-04-22 21:37 - 00000000 ____D C:\ProgramData\fa7b41d15429ec4b
2015-06-29 22:25 - 2014-05-19 22:16 - 00000976 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieUserList
2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieSiteList
2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieBrowserModeList
2015-06-05 01:44 - 2015-06-05 01:44 - 68300800 __RSH () C:\Users\Rooha\AppData\Roaming\obibafktai.exe
Task: {0568C803-6E74-4882-8B5D-E60492B7A61B} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3 => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.exe <==== ATTENTION
Task: {2BBF2296-1230-4470-BE08-551C98546D36} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1 => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe <==== ATTENTION
Task: {4AD18C2F-140F-4773-AB3E-51DCC47B5284} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5 => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.exe <==== ATTENTION
Task: {5A32284A-997F-4F91-8DB3-AC02A3C0FE88} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7 => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-nova.exe [2014-05-19] (installdaddy) <==== ATTENTION
Task: {5D3A5308-39A1-492E-9BC0-33F208E9A4B3} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6 => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exe <==== ATTENTION
Task: {68C8BC4F-4529-4CCA-8D31-17BECCA42A92} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4 => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.exe <==== ATTENTION
Task: {7266C889-5E94-451E-A5D3-6619743E0C46} - System32\Tasks\kin_kon_updating_service => C:\Program Files (x86)\kin kon\kin_kon_updating_service.exe [2015-04-11] () <==== ATTENTION
Task: {75AC46A1-FF17-4DFB-9BD9-C701BD26569C} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1 => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe <==== ATTENTION
Task: {7FCCFD59-C206-4A92-B817-E889AFA047CB} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-19] (globalUpdate) <==== ATTENTION
Task: {984A2477-3958-4BF7-B72A-61EA2557A8D1} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2 => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.exe <==== ATTENTION
Task: {A5A1448A-49F7-4950-9F59-BC5D0B4D5BFA} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {B0F0F4F8-7E62-445C-8F61-3B2CCC17030B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-19] (globalUpdate) <==== ATTENTION
Task: {CCC3D31C-74F6-4D4D-9642-F5FC94F0CCF0} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {E3F75113-8956-44FE-80B1-883962C0C47B} - System32\Tasks\kin_kon_notification_service => C:\Program Files (x86)\kin kon\kin_kon_notification_service.exe [2015-04-11] (FileProperties_CompanyName) <==== ATTENTION
Task: {E7094F26-2328-4D10-9289-B98A8F476615} - System32\Tasks\godzilla_shopper_helper_service => C:\Program Files (x86)\Godzilla Shopper\godzilla_shopper_helper_service.exe [2015-05-30] ()
Task: {F61FF7BB-9190-4EAE-8D5C-7D969F71C466} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5 => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.exe <==== ATTENTION
Task: {F9682A30-416E-4AFD-AF8E-00F50FF079AD} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4 => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.exe <==== ATTENTION
Task: {F9ED8A6D-231C-484B-A511-6596333398AB} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2 => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exeù/KNosn /ceSvSK=task /heUCr='Torntv V9.0' /PpSKBO=51390 /FqNnsylxw='001062' /asCBYCeX='0' /tdZTLM='0' /rYJRMSPK=A7D4542B86C64E07BB199650E3828318IE /GjLwxmx=777c5f7570c4f523c58da29776173d9b /vTpzEx=1_34_3_28 /eUIoWTDb=1.34.3.28 /owweQb=1398707470 /awRUFZ=http:/stats.clientdemocloud.com /dGfIRu=http:/errors.clientdemocloud.com /XdRbiHzea=http:/cr.install-daddy.com /pGPTYifb=ch /teQgT /XDdFXOUod='http:/update.clientdemocloud.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.job => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.exeß/XoCWy /heUCr='Torntv V9.0' /PpSKBO=51390 /FqNnsylxw='001062' /asCBYCeX='0' /tdZTLM='0' /rYJRMSPK=A7D4542B86C64E07BB199650E3828318IE /GjLwxmx=777c5f7570c4f523c58da29776173d9b /vTpzEx=1_34_3_28 /owweQb=1398707470 /awRUFZ=http:/stats.clientdemocloud.com /dGfIRu=http:/errors.clientdemocloud.com /cYArD=11111111-1111-1111-1111-110511131190 /pGPTYifb=ch /teQgT /XDdFXOUod='http:/update.clientdemocloud.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.job => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.exe®/zbLvJxp /heUCr='Torntv V9.0' /LwCYe C:\Program Files (x86)\Torntv V9.0\51390.xpi' /PpSKBO=51390 /FqNnsylxw='001062' /asCBYCeX='0' /tdZTLM='0' /rYJRMSPK=A7D4542B86C64E07BB199650E3828318IE /GjLwxmx=777c5f7570c4f523c58da29776173d9b /vTpzEx=1_34_3_28 /eUIoWTDb=1.34.3.28 /owweQb=1398707470 /awRUFZ=http:/stats.clientdemocloud.com /dGfIRu=http:/errors.clientdemocloud.com /PJmiDDcv=300 /krczaMzH=5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com /QENJRXKAQ=0.94 /GVDAy=a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390 /LpxRXSk=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/51390.rdf /nNiSqAI='Torntv V9.0' /dLGCLWsIV='The must-have App extensions for Television fans! Watch free TV channels, live sports and more' /lDyVOM='installdaddy' /pGPTYifb=ch /teQgT /zZpAkr /kHGMgPVW /XDdFXOUod='http:/update.clientdemocloud.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.job => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.exe/GZvOTW /heUCr='Torntv V9.0' /PpSKBO=51390 /FqNnsylxw='001062' /asCBYCeX='0' /tdZTLM='0' /rYJRMSPK=A7D4542B86C64E07BB199650E3828318IE /GjLwxmx=777c5f7570c4f523c58da29776173d9b /vTpzEx=1_34_3_28 /owweQb=1398707470 /awRUFZ=http:/stats.clientdemocloud.com /dGfIRu=http:/errors.clientdemocloud.com /QXhcmrQ=http:/ipgeoapi.com/ /bmVVI=http:/update.clientdemocloud.com /dlzwP=2 /UMGJC=http:/logs.clientdemocloud.com /XDdFXOUod='http:/update.clientdemocloud.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exeø/PEkTOtrv /BEgyH=task /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1400518182 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /dxMDrPipt=http:/cr.install-daddy.com /PviVuL=ch /Vzwlk /zUjti='http:/update.clientstaticserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.exeß/rrjVClNe /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /MNGad=1400518182 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /PIppLG=11111111-1111-1111-1111-110511131190 /PviVuL=ch /Vzwlk /zUjti='http:/update.clientstaticserv.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.exe³/JkozhpUYu /SBwmFc='Torntv V9.0' /lAPnyfXfh C:\Program Files (x86)\Torntv V9.0\51390.xpi' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1400518182 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /GdfOrZC=300 /jQrbw=5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com /OBwmOGsiH=0.94 /wHxOilHE=a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390 /ExCEk=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/51390.rdf /LFwkfeDs='Torntv V9.0' /cMpdDDSu='The must-have App extensions for Television fans! Watch free TV channels, live sports and more' /LMEWh='installdaddy' /PviVuL=ch /Vzwlk /vdCqigHFf /sUQQpUpj /zUjti='http:/update.clientstaticserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.exe/JMriPzevx /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /MNGad=1400518182 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /KiMNO=http:/ipgeoapi.com/ /mRrSTLpUC=http:/update.clientstaticserv.com /mmmzpi=2 /MfNyMEV=http:/logs.clientstaticserv.com /zUjti='http:/update.clientstaticserv.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exeþ/bAScVrp /BEgyH=task /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1400517984 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /dxMDrPipt=http:/cr.install-daddy.com /PviVuL=ch /QwjVucGTf /ZgHbvep='nova' /zUjti='http:/update.clientstaticserv.com/novacode/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-nova.exeè/SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1400517984 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /dxMDrPipt=http:/cr.install-daddy.com /PviVuL=ch /QwjVucGTf /ZgHbvep='nova' /zUjti='http:/update.clientstaticserv.com/novarun/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\godzilla_shopper_helper_service.job => C:\Program Files (x86)\Godzilla Shopper\godzilla_shopper_helper_service.exe
Task: C:\WINDOWS\Tasks\kin_kon_notification_service.job => C:\Program Files (x86)\kin kon\kin_kon_notification_service.exeã/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='kin kon' /appid='73143' /srcid='2913' /bic='cfc1cf92c617791b53a6d97e3b63a5ec' /verifier='36e5a9867e47f351c9b19d08ba952cdb' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION
Task: C:\WINDOWS\Tasks\kin_kon_updating_service.job => C:\Program Files (x86)\kin kon\kin_kon_updating_service.exe¨ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=kin_kon_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION
C:\PROGRA~2\ELITEU~2
C:\Program Files (x86)\Torntv V9.0
C:\Program Files (x86)\Godzilla Shopper
C:\Program Files (x86)\XTab
C:\Program Files (x86)\sauve nEt
C:\Users\Rooha\AppData\Local\Rich Media Player
C:\Users\Rooha\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\ExpressFiles
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#6
143mithrandil

Posted 08 July 2015 - 09:00 AM

New Member

Topic Starter
Member
6 posts

Hello, I did as instructed, and here's the quoted Log of Fix done by the FRST.exe.. I'll now move on to the other step!

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015

Ran by Rooha at 2015-07-08 20:22:21 Run:1

Running from C:\Users\Rooha\Downloads\Programs

Loaded Profiles: Rooha (Available Profiles: Rooha)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe

HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe

Startup: C:\Users\Rooha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e.lnk [2015-06-05]

ShortcutTarget: e.lnk -> C:\Users\Rooha\AppData\Roaming\obibafktai.exe ()

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...ZN3RSTLP3RSTLPX

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartse...q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...ZN3RSTLP3RSTLPX

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartse...q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...ZN3RSTLP3RSTLPX

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...ZN3RSTLP3RSTLPX

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...123621&tsp=5029

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}

SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartse...q={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54348-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms}

SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54348-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}

SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com...q={searchTerms}

SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://do-search.com...q={searchTerms}

SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com...q={searchTerms}

SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com...q={searchTerms}

SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://do-search.com...q={searchTerms}

SearchScopes: HKU\S-1-5-21-1071033344-2270758295-2084488698-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com...q={searchTerms}

BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll No File

BHO: sauve nEt -> {3EC13336-07E6-23FB-1D9F-F1368407973B} -> C:\Program Files (x86)\sauve nEt\pxigY7.x64.dll No File

BHO-x32: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll No File

BHO-x32: sauve nEt -> {3EC13336-07E6-23FB-1D9F-F1368407973B} -> C:\Program Files (x86)\sauve nEt\pxigY7.dll No File

BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-15] (Thinknice Co. Limited)

BHO-x32: Rich Media Downloader -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> C:\Users\Rooha\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll No File

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-05-19] (globalUpdate)

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-05-19] (globalUpdate)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()

CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Web Cake\WebCakeLayers.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [Not Found]

S4 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-19] (globalUpdate) [File not signed] <==== ATTENTION

S4 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-19] (globalUpdate) [File not signed] <==== ATTENTION

R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-15] (XTab system)

R2 VSSS; C:\Users\Rooha\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106348544 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION

U4 BthAvrcpTg; No ImagePath

S4 BthHFEnum; No ImagePath

U4 bthhfhid; No ImagePath

S4 BthHFSrv; No ImagePath

R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]

2015-07-08 10:55 - 2015-07-08 10:55 - 00000000 ____D C:\ProgramData\IHProtectUpDate

2015-07-07 17:59 - 2015-07-08 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit

2015-07-07 17:59 - 2015-07-08 08:49 - 00000000 ____D C:\Program Files (x86)\TweakBit

2015-07-07 17:59 - 2015-07-07 18:21 - 00000000 ____D C:\ProgramData\TweakBit

2015-07-07 12:56 - 2015-07-07 12:56 - 00000000 ____D C:\Program Files (x86)\sauve nEt

2015-07-04 20:30 - 2015-07-04 20:30 - 00019369 _____ C:\Users\Rooha\Downloads\Naruto Shippuden 418 [EnG SuB] 480p L@mBerT ---[www.bts.to]--- .torrent

2015-07-08 16:17 - 2014-05-19 22:17 - 00001384 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job

2015-07-08 16:17 - 2014-05-19 22:17 - 00001322 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job

2015-07-08 12:40 - 2015-05-30 22:26 - 00000570 _____ C:\WINDOWS\Tasks\godzilla_shopper_helper_service.job

2015-07-08 12:40 - 2015-04-18 18:26 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-07-08 12:40 - 2015-04-11 10:26 - 00001328 _____ C:\WINDOWS\Tasks\kin_kon_notification_service.job

2015-07-08 12:40 - 2015-04-11 10:26 - 00000690 _____ C:\WINDOWS\Tasks\kin_kon_updating_service.job

2015-07-08 12:40 - 2014-05-19 22:18 - 00001472 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job

2015-07-08 12:40 - 2014-05-19 22:17 - 00002278 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job

2015-07-08 12:40 - 2014-05-19 22:17 - 00001374 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job

2015-07-08 12:40 - 2014-05-19 22:17 - 00001348 _____ C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job

2015-07-08 12:40 - 2014-05-19 22:16 - 00000972 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job

2015-07-08 12:40 - 2014-04-28 23:22 - 00001456 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.job

2015-07-08 12:40 - 2014-04-28 23:22 - 00001376 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1.job

2015-07-08 12:40 - 2014-04-28 23:22 - 00001348 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.job

2015-07-08 12:40 - 2014-04-28 23:21 - 00002806 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.job

2015-07-08 12:40 - 2014-04-28 23:21 - 00002274 _____ C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job

2015-07-08 12:04 - 2013-07-21 13:01 - 00000000 ____D C:\Users\Rooha\AppData\Roaming\DMCache

2015-07-08 11:59 - 2015-05-16 07:35 - 00000000 ____D C:\Program Files (x86)\XTab

2015-07-08 10:50 - 2015-05-30 22:26 - 00000000 ____D C:\Program Files (x86)\Godzilla Shopper

2015-07-08 10:50 - 2015-04-11 10:26 - 00000000 ____D C:\Program Files (x86)\kin kon

2015-07-08 10:50 - 2014-12-27 11:19 - 00000000 ____D C:\Program Files (x86)\DeltaFix

2015-07-08 10:50 - 2014-12-27 11:15 - 00000000 ____D C:\Program Files (x86)\Google Quick Scroll

2015-07-08 10:50 - 2014-12-27 11:13 - 00000000 ____D C:\ProgramData\nknlmlajddmfpkhpijbcpdgmlgimhoik

2015-07-08 10:50 - 2014-12-23 16:11 - 00000000 ____D C:\ProgramData\ajfplcaclbebhbehdgdjnalgdmglafln

2015-07-08 10:50 - 2014-05-19 22:16 - 00000000 ____D C:\Program Files (x86)\Torntv V9.0

2015-07-08 10:50 - 2014-04-22 21:38 - 00000000 ____D C:\ProgramData\sauve nEt

2015-07-08 10:50 - 2014-04-22 21:37 - 00000000 ____D C:\ProgramData\fa7b41d15429ec4b

2015-06-29 22:25 - 2014-05-19 22:16 - 00000976 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job

2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieUserList

2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieSiteList

2015-06-16 00:32 - 2015-01-01 21:07 - 00000000 __SHD C:\Users\Rooha\AppData\Local\EmieBrowserModeList

2015-06-05 01:44 - 2015-06-05 01:44 - 68300800 __RSH () C:\Users\Rooha\AppData\Roaming\obibafktai.exe

Task: {0568C803-6E74-4882-8B5D-E60492B7A61B} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3 => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.exe <==== ATTENTION

Task: {2BBF2296-1230-4470-BE08-551C98546D36} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1 => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe <==== ATTENTION

Task: {4AD18C2F-140F-4773-AB3E-51DCC47B5284} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5 => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.exe <==== ATTENTION

Task: {5A32284A-997F-4F91-8DB3-AC02A3C0FE88} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7 => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-nova.exe [2014-05-19] (installdaddy) <==== ATTENTION

Task: {5D3A5308-39A1-492E-9BC0-33F208E9A4B3} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6 => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exe <==== ATTENTION

Task: {68C8BC4F-4529-4CCA-8D31-17BECCA42A92} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4 => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.exe <==== ATTENTION

Task: {7266C889-5E94-451E-A5D3-6619743E0C46} - System32\Tasks\kin_kon_updating_service => C:\Program Files (x86)\kin kon\kin_kon_updating_service.exe [2015-04-11] () <==== ATTENTION

Task: {75AC46A1-FF17-4DFB-9BD9-C701BD26569C} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1 => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe <==== ATTENTION

Task: {7FCCFD59-C206-4A92-B817-E889AFA047CB} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-19] (globalUpdate) <==== ATTENTION

Task: {984A2477-3958-4BF7-B72A-61EA2557A8D1} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2 => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.exe <==== ATTENTION

Task: {A5A1448A-49F7-4950-9F59-BC5D0B4D5BFA} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION

Task: {B0F0F4F8-7E62-445C-8F61-3B2CCC17030B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-19] (globalUpdate) <==== ATTENTION

Task: {CCC3D31C-74F6-4D4D-9642-F5FC94F0CCF0} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION

Task: {E3F75113-8956-44FE-80B1-883962C0C47B} - System32\Tasks\kin_kon_notification_service => C:\Program Files (x86)\kin kon\kin_kon_notification_service.exe [2015-04-11] (FileProperties_CompanyName) <==== ATTENTION

Task: {E7094F26-2328-4D10-9289-B98A8F476615} - System32\Tasks\godzilla_shopper_helper_service => C:\Program Files (x86)\Godzilla Shopper\godzilla_shopper_helper_service.exe [2015-05-30] ()

Task: {F61FF7BB-9190-4EAE-8D5C-7D969F71C466} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5 => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.exe <==== ATTENTION

Task: {F9682A30-416E-4AFD-AF8E-00F50FF079AD} - System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4 => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.exe <==== ATTENTION

Task: {F9ED8A6D-231C-484B-A511-6596333398AB} - System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2 => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exeù/KNosn /ceSvSK=task /heUCr='Torntv V9.0' /PpSKBO=51390 /FqNnsylxw='001062' /asCBYCeX='0' /tdZTLM='0' /rYJRMSPK=A7D4542B86C64E07BB199650E3828318IE /GjLwxmx=777c5f7570c4f523c58da29776173d9b /vTpzEx=1_34_3_28 /eUIoWTDb=1.34.3.28 /owweQb=1398707470 /awRUFZ=http:/stats.clientdemocloud.com /dGfIRu=http:/errors.clientdemocloud.com /XdRbiHzea=http:/cr.install-daddy.com /pGPTYifb=ch /teQgT /XDdFXOUod='http:/update.clientdemocloud.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.job => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.exeß/XoCWy /heUCr='Torntv V9.0' /PpSKBO=51390 /FqNnsylxw='001062' /asCBYCeX='0' /tdZTLM='0' /rYJRMSPK=A7D4542B86C64E07BB199650E3828318IE /GjLwxmx=777c5f7570c4f523c58da29776173d9b /vTpzEx=1_34_3_28 /owweQb=1398707470 /awRUFZ=http:/stats.clientdemocloud.com /dGfIRu=http:/errors.clientdemocloud.com /cYArD=11111111-1111-1111-1111-110511131190 /pGPTYifb=ch /teQgT /XDdFXOUod='http:/update.clientdemocloud.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.job => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.exe®/zbLvJxp /heUCr='Torntv V9.0' /LwCYe C:\Program Files (x86)\Torntv V9.0\51390.xpi' /PpSKBO=51390 /FqNnsylxw='001062' /asCBYCeX='0' /tdZTLM='0' /rYJRMSPK=A7D4542B86C64E07BB199650E3828318IE /GjLwxmx=777c5f7570c4f523c58da29776173d9b /vTpzEx=1_34_3_28 /eUIoWTDb=1.34.3.28 /owweQb=1398707470 /awRUFZ=http:/stats.clientdemocloud.com /dGfIRu=http:/errors.clientdemocloud.com /PJmiDDcv=300 /krczaMzH=5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com /QENJRXKAQ=0.94 /GVDAy=a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390 /LpxRXSk=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/51390.rdf /nNiSqAI='Torntv V9.0' /dLGCLWsIV='The must-have App extensions for Television fans! Watch free TV channels, live sports and more' /lDyVOM='installdaddy' /pGPTYifb=ch /teQgT /zZpAkr /kHGMgPVW /XDdFXOUod='http:/update.clientdemocloud.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.job => C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.exe/GZvOTW /heUCr='Torntv V9.0' /PpSKBO=51390 /FqNnsylxw='001062' /asCBYCeX='0' /tdZTLM='0' /rYJRMSPK=A7D4542B86C64E07BB199650E3828318IE /GjLwxmx=777c5f7570c4f523c58da29776173d9b /vTpzEx=1_34_3_28 /owweQb=1398707470 /awRUFZ=http:/stats.clientdemocloud.com /dGfIRu=http:/errors.clientdemocloud.com /QXhcmrQ=http:/ipgeoapi.com/ /bmVVI=http:/update.clientdemocloud.com /dlzwP=2 /UMGJC=http:/logs.clientdemocloud.com /XDdFXOUod='http:/update.clientdemocloud.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exeø/PEkTOtrv /BEgyH=task /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1400518182 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /dxMDrPipt=http:/cr.install-daddy.com /PviVuL=ch /Vzwlk /zUjti='http:/update.clientstaticserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.exeß/rrjVClNe /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /MNGad=1400518182 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /PIppLG=11111111-1111-1111-1111-110511131190 /PviVuL=ch /Vzwlk /zUjti='http:/update.clientstaticserv.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.exe³/JkozhpUYu /SBwmFc='Torntv V9.0' /lAPnyfXfh C:\Program Files (x86)\Torntv V9.0\51390.xpi' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1400518182 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /GdfOrZC=300 /jQrbw=5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com /OBwmOGsiH=0.94 /wHxOilHE=a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390 /ExCEk=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/51390.rdf /LFwkfeDs='Torntv V9.0' /cMpdDDSu='The must-have App extensions for Television fans! Watch free TV channels, live sports and more' /LMEWh='installdaddy' /PviVuL=ch /Vzwlk /vdCqigHFf /sUQQpUpj /zUjti='http:/update.clientstaticserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job => C:\Program Files (x86)\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.exe/JMriPzevx /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /MNGad=1400518182 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /KiMNO=http:/ipgeoapi.com/ /mRrSTLpUC=http:/update.clientstaticserv.com /mmmzpi=2 /MfNyMEV=http:/logs.clientstaticserv.com /zUjti='http:/update.clientstaticserv.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exeþ/bAScVrp /BEgyH=task /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1400517984 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /dxMDrPipt=http:/cr.install-daddy.com /PviVuL=ch /QwjVucGTf /ZgHbvep='nova' /zUjti='http:/update.clientstaticserv.com/novacode/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-nova.exeè/SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=A7D4542B86C64E07BB199650E3828318IE /gRMsA=777c5f7570c4f523c58da29776173d9b /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1400517984 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /dxMDrPipt=http:/cr.install-daddy.com /PviVuL=ch /QwjVucGTf /ZgHbvep='nova' /zUjti='http:/update.clientstaticserv.com/novarun/{CAMP_ID}/update.jso <==== ATTENTION

Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\godzilla_shopper_helper_service.job => C:\Program Files (x86)\Godzilla Shopper\godzilla_shopper_helper_service.exe

Task: C:\WINDOWS\Tasks\kin_kon_notification_service.job => C:\Program Files (x86)\kin kon\kin_kon_notification_service.exeã/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='kin kon' /appid='73143' /srcid='2913' /bic='cfc1cf92c617791b53a6d97e3b63a5ec' /verifier='36e5a9867e47f351c9b19d08ba952cdb' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION

Task: C:\WINDOWS\Tasks\kin_kon_updating_service.job => C:\Program Files (x86)\kin kon\kin_kon_updating_service.exe¨ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=kin_kon_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION

C:\PROGRA~2\ELITEU~2

C:\Program Files (x86)\Torntv V9.0

C:\Program Files (x86)\Godzilla Shopper

C:\Program Files (x86)\XTab

C:\Program Files (x86)\sauve nEt

C:\Users\Rooha\AppData\Local\Rich Media Player

C:\Users\Rooha\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe

C:\Program Files\kprocesshacker.sys

C:\Program Files (x86)\globalUpdate

C:\Program Files (x86)\ExpressFiles

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Error: (0) Failed to create a restore point.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Elite Unzip AppIntegrator 32-bit => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Elite Unzip AppIntegrator 64-bit => value removed successfully

C:\Users\Rooha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e.lnk => moved successfully.

C:\Users\Rooha\AppData\Roaming\obibafktai.exe => moved successfully.

"HKLM\SOFTWARE\Policies\Google" => key removed successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value removed successfully

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully

HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully

HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully

HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully

HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value removed successfully

"HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

"HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully

HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.

"HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => key removed successfully

HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found.

"HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully

HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.

"HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully

HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.

"HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key removed successfully

HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}" => key removed successfully

"HKCR\CLSID\{11111111-1111-1111-1111-110511131190}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC13336-07E6-23FB-1D9F-F1368407973B}" => key removed successfully

"HKCR\CLSID\{3EC13336-07E6-23FB-1D9F-F1368407973B}" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511131190}" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC13336-07E6-23FB-1D9F-F1368407973B}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{3EC13336-07E6-23FB-1D9F-F1368407973B}" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key removed successfully

C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => moved successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key removed successfully

C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.

C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll => moved successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo" => key removed successfully

globalUpdate => Service removed successfully

globalUpdatem => Service removed successfully

IHProtect Service => Unable to stop service.

IHProtect Service => Service removed successfully

VSSS => Unable to stop service.

VSSS => Service removed successfully

BthAvrcpTg => Service removed successfully

BthHFEnum => Service removed successfully

bthhfhid => Service removed successfully

BthHFSrv => Service removed successfully

KProcessHacker2 => Unable to stop service.

KProcessHacker2 => Service removed successfully

C:\ProgramData\IHProtectUpDate => moved successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit => moved successfully.

C:\Program Files (x86)\TweakBit => moved successfully.

C:\ProgramData\TweakBit => moved successfully.

C:\Program Files (x86)\sauve nEt => moved successfully.

C:\Users\Rooha\Downloads\Naruto Shippuden 418 [EnG SuB] 480p L@mBerT ---[www.bts.to]--- .torrent => moved successfully.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job => moved successfully.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job => moved successfully.

C:\WINDOWS\Tasks\godzilla_shopper_helper_service.job => moved successfully.

C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.

C:\WINDOWS\Tasks\kin_kon_notification_service.job => moved successfully.

C:\WINDOWS\Tasks\kin_kon_updating_service.job => moved successfully.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job => moved successfully.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job => moved successfully.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job => moved successfully.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job => moved successfully.

C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.job => moved successfully.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1.job => moved successfully.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.job => moved successfully.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.job => moved successfully.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job => moved successfully.

C:\Users\Rooha\AppData\Roaming\DMCache => moved successfully.

C:\Program Files (x86)\XTab => moved successfully.

C:\Program Files (x86)\Godzilla Shopper => moved successfully.

C:\Program Files (x86)\kin kon => moved successfully.

C:\Program Files (x86)\DeltaFix => moved successfully.

C:\Program Files (x86)\Google Quick Scroll => moved successfully.

C:\ProgramData\nknlmlajddmfpkhpijbcpdgmlgimhoik => moved successfully.

C:\ProgramData\ajfplcaclbebhbehdgdjnalgdmglafln => moved successfully.

C:\Program Files (x86)\Torntv V9.0 => moved successfully.

C:\ProgramData\sauve nEt => moved successfully.

C:\ProgramData\fa7b41d15429ec4b => moved successfully.

C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully.

C:\Users\Rooha\AppData\Local\EmieUserList => moved successfully.

C:\Users\Rooha\AppData\Local\EmieSiteList => moved successfully.

C:\Users\Rooha\AppData\Local\EmieBrowserModeList => moved successfully.

"C:\Users\Rooha\AppData\Roaming\obibafktai.exe" => File/Folder not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0568C803-6E74-4882-8B5D-E60492B7A61B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0568C803-6E74-4882-8B5D-E60492B7A61B}" => key removed successfully

C:\Windows\System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\00e1002c-7029-4aa8-96af-5a4f99b861b7-3" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BBF2296-1230-4470-BE08-551C98546D36}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BBF2296-1230-4470-BE08-551C98546D36}" => key removed successfully

C:\Windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a7982934-0630-49b5-bdb1-d23d83f53ffd-1" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4AD18C2F-140F-4773-AB3E-51DCC47B5284}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AD18C2F-140F-4773-AB3E-51DCC47B5284}" => key removed successfully

C:\Windows\System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\00e1002c-7029-4aa8-96af-5a4f99b861b7-5" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A32284A-997F-4F91-8DB3-AC02A3C0FE88}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A32284A-997F-4F91-8DB3-AC02A3C0FE88}" => key removed successfully

C:\Windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a7982934-0630-49b5-bdb1-d23d83f53ffd-7" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D3A5308-39A1-492E-9BC0-33F208E9A4B3}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D3A5308-39A1-492E-9BC0-33F208E9A4B3}" => key removed successfully

C:\Windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a7982934-0630-49b5-bdb1-d23d83f53ffd-6" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68C8BC4F-4529-4CCA-8D31-17BECCA42A92}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68C8BC4F-4529-4CCA-8D31-17BECCA42A92}" => key removed successfully

C:\Windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a7982934-0630-49b5-bdb1-d23d83f53ffd-4" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7266C889-5E94-451E-A5D3-6619743E0C46}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7266C889-5E94-451E-A5D3-6619743E0C46}" => key removed successfully

C:\Windows\System32\Tasks\kin_kon_updating_service => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kin_kon_updating_service" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75AC46A1-FF17-4DFB-9BD9-C701BD26569C}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75AC46A1-FF17-4DFB-9BD9-C701BD26569C}" => key removed successfully

C:\Windows\System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\00e1002c-7029-4aa8-96af-5a4f99b861b7-1" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FCCFD59-C206-4A92-B817-E889AFA047CB}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FCCFD59-C206-4A92-B817-E889AFA047CB}" => key removed successfully

C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{984A2477-3958-4BF7-B72A-61EA2557A8D1}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{984A2477-3958-4BF7-B72A-61EA2557A8D1}" => key removed successfully

C:\Windows\System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\00e1002c-7029-4aa8-96af-5a4f99b861b7-2" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5A1448A-49F7-4950-9F59-BC5D0B4D5BFA}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5A1448A-49F7-4950-9F59-BC5D0B4D5BFA}" => key removed successfully

C:\Windows\System32\Tasks\Express FilesUpdate => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0F0F4F8-7E62-445C-8F61-3B2CCC17030B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0F0F4F8-7E62-445C-8F61-3B2CCC17030B}" => key removed successfully

C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCC3D31C-74F6-4D4D-9642-F5FC94F0CCF0}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCC3D31C-74F6-4D4D-9642-F5FC94F0CCF0}" => key removed successfully

C:\Windows\System32\Tasks\BitGuard => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3F75113-8956-44FE-80B1-883962C0C47B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3F75113-8956-44FE-80B1-883962C0C47B}" => key removed successfully

C:\Windows\System32\Tasks\kin_kon_notification_service => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kin_kon_notification_service" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7094F26-2328-4D10-9289-B98A8F476615}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7094F26-2328-4D10-9289-B98A8F476615}" => key removed successfully

C:\Windows\System32\Tasks\godzilla_shopper_helper_service => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\godzilla_shopper_helper_service" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F61FF7BB-9190-4EAE-8D5C-7D969F71C466}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F61FF7BB-9190-4EAE-8D5C-7D969F71C466}" => key removed successfully

C:\Windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a7982934-0630-49b5-bdb1-d23d83f53ffd-5" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9682A30-416E-4AFD-AF8E-00F50FF079AD}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9682A30-416E-4AFD-AF8E-00F50FF079AD}" => key removed successfully

C:\Windows\System32\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\00e1002c-7029-4aa8-96af-5a4f99b861b7-4" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9ED8A6D-231C-484B-A511-6596333398AB}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9ED8A6D-231C-484B-A511-6596333398AB}" => key removed successfully

C:\Windows\System32\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a7982934-0630-49b5-bdb1-d23d83f53ffd-2" => key removed successfully

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-1.job not found.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-2.job not found.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-3.job not found.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job not found.

C:\WINDOWS\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-5.job not found.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job not found.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job not found.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-4.job not found.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job not found.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-6.job not found.

C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-7.job not found.

C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job not found.

C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job not found.

C:\WINDOWS\Tasks\godzilla_shopper_helper_service.job not found.

C:\WINDOWS\Tasks\kin_kon_notification_service.job not found.

C:\WINDOWS\Tasks\kin_kon_updating_service.job not found.

"C:\PROGRA~2\ELITEU~2" => File/Folder not found.

"C:\Program Files (x86)\Torntv V9.0" => File/Folder not found.

"C:\Program Files (x86)\Godzilla Shopper" => File/Folder not found.

"C:\Program Files (x86)\XTab" => File/Folder not found.

"C:\Program Files (x86)\sauve nEt" => File/Folder not found.

"C:\Users\Rooha\AppData\Local\Rich Media Player" => File/Folder not found.

C:\Users\Rooha\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.

"C:\Program Files\kprocesshacker.sys" => File/Folder not found.

C:\Program Files (x86)\globalUpdate => moved successfully.

"C:\Program Files (x86)\ExpressFiles" => File/Folder not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-1071033344-2270758295-2084488698-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {842A67DF-10F3-4F96-8F5E-C39E6E5AB480}.

Unable to cancel {A2238A6D-A4C5-4925-BCCA-7818007C6C8A}.

Unable to cancel {342669F5-8E32-43DF-BA26-47FD600CD58F}.

Unable to cancel {E5F64E65-6B83-4A05-A9FF-4C149CF80D8D}.

Unable to cancel {58427222-0BD8-4D78-967E-DA5311AAD227}.

Unable to cancel {AEADC02A-4A78-4425-B26C-FEC2CA6AFBCE}.

Unable to cancel {1C47AC34-46CC-437B-BA3B-F888823E3896}.

Unable to cancel {D18D0CCD-E3E0-47F3-BEDE-B70D3303D94F}.

Unable to cancel {99B37532-6221-4651-9192-37D88DBBE8C4}.

Unable to cancel {0428C8C9-509D-41CC-B307-348A9C57142E}.

Unable to cancel {8434DD51-516C-48EF-A7B5-4FFEF9930103}.

Unable to cancel {E27FB9EE-DD8B-4EAF-BD64-8A34518C9F81}.

Unable to cancel {4E76B6D3-A9CE-462C-A26A-6A6246DF6063}.

Unable to cancel {776F1598-118C-4201-AB56-445966548BB6}.

Unable to cancel {120DF127-50D1-4267-A130-CBD2C609333F}.

Unable to cancel {356A110E-7961-4D45-8B1C-E357C9042982}.

Unable to cancel {FED67CD9-E5B4-45FE-8D30-5839E524FFC7}.

Unable to cancel {0DFC0A11-9748-4A6F-96C7-24EE467480C6}.

Unable to cancel {4642F926-F9C0-42C7-82DE-C0921A824C2A}.

Unable to cancel {1FFABEB3-2074-47F8-A007-B63D52677D4F}.

Unable to cancel {6EB54AFF-8E1C-44F3-8AB6-22E610960421}.

Unable to cancel {590013BD-9C42-4DA6-B708-FE7A0DB32E72}.

Unable to cancel {4EA67E28-EE3B-4F05-8137-99764DBC6543}.

Unable to cancel {4A541CD9-BE62-4A4F-B02B-5367297E1179}.

Unable to cancel {5625BC52-9AC1-400D-BAC4-E575AA9CD485}.

Unable to cancel {D0E4D425-40A4-40E9-A439-C04B934937A5}.

Unable to cancel {B696BD84-C94A-45AF-8175-EC0EB1CCF790}.

Unable to cancel {7AC6ACEA-9B18-4B20-8991-98A5DC32006D}.

Unable to cancel {45B97104-5F25-4FAB-9741-0F437F6B8A5F}.

Unable to cancel {F43E11C0-9C1D-4ACB-8668-0D1F75D79AE3}.

Unable to cancel {FCFECE82-A3EB-48D4-94AE-38BC22629E6B}.

Unable to cancel {1CEEC582-1193-449C-8D4C-5B74F3CCFEF4}.

Unable to cancel {41D53370-2942-4F54-BE2B-27CD1B17B625}.

Unable to cancel {A2B5B68E-83AB-4222-8474-F4014E235278}.

Unable to cancel {DDBBA112-1059-45BC-B07F-A24069B89E23}.

Unable to cancel {6EDA876F-91F7-46AF-8DEE-DD7BDD654FA7}.

Unable to cancel {44703172-579B-407C-B2FA-E6885B93CF84}.

Unable to cancel {4FC6237F-9277-4C48-8DAD-20B69081DE5E}.

Unable to cancel {D9E1556B-C1AC-4D0B-A8AF-FF91BC6097EA}.

Unable to cancel {658393A7-36E6-4A31-8D73-B12B34207A28}.

Unable to cancel {67EF51B4-123C-4675-96AD-0BAEE802E273}.

Unable to cancel {B728ADE8-25AE-43F4-B61F-413A8AB1BAB0}.

Unable to cancel {E3619DBF-AC60-4DBE-BA23-04D8DBDE4D77}.

Unable to cancel {0E1098D8-EA71-4485-A32A-09BFCA6572CF}.

Unable to cancel {8CF4FFEF-ACDE-480E-BC2D-1A40892A1BBE}.

Unable to cancel {E31B9FE3-A9D0-4232-BCB2-6FEFF5597230}.

Unable to cancel {0C0312FC-BA27-4BBC-B21C-22A43A044938}.

Unable to cancel {4E075AFF-7AC8-456D-A3EB-406ABF498A83}.

Unable to cancel {11407548-6CE8-4B31-B874-2DA10C79BE23}.

Unable to cancel {30E6B206-1507-43DB-BBA8-07C0428786D9}.

Unable to cancel {C41C1806-FD7F-4B87-9ADD-814AEEB67FEA}.

Unable to cancel {8E29DF0B-0C96-4FE1-A553-9DDE2875E80C}.

Unable to cancel {E9A7B10C-02C2-47B8-8F67-707679981894}.

Unable to cancel {B5BA2B2B-706A-4906-8E01-F9714B5D3FAB}.

Unable to cancel {7BA41445-300A-4283-B03C-7A995247A8B7}.

Unable to cancel {8B400A1C-F9A7-486C-8B77-D29B4A13D473}.

Unable to cancel {ACE51017-ACE5-4B55-A5A6-8CE2FCAA5B4F}.

Unable to cancel {6712C60F-04CA-4C3D-B683-51C048339006}.

Unable to cancel {5F045C25-EF77-4116-9A65-0A607091048C}.

Unable to cancel {7E6E0753-8EC1-4B99-B7F5-3FB0E74BE0D3}.

Unable to cancel {BC3AFA3F-5F21-486A-A305-3D0CFA55A4F4}.

Unable to cancel {52DA8436-7CFB-4CD8-9FC9-75C18AAFD92B}.

Unable to cancel {3A05E72C-02CD-48AA-8542-20147A760D0A}.

Unable to cancel {7F6D943F-37FB-4FA3-8CFC-97277484462B}.

Unable to cancel {BB405959-AA3C-4663-9F2B-6E1A711E2939}.

Unable to cancel {8BF96B6F-E665-4BBF-BA80-A7452D701851}.

Unable to cancel {75B39A65-E2D4-42E0-89A5-1C75FB15072A}.

Unable to cancel {86C2E569-1FFB-4979-A143-B72B9A6D7B34}.

Unable to cancel {89135950-D42C-4F2A-911E-2F01360090AA}.

Unable to cancel {D9432C64-D6CA-4F06-9F52-F8FF8416FAA3}.

Unable to cancel {843EB44F-04E4-42A4-B804-2A55967AB298}.

Unable to cancel {5C990552-2947-4CF0-BDC4-5080B59C5308}.

Unable to cancel {342ECAB3-000E-42A3-A9E2-A4DD5321127C}.

Unable to cancel {8BF46B45-0AD6-47F0-9A23-8AF5B92B0233}.

Unable to cancel {01B122A0-8A2B-408C-90E4-409F23A13868}.

Unable to cancel {C4C3FD62-6CE3-4116-BBE4-6D6F4812208E}.

Unable to cancel {0351C933-F23B-4754-8BF0-6A4258BED93F}.

Unable to cancel {AEB89EB4-DFFD-4D4C-A349-207B0A958F6C}.

Unable to cancel {11555E88-4E16-4FD1-9DB5-694EF41FBE26}.

Unable to cancel {D492A09D-C665-4CF5-828A-23A89570E546}.

Unable to cancel {BA83F5DB-FC69-4919-9C32-1D91459B18EC}.

Unable to cancel {1A58525C-7BAF-4E70-95C6-C168558FF43A}.

Unable to cancel {5351B588-BB41-4F22-8019-9305765E73E3}.

Unable to cancel {8A388063-DE3B-44F0-BF90-4202FC5D5288}.

Unable to cancel {F0586435-1652-4AC4-9DAD-0C5D874E8086}.

Unable to cancel {AEE203AA-D065-4B01-8ADE-760865591EF1}.

Unable to cancel {81ED88E8-E324-4C27-884E-37C1951B399F}.

Unable to cancel {49FE4DBD-FB35-4812-B4AD-3724DB1ADBDD}.

Unable to cancel {4FD22D5F-6942-4BE7-A39D-D63876E59759}.

Unable to cancel {491344D1-CAF3-41FE-9F6E-63880D5D3B5C}.

Unable to cancel {BEB97B7E-47FF-4E97-9E17-E79B19A51C6D}.

Unable to cancel {BB80C978-4245-454C-AFC6-7D5C9B07D137}.

Unable to cancel {5104B07D-375B-42CA-93A6-A4C12388C72D}.

Unable to cancel {04817019-3D24-48EE-8D2C-D5599EE73B76}.

Unable to cancel {AD572675-ED1C-4DD1-BCE7-AFCE5A4A4963}.

Unable to cancel {BD39F9B3-5599-4B82-9BBB-C14DEC0CF303}.

Unable to cancel {A6F0C172-704F-4E16-BFB1-3AD3E5705CCE}.

Unable to cancel {481E3A23-52AF-408B-9267-FFFB02FFB960}.

Unable to cancel {25FECD50-0CE7-4FD8-A4A9-9C55416D59A6}.

Unable to cancel {DC340493-EDD6-4321-BABB-148AD4450384}.

Unable to cancel {B4418A53-BB54-4FDE-9E87-F8D05E060A42}.

Unable to cancel {46380D07-DA7D-4B04-9FF6-7C059BE1EC12}.

Unable to cancel {288A4F08-69EA-4784-B959-0949CD188532}.

Unable to cancel {9FDEAF97-7A94-44A5-A709-E349A9BF7B07}.

Unable to cancel {38767F60-8C16-43BB-8F30-FF6DA711EB3C}.

Unable to cancel {5423E81F-DACB-4178-8F10-AFAC82D85B1C}.

Unable to cancel {3BA8DE41-C35F-4381-8FC0-F57F2F17A11F}.

Unable to cancel {D9BD2209-3964-4CEA-A875-83FB5B2AE74A}.

Unable to cancel {F0269410-F3B7-47D6-8428-5A1BAEDD0EFB}.

Unable to cancel {C6930B97-BCDE-4AE1-B3BA-BE6A9A12D4B8}.

Unable to cancel {0A7A6052-90E9-4B9A-AFB6-E1E86F3B4050}.

Unable to cancel {163B1F30-4DB7-499B-863A-4EB21EF6580C}.

{71F6B0E3-8EB1-4BEC-9AEE-58A7DB503710} canceled.

{44A6B4CA-4263-4E4D-BB8F-B1968B9AB9D8} canceled.

{FA638D6A-A4FB-4662-A99F-C7DF04ACAA42} canceled.

{3D56EE80-F217-4892-B5C0-3E984A329228} canceled.

{606B769D-73F3-4693-AE4A-0C8199D4D526} canceled.

Unable to cancel {59F94B05-D54C-4416-86E9-224BAB8382FE}.

Unable to cancel {B3D33A9A-B68A-431C-B47A-775310EC0567}.

5 out of 119 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 733.5 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 20:23:07 ====

#7
143mithrandil

Posted 08 July 2015 - 09:15 AM

New Member

Topic Starter
Member
6 posts

The AdwCleaner step cleared.. I'm pasting the results here. I hope it goes all well..

# AdwCleaner v4.207 - Logfile created 08/07/2015 at 20:36:58

# Updated 21/06/2015 by Xplode

# Database : 2015-07-05.2 [Server]

# Operating system : Windows 8.1 Single Language (x64)

# Username : Rooha - SPARKLING_STARS

# Running from : C:\Users\Rooha\Desktop\AdwCleaner.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\DSearchLink

Folder Deleted : C:\ProgramData\eSafe

Folder Deleted : C:\ProgramData\IePluginServices

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rich Media Player

Folder Deleted : C:\Program Files (x86)\SupTab

Folder Deleted : C:\Users\Administrator\AppData\Local\torch

Folder Deleted : C:\Users\Guest\AppData\Local\torch

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch

Folder Deleted : C:\Users\Rooha\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Rooha\AppData\Local\torch

Folder Deleted : C:\Users\Rooha\AppData\LocalLow\Delta

Folder Deleted : C:\Users\Rooha\AppData\LocalLow\Torntv V9.0

Folder Deleted : C:\Users\Rooha\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Rooha\AppData\Roaming\ExpressFiles

Folder Deleted : C:\Users\Rooha\AppData\Roaming\EZDownloader

Folder Deleted : C:\Users\Rooha\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Rooha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

Folder Deleted : C:\Users\Rooha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\Rooha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn

Folder Deleted : C:\Users\Rooha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lalfbopdcggfdchjfgkhgnifhippfnco

Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\Rooha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\Rooha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn

Folder Deleted : C:\Users\Rooha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lalfbopdcggfdchjfgkhgnifhippfnco

Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

Folder Deleted : C:\Users\Rooha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapkincajhoihajffehdgglflgloehib

File Deleted : C:\Users\Rooha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Rooha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Rooha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Rooha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\net

Key Deleted : HKLM\SOFTWARE\Classes\net.5.14

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector

Key Deleted : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector.1

Key Deleted : HKCU\Software\d55d98ce26aee41

Key Deleted : HKLM\SOFTWARE\d55d98ce26aee41

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\ExpressFiles

Key Deleted : HKCU\Software\filescout

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Myfree Codec

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SupHpUISoft

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Delta

Key Deleted : HKLM\SOFTWARE\eSafeSecControl

Key Deleted : HKLM\SOFTWARE\ExpressFiles

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions

Key Deleted : HKLM\SOFTWARE\qvo6Software

Key Deleted : HKLM\SOFTWARE\SupDp

Key Deleted : HKLM\SOFTWARE\SupTab

Key Deleted : HKLM\SOFTWARE\supWPM

Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware

Key Deleted : HKLM\SOFTWARE\IHProtect

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}

Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.132

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [19639 bytes] - [08/07/2015 20:34:01]

AdwCleaner[S0].txt - [17122 bytes] - [08/07/2015 20:36:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17182 bytes] ##########

#8
Essexboy

Posted 08 July 2015 - 10:36 AM

GeekU Moderator

Retired Staff
69,964 posts

Is McAfee running properly now ?
How is the computer behaving

Please download Malwarebytes Anti-Malware to your desktop

Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
- Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
- Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

#9
143mithrandil

Posted 09 July 2015 - 10:42 AM

New Member

Topic Starter
Member
6 posts

Hello! The Windows defender is active now! Thanks to you!! We feel so secured with our pc! Thank you so much! We really appreciate your promptitude and dedication! We're so much grateful to you!

About the McAfee, actually, we had already uninstalled it with the intent to restart the windows defender, at which we failed and subsequently sought help from geekstogo.. we have the setup file, which we think would run smoothly... Once again, Thank you so much!!

#10
Essexboy

Posted 09 July 2015 - 10:45 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

#11
Essexboy

Posted 11 July 2015 - 04:07 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →

Also tagged with one or more of these keywords: antivirus, antimalware, windows defender

Security → Virus, Spyware, Malware Removal → Hijacked Windows defender [Closed] Started by relay , 17 Nov 2023 shell, spyware, keylogger and 2 more...	8 replies 3,022 views	DR M 23 Nov 2023
Retired Forums → Windows Vista and Windows 7 → Can I Use Vista With Any Degree of Security? If so, How? Started by Waste of Space , 12 Nov 2020 firewall, vista, security, xp and 4 more...	4 replies 4,923 views	Waste of Space 15 Nov 2020
Security → Virus, Spyware, Malware Removal → 5 days without virus protection! Started by SharonMurray , 29 Oct 2020 Windows 10, Windows Defender and 2 more... 1 2	Hot 20 replies 8,497 views	SharonMurray 03 Nov 2020
Security → Virus, Spyware, Malware Removal → I think my laptop is infected by virus idk, pls help me. [Closed] Started by jasmallari12 , 26 Feb 2019 Virus, malware, malware removal and 5 more...	8 replies 5,388 views	JSntgRvr 06 Mar 2019
Security → Virus, Spyware, Malware Removal → Cleaning Up PC, Found Out Windows Defender Was Hacked Started by Boricua03 , 19 Feb 2018 Windows 10, Registry and 3 more...	1 reply 2,710 views	RKinner 21 Feb 2018