Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to permanently remove kpcgrhynko.vbs file


  • Please log in to reply
26 replies to this topic

#1 justinemaetus

justinemaetus

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 05 October 2013 - 07:21 AM

I can't delete it. I've tried over and over again but it when I refresh it it is there again. It can't be detected by anti virus. How do I remove it?

 



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,221 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 05 October 2013 - 04:30 PM

justinemaetus,

 

  :welcome:  to the BC forums!!

 

Are you wanting to remove the kpcgrhynko.vbs file from your computer, a USB drive, or both?

 

Any files or folders in USB drive(s) become shortcuts?


Edited by Aaflac, 05 October 2013 - 04:30 PM.

To do is to be - Socrates

#3 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 05 October 2013 - 10:29 PM

Both. And whenever I plug in a USB the files all turn into shortcuts. Btw, thank you for replying :D


Edited by justinemaetus, 05 October 2013 - 10:49 PM.


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,221 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 05 October 2013 - 10:53 PM

Thank you for the info. Thought that would be the case, but wanted to make sure.

 

Please do what follows. USBFix and the Farbar Recovery Scan Tool gather information about the computer and the USB drive(s), and from there will determine what needs removed.

 

:step1:  To stop the Autorun feature, download and run the following:
Microsoft Fix It 50471:
http://support.microsoft.com/kb/967715

Scroll down to: How to disable or enable all Autorun features in Windows 7 and other operating systems
Click Run in the File Download dialog box, and follow the steps of the wizard.

 

Note: There is an option to enable Autorun automatically. You can do so later, if you wish.

 

Reboot the system after applying the Microsoft FixIt.

 

:step2:  Please click on the Windows 7 Start button and then on Control Panel
In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

 

In the Advanced settings: area, locate the Hidden files and folders category.

Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)
Click Apply and OK at the bottom of the Folder Options window.

 
:step3:  Next, download UsbFix:
http://www.infospyware.com/utiles/usbfix/

It is a Spanish language website, but the program is in English.
To download. press the button that says: Descagar  (It means: Download)
Save to the Desktop. 

 

:step4:   Next, right-click the downloaded USBFix file and select: Run as Administrator

Connect any problem USB drive!

Press: Research

When done, the program closes on its own, and a report appears.
(The report file is also found at C:\UsbFix.txt)

 

>> Please post the UsbFix.txt (Research Mode) report in your reply.

 

:step5:  Once again, run USBFix as Administrator, but, this time, press: Listing

>> Also post the UsbFix.txt (Listing Mode) report in your reply. 

 

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:

Restart your computer.
 When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu
 Using the arrow keys, select: Safe Mode
 Press the Enter key on your keyboard to boot into the selected mode.

 

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:

Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

When done with USBFix, re-enable your AV!

 

:step6:  Last, please download the Farbar Recovery Scan Tool
Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.

 

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

 

Press the Scan button.

 

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

>> Please provide the FRST.txt in your reply.

 

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.


Edited by Aaflac, 05 October 2013 - 10:55 PM.

To do is to be - Socrates

#5 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 05 October 2013 - 11:16 PM

Quick question, should I back-up my files before doing the instructions?


Edited by justinemaetus, 05 October 2013 - 11:20 PM.


#6 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 06 October 2013 - 01:00 AM

A word document appeared after the listing and it contained this. 

############################## | UsbFix V 7.143 | [Listing]

 

############################## | UsbFix V 7.143 | [Listing]

 

User: Acer (Administrator) # ACER-PC

Updated 05/10/2013 by El Desaparecido - Team SosVirus

Started at 13:59:25 | 06/10/2013

 

Website: http://www.usbfix.net/

Forum : http://www.sosvirus.net/

Upload Malware: http://www.sosvirus.net/upload_malware.php

Contact: http://www.usbfix.net/contact/

 

PC: Acer (Aspire 4755)

CPU: Intel® Core™ i5-2430M CPU @ 2.40GHz

RAM -> [Total : 1888 | Free : 184]

Bios: Phoenix Technologies Ltd.

Boot: Normal boot

 

OS: Microsoft Windows 7 Ultimate  (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 8.0.7600.16385

 

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: avast! Antivirus [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

 

C:\ (%systemdrive%) -> Fixed drive # 391 Gb (335 Mb free - 86%) [] # NTFS

D:\ -> Fixed drive # 308 Gb (301 Mb free - 98%) [New Volume] # NTFS

E:\ -> CD-ROM

G:\ -> Removable drive # 964 Mb (134 Mb free - 14%) [JUSTINE] # FAT

 

################## | Listing |

 

[21/09/2012 - 08:27:07 | HD ]       C:\$AVG

[07/09/2013 - 11:24:52 | SHD ]      C:\$Recycle.Bin

[29/09/2013 - 16:31:10 | D ] C:\ad1a3159a2a27ee2623da543dc52

[11/06/2009 - 05:42:20 | A | 24]    C:\autoexec.bat

[06/10/2013 - 12:44:21 | SHD ]      C:\Config.Msi

[11/06/2009 - 05:42:20 | A | 10]    C:\config.sys

[14/07/2009 - 13:08:56 | SHD ]      C:\Documents and Settings

[29/09/2013 - 15:35:46 | D ] C:\ec16f391e63535c72d5fccc4fc

[29/09/2013 - 16:00:58 | D ] C:\f8972721e29f222398

[06/10/2013 - 13:05:34 | ASH | 1485017088]      C:\hiberfil.sys

[02/03/2012 - 12:41:10 | RHD ]      C:\MSOCache

[06/10/2013 - 13:05:34 | ASH | 1980022784]      C:\pagefile.sys

[14/07/2009 - 11:20:08 | D ] C:\PerfLogs

[07/08/2013 - 20:40:16 | RD ]       C:\Program Files

[05/10/2013 - 15:15:19 | RD ]       C:\Program Files (x86)

[05/10/2013 - 15:14:52 | HD ]       C:\ProgramData

[01/03/2013 - 12:35:25 | SHD ]      C:\Recovery

[06/10/2013 - 12:59:04 | SHD ]      C:\System Volume Information

[17/03/2012 - 17:35:03 | D ] C:\UDK

[06/10/2013 - 13:59:27 | D ] C:\UsbFix

[06/10/2013 - 13:58:43 | A | 5994] C:\UsbFix [Listing 1 ] ACER-PC.txt

[06/10/2013 - 13:59:27 | A | 2143] C:\UsbFix [Listing 2 ] ACER-PC.txt

[06/10/2013 - 13:23:28 | A | 7189] C:\UsbFix [Scan 1] ACER-PC.txt

[06/10/2013 - 13:55:22 | A | 11162]       C:\UsbFix [Scan 2] ACER-PC.txt

[28/05/2012 - 08:53:17 | A | 1539] C:\user.js

[30/09/2013 - 17:00:03 | RD ]       C:\Users

[05/10/2013 - 15:12:58 | D ] C:\Windows

[02/03/2013 - 04:00:49 | D ] C:\Windows.old

[01/03/2013 - 12:36:08 | SHD ]      D:\$RECYCLE.BIN

[06/10/2013 - 13:55:55 | RD ]       D:\Desktop

[06/01/2009 - 16:48:25 | D ] D:\DirectX

[05/10/2013 - 11:23:11 | RD ]       D:\Documents

[01/03/2013 - 11:56:42 | RD ]       D:\Downloads

[06/01/2009 - 16:48:26 | D ] D:\Support

[05/05/2012 - 07:08:26 | SHD ]      D:\System Volume Information

[06/01/2009 - 16:48:27 | D ] D:\Trailers

[21/03/2010 - 00:02:24 | SHD ]      G:\FOUND.000

[03/12/2012 - 07:03:56 | SHD ]      G:\FOUND.001

[09/08/2009 - 11:02:20 | SHD ]      G:\entertainment

[29/11/2009 - 16:24:48 | SHD ]      G:\Pics

[07/03/2010 - 07:49:30 | SHD ]      G:\New Folder

[20/03/2010 - 21:01:46 | SH | 1349018]    G:\P3198934.JPG

[20/03/2010 - 21:01:48 | SH | 1409585]    G:\P3198939.JPG

[20/03/2010 - 21:01:52 | SH | 1370406]    G:\P3198940.JPG

[20/03/2010 - 21:01:56 | SH | 1436726]    G:\P3198941.JPG

[20/03/2010 - 21:01:58 | SH | 1439404]    G:\P3198942.JPG

[20/03/2010 - 21:02:02 | SH | 1480523]    G:\P3198943.JPG

[20/03/2010 - 21:02:06 | SH | 1463577]    G:\P3198944.JPG

[20/03/2010 - 21:02:08 | SH | 1390477]    G:\P3198945.JPG

[20/03/2010 - 21:02:12 | SH | 1449472]    G:\P3198946.JPG

[20/03/2010 - 21:02:14 | SH | 1342947]    G:\P3198947.JPG

[20/03/2010 - 21:02:18 | SH | 1469397]    G:\P3198948.JPG

[20/03/2010 - 21:02:22 | SH | 1393419]    G:\P3198950.JPG

[20/03/2010 - 21:02:24 | SH | 1501849]    G:\P3198951.JPG

[20/03/2010 - 21:02:28 | SH | 1447800]    G:\P3198952.JPG

[20/03/2010 - 21:02:32 | SH | 1433328]    G:\P3198953.JPG

[20/03/2010 - 21:02:36 | SH | 1370536]    G:\P3198954.JPG

[20/03/2010 - 18:59:28 | SHD ]      G:\From Arnold

[25/05/2010 - 12:34:08 | SHD ]      G:\mix pix

[02/11/2010 - 07:44:50 | SHD ]      G:\New Folder (2)

[02/11/2010 - 07:42:40 | SH | 18498560]   G:\My Family.ppt

[25/04/2011 - 15:03:56 | SHD ]      G:\EASTER SUNDAY 2011

[23/06/2011 - 19:02:34 | SHD ]      G:\HOMEWORK

[23/06/2011 - 19:33:48 | SHD ]      G:\New Folder (3)

[31/01/2012 - 08:37:10 | SHD ]      G:\Maetus

[06/10/2013 - 13:52:50 | A | 744]   G:\P3198934.lnk

[06/10/2013 - 13:52:52 | A | 744]   G:\P3198939.lnk

[06/10/2013 - 13:52:52 | A | 744]   G:\P3198940.lnk

[06/10/2013 - 13:52:52 | A | 744]   G:\P3198941.lnk

[06/10/2013 - 13:52:52 | A | 744]   G:\P3198942.lnk

[06/10/2013 - 13:52:54 | A | 744]   G:\P3198943.lnk

[06/10/2013 - 13:52:54 | A | 744]   G:\P3198944.lnk

[06/10/2013 - 13:52:54 | A | 744]   G:\P3198945.lnk

[06/10/2013 - 13:52:54 | A | 744]   G:\P3198946.lnk

[06/10/2013 - 13:52:54 | A | 744]   G:\P3198947.lnk

[06/10/2013 - 13:52:56 | A | 744]   G:\P3198948.lnk

[06/10/2013 - 13:52:56 | A | 744]   G:\P3198950.lnk

[06/10/2013 - 13:52:56 | A | 744]   G:\P3198951.lnk

[06/10/2013 - 13:52:56 | A | 744]   G:\P3198952.lnk

[06/10/2013 - 13:52:56 | A | 744]   G:\P3198953.lnk

[06/10/2013 - 13:52:58 | A | 744]   G:\P3198954.lnk

[06/10/2013 - 13:52:58 | A | 1610] G:\My Family.lnk

[06/10/2013 - 13:52:58 | A | 754]   G:\FOUND.000.lnk

[06/10/2013 - 13:52:58 | A | 754]   G:\FOUND.001.lnk

[06/10/2013 - 13:52:58 | A | 762]   G:\entertainment.lnk

[06/10/2013 - 13:52:58 | A | 744]   G:\Pics.lnk

[06/10/2013 - 13:52:58 | A | 762]   G:\From Arnold.lnk

[06/10/2013 - 13:52:58 | A | 754]   G:\mix pix.lnk

[06/10/2013 - 13:52:58 | A | 780]   G:\EASTER SUNDAY 2011.lnk

[06/10/2013 - 13:52:58 | A | 752]   G:\HOMEWORK.lnk

[06/10/2013 - 13:52:58 | A | 748]   G:\Maetus.lnk

[06/10/2013 - 13:52:58 | A | 760]   G:\New Folder.lnk

[06/10/2013 - 13:52:58 | A | 772]   G:\New Folder (2).lnk

[06/10/2013 - 13:52:58 | A | 772]   G:\New Folder (3).lnk

[24/09/2013 - 05:50:24 | SH | 167773]     G:\kpcgrhynko..vbs

 

################## | E.O.F |



#7 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 06 October 2013 - 01:24 AM

I couldn't find the UsbFix.txt (Research Mode)  and the UsbFix.txt (Listing Mode)



#8 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 06 October 2013 - 01:40 AM

This is the FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Acer (administrator) on ACER-PC on 06-10-2013 14:37:44
Running from C:\Users\Acer\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Gemalto N.V.) C:\Users\Acer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Users\Acer\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
(Smartbar) C:\Users\Acer\AppData\Local\Smartbar\Application\SnapDo.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe
(Ldc) D:\Desktop\Stuff\USB Show.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Runonce: [] -  [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Acer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [AppsHat] - C:\Users\Acer\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKCU\...\Run: [kpcgrhynko] - C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs [167773 2013-09-24] ()
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Acer\AppData\Local\Smartbar\Application\SnapDo.exe [21024 2013-08-04] (Smartbar)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {011e01a8-fd56-11de-9609-206a8a545ca3} - F:\AutoRun.exe
MountPoints2: {011e01c5-fd56-11de-9609-206a8a545ca3} - F:\AutoRun.exe
MountPoints2: {6bc16ec9-822a-11e2-8dc2-bb2a102f98bc} - G:\fscommand\LS_Start_Launch.cmd
MountPoints2: {75832014-f26e-11e2-a715-206a8a545ca3} - F:\AutoRun.exe
MountPoints2: {8669ba21-d949-11e2-bb38-206a8a545ca3} - F:\AutoRun.exe
MountPoints2: {8bf264f5-fd38-11de-9eea-206a8a545ca3} - F:\.\StartModem.exe
MountPoints2: {ccf8a454-d881-11e2-8716-206a8a545ca3} - F:\AutoRun.exe
MountPoints2: {d6b4df92-21c3-11e3-8743-206a8a545ca3} - G:\Windows/AutoRun.exe
MountPoints2: {de23c1b0-26f0-11df-acae-206a8a545ca3} - F:\autorun.exe
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL    ,C:\Windows\system32\nvinitx.dll [21512 2013-08-20] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MOVIES~1\SAFETY~1\SAFETY~2.DLL   ,C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
IMEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\ois.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IMEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp&tc=12
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08D227116367CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://my.myplaycity.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\IE\searchresultsDx.dll ()
BHO-x32: OKitSpace - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Acer\AppData\Roaming\okitspace\IE\OKitSpace.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\IE\searchresultsDx.dll ()
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
 
FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q1s98pvv.default
FF user.js: detected! => C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q1s98pvv.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Acer\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Acer\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q1s98pvv.default\searchplugins\Web Search.xml
FF Extension: Movies Toolbar (Dist. by Somoto Ltd.) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q1s98pvv.default\Extensions\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
FF Extension: AppsHat - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q1s98pvv.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q1s98pvv.default\Extensions\{e26d661f-5f7b-a1bc-d399-0f8f8df89289}
FF Extension: irobinhood - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q1s98pvv.default\Extensions\irobinhood@irobinhood.org.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [OKitSpace@Vittalia.es] - C:\Users\Acer\AppData\Roaming\okitspace\Firefox
FF Extension: OKitSpace - C:\Users\Acer\AppData\Roaming\okitspace\Firefox
 
Chrome: 
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-105&v=n8883-117&t=4
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Acer\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Puk-Puk) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngkcldnnppckgbmndaccoffaikjbemc\3_0
CHR Extension: (Google Search) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FVD Video Downloader) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.4.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaimdcedbpbcjjbbnfcbbjcngmomic] - C:\Users\Acer\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [iidmoehhpbghchkaogkhmcckhlhebekn] - C:\Program Files (x86)\iRobinHood\iRobinHood Addon\iRobinHoodPartnersVExtension1_52.crx
CHR HKLM-x32\...\Chrome\Extension: [mggiecmcgkpfmegnobeimepgndgdhbjm] - C:\Users\Acer\AppData\Roaming\okitspace\Chrome\OKitSpace.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 Globe Tattoo Broadband. RunOuc; C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 SafetyNutManager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3394056 2013-08-20] (SafetyNut Inc.)
S4 Smart Bro. RunOuc; C:\Program Files (x86)\Smart Bro\UpdateDog\ouc.exe [246112 2010-01-10] ()
R2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [32256 2013-09-26] ()
S4 Sun_Philippines Wave Modem Device Helper; C:\Program Files (x86)\Sun Broadband Wireless\BackgroundService\ServiceManager.exe [49752 2011-06-20] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-09-09] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-04-04] (AVG Technologies)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [242688 2012-12-22] (Huawei Technologies Co., Ltd.)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2013-07-02] (Research In Motion Limited)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-06 14:37 - 2013-10-06 14:37 - 00000000 ____D C:\FRST
2013-10-06 14:23 - 2013-10-06 14:30 - 01954124 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-10-06 14:00 - 2013-10-06 14:11 - 00010062 _____ C:\UsbFix [Scan 3] ACER-PC.txt
2013-10-06 13:59 - 2013-10-06 13:59 - 00006066 _____ C:\UsbFix [Listing 2 ] ACER-PC.txt
2013-10-06 13:59 - 2013-10-06 13:59 - 00000162 ____H C:\~$bFix [Listing 2 ] ACER-PC.txt
2013-10-06 13:58 - 2013-10-06 13:58 - 00005994 _____ C:\UsbFix [Listing 1 ] ACER-PC.txt
2013-10-06 13:43 - 2013-10-06 13:55 - 00011162 _____ C:\UsbFix [Scan 2] ACER-PC.txt
2013-10-06 13:23 - 2013-10-06 13:23 - 00007189 _____ C:\UsbFix [Scan 1] ACER-PC.txt
2013-10-06 13:18 - 2013-10-06 14:10 - 00000000 ____D C:\UsbFix
2013-10-06 13:17 - 2013-10-06 13:18 - 01540115 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Acer\Downloads\UsbFix.exe
2013-10-06 12:10 - 2013-10-06 12:11 - 00655360 _____ C:\Users\Acer\Downloads\MicrosoftFixit50471.msi
2013-10-05 15:19 - 2013-09-09 21:29 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-10-05 15:19 - 2013-09-09 21:29 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-10-05 15:16 - 2013-09-09 21:29 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2013-10-05 15:16 - 2013-09-09 21:29 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-10-05 15:16 - 2013-09-09 21:29 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-10-05 15:15 - 2013-10-05 15:19 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2013-10-05 15:15 - 2013-10-05 15:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\TuneUp Software
2013-10-05 15:14 - 2013-10-05 15:20 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-05 14:57 - 2013-10-05 14:57 - 00003310 _____ C:\Windows\System32\Tasks\{0DBCCEA2-9BD2-41CA-A7B9-D497F7F8A590}
2013-10-05 14:39 - 2013-10-05 15:27 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-05 14:28 - 2013-10-05 14:38 - 32773544 _____ (TuneUp Software) C:\Users\Acer\Downloads\TuneUpUtilities2014_en-US.exe
2013-10-05 11:39 - 2013-10-05 11:39 - 00003030 _____ C:\Windows\System32\Tasks\{768F53E2-8199-4737-9240-7235EFDE9B30}
2013-10-05 11:11 - 2013-10-05 11:11 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-05 10:55 - 2013-10-05 14:51 - 00002651 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-10-05 10:52 - 2013-10-05 10:54 - 00000000 ____D C:\Users\Acer\AppData\Local\Smartbar
2013-10-05 10:44 - 2013-10-05 14:55 - 00000000 ____D C:\Program Files (x86)\iRobinHood
2013-10-05 10:44 - 2013-10-05 10:45 - 00000000 ____D C:\Users\Acer\AppData\Roaming\okitspace
2013-10-05 10:44 - 2013-10-05 10:44 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-10-05 10:41 - 2013-10-05 10:42 - 04088904 _____ C:\Users\Acer\Downloads\installer_warcraft_iii_reign_of_chaos_1_0_2_110__English.exe
2013-10-05 09:53 - 2013-09-24 05:50 - 00167773 ___SH C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs
2013-10-03 22:14 - 2013-10-03 22:14 - 01983549 _____ C:\Users\Acer\Downloads\Aralin 28- Que powerpoint.pptx
2013-10-03 18:03 - 2013-10-03 18:04 - 00939295 _____ C:\Users\Acer\Downloads\UNANG YUGTO SA NG IMPERYALISMONG KANLURANIN.pptx
2013-10-03 17:36 - 2013-10-03 17:36 - 00501498 _____ C:\Users\Acer\Downloads\MGA SALIK SA PAGLAKAS NG EUROPE(ARALIN 21-GRAJO).pptx
2013-10-01 20:25 - 2013-10-01 20:28 - 00275659 _____ C:\Users\Acer\Downloads\Intaglio.pptx
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____D C:\Windows\system32\NV
2013-09-30 17:00 - 2013-09-30 18:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-30 17:00 - 2013-09-30 17:00 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-09-30 17:00 - 2009-07-14 12:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-30 17:00 - 2009-07-14 12:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-30 09:20 - 2012-10-03 03:51 - 06200680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-30 09:20 - 2012-10-03 03:51 - 03536817 _____ C:\Windows\system32\nvcoproc.bin
2013-09-30 09:20 - 2012-10-03 03:51 - 03293544 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-30 09:20 - 2012-10-03 03:50 - 02557800 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-30 09:20 - 2012-10-03 03:50 - 00891240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-30 09:20 - 2012-10-03 03:50 - 00866664 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2013-09-30 09:20 - 2012-10-03 03:50 - 00118120 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-30 09:20 - 2012-10-03 03:50 - 00063336 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-30 09:20 - 2012-10-03 03:50 - 00055144 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2013-09-29 18:37 - 2013-08-07 04:22 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-09-29 18:13 - 2011-11-19 23:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-09-29 18:13 - 2011-11-19 22:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-09-29 17:00 - 2013-09-29 17:00 - 00000000 ____D C:\Windows\en
2013-09-29 16:58 - 2013-09-29 16:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-29 16:55 - 2013-09-29 16:55 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-29 16:31 - 2013-09-29 16:31 - 00000000 ____D C:\ad1a3159a2a27ee2623da543dc52
2013-09-29 16:26 - 2012-06-03 06:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-29 16:26 - 2012-06-03 06:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-29 16:26 - 2012-06-03 06:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-29 16:26 - 2012-06-03 06:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-29 16:25 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-29 16:25 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-29 16:00 - 2013-09-29 16:00 - 00000000 ____D C:\f8972721e29f222398
2013-09-29 15:57 - 2013-09-29 16:58 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-09-29 15:56 - 2013-09-29 16:53 - 00000554 _____ C:\Windows\DirectX.log
2013-09-29 15:56 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-09-29 15:56 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-09-29 15:56 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-09-29 15:56 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-09-29 15:56 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-09-29 15:56 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-09-29 15:56 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-09-29 15:56 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-09-29 15:56 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-09-29 15:56 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-09-29 15:56 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-09-29 15:56 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-09-29 15:39 - 2009-11-26 03:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2013-09-29 15:39 - 2009-11-26 03:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2013-09-29 15:39 - 2009-11-26 03:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2013-09-29 15:39 - 2009-11-26 03:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2013-09-29 15:39 - 2009-11-26 03:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-09-29 15:39 - 2009-11-26 03:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-09-29 15:39 - 2009-11-26 03:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2013-09-29 15:39 - 2009-11-26 03:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2013-09-29 15:39 - 2009-11-26 03:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2013-09-29 15:39 - 2009-11-26 03:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2013-09-29 15:35 - 2013-09-29 15:35 - 00000000 ____D C:\ec16f391e63535c72d5fccc4fc
2013-09-29 15:35 - 2010-08-11 13:19 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2013-09-29 15:35 - 2010-08-11 13:13 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2013-09-29 15:35 - 2010-08-11 12:44 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2013-09-29 15:35 - 2010-08-11 12:35 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2013-09-29 15:34 - 2010-05-23 18:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-29 15:34 - 2010-05-23 18:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2013-09-29 15:34 - 2010-05-23 18:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-09-29 15:34 - 2010-05-23 16:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-29 15:34 - 2010-05-23 16:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2013-09-29 15:34 - 2010-05-23 16:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-09-29 15:34 - 2010-05-23 16:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2013-09-29 15:31 - 2013-10-01 19:43 - 00000000 ____D C:\Users\Acer\AppData\Local\Windows Live
2013-09-29 15:28 - 2013-09-29 15:28 - 01239536 _____ (Microsoft Corporation) C:\Users\Acer\Downloads\wlsetup-web.exe
2013-09-29 08:55 - 2013-09-29 08:59 - 14047491 _____ C:\Users\Acer\Downloads\https---www.facebook.com-photo.php-v=3452144159869.mp4
2013-09-26 18:55 - 2013-09-26 18:55 - 00000000 ____D C:\Users\Acer\AppData\Local\WebPlayer
2013-09-26 18:55 - 2013-09-26 18:55 - 00000000 ____D C:\Users\Acer\AppData\Local\Minibar
2013-09-26 18:55 - 2013-09-26 18:55 - 00000000 ____D C:\Program Files (x86)\Minibar
2013-09-26 18:54 - 2013-09-26 18:54 - 00000000 ____D C:\Users\Acer\AppData\Local\somotomoviestoolbar1
2013-09-26 18:54 - 2013-09-26 18:54 - 00000000 ____D C:\ProgramData\Wincert
2013-09-26 18:52 - 2013-10-06 12:26 - 00000000 ____D C:\ProgramData\SafetyNut
2013-09-26 18:52 - 2013-09-26 18:52 - 00000000 ____D C:\Program Files (x86)\Movies Toolbar
2013-09-20 15:23 - 2011-03-26 10:37 - 00151040 _____ (ZTE Corporation) C:\Windows\system32\Drivers\ZTEusbnet.sys
2013-09-20 15:23 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2013-09-20 15:23 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2013-09-20 15:23 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2013-09-20 15:22 - 2013-09-20 15:23 - 00000000 ____D C:\Program Files (x86)\PLDT Weroam PLUS
2013-09-20 15:22 - 2013-09-20 15:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-20 15:22 - 2013-09-20 15:22 - 00000000 ____D C:\Windows\SysWOW64\SupportAppXL
2013-09-20 10:05 - 2013-09-20 10:05 - 00003584 _____ C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-19 21:16 - 2013-09-19 21:29 - 10306800 _____ C:\Users\Acer\Downloads\Energy 101- Natural Gas Power Plants [LoudTronix.me].mp4
2013-09-18 21:01 - 2013-09-18 21:02 - 04646608 _____ C:\Users\Acer\Downloads\Protein Structure Song (Biology Presentation) - Lazy Song Bruno Mars [LoudTronix.me].mp4
2013-09-16 20:26 - 2013-09-16 20:26 - 00000110 _____ C:\Users\Acer\Downloads\1atom.pdb
2013-09-14 05:34 - 2013-10-05 16:26 - 00002924 _____ C:\Windows\PFRO.log
 
==================== One Month Modified Files and Folders =======
 
2013-10-06 14:37 - 2013-10-06 14:37 - 00000000 ____D C:\FRST
2013-10-06 14:30 - 2013-10-06 14:23 - 01954124 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-10-06 14:19 - 2013-03-01 12:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 14:11 - 2013-10-06 14:00 - 00010062 _____ C:\UsbFix [Scan 3] ACER-PC.txt
2013-10-06 14:10 - 2013-10-06 13:18 - 00000000 ____D C:\UsbFix
2013-10-06 14:04 - 2010-01-10 04:49 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000UA.job
2013-10-06 13:59 - 2013-10-06 13:59 - 00006066 _____ C:\UsbFix [Listing 2 ] ACER-PC.txt
2013-10-06 13:59 - 2013-10-06 13:59 - 00000162 ____H C:\~$bFix [Listing 2 ] ACER-PC.txt
2013-10-06 13:58 - 2013-10-06 13:58 - 00005994 _____ C:\UsbFix [Listing 1 ] ACER-PC.txt
2013-10-06 13:55 - 2013-10-06 13:43 - 00011162 _____ C:\UsbFix [Scan 2] ACER-PC.txt
2013-10-06 13:27 - 2009-07-14 13:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-06 13:23 - 2013-10-06 13:23 - 00007189 _____ C:\UsbFix [Scan 1] ACER-PC.txt
2013-10-06 13:18 - 2013-10-06 13:17 - 01540115 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Acer\Downloads\UsbFix.exe
2013-10-06 13:13 - 2009-07-14 12:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 13:13 - 2009-07-14 12:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 13:05 - 2013-09-02 07:16 - 00014492 _____ C:\Windows\setupact.log
2013-10-06 13:05 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 12:27 - 2013-07-04 20:42 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-06 12:27 - 2013-03-02 21:47 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000UA.job
2013-10-06 12:27 - 2013-03-02 21:47 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000Core.job
2013-10-06 12:26 - 2013-09-26 18:52 - 00000000 ____D C:\ProgramData\SafetyNut
2013-10-06 12:21 - 2013-03-01 13:16 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2013-10-06 12:11 - 2013-10-06 12:10 - 00655360 _____ C:\Users\Acer\Downloads\MicrosoftFixit50471.msi
2013-10-06 10:04 - 2010-01-10 04:49 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000Core.job
2013-10-06 05:42 - 2013-03-02 21:47 - 00003910 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000UA
2013-10-06 05:42 - 2013-03-02 21:47 - 00003542 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000Core
2013-10-05 16:26 - 2013-09-14 05:34 - 00002924 _____ C:\Windows\PFRO.log
2013-10-05 15:57 - 2013-05-23 05:46 - 00000000 ____D C:\Users\Acer\AppData\Roaming\.minecraft
2013-10-05 15:42 - 2013-07-20 06:09 - 00763291 _____ (TeamExtreme) C:\Users\Acer\Downloads\Minecraft.jar
2013-10-05 15:28 - 2013-09-01 13:11 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2013-10-05 15:27 - 2013-10-05 14:39 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-05 15:27 - 2013-09-01 12:52 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-05 15:27 - 2013-03-01 13:02 - 00000000 ____D C:\Users\Acer\AppData\Local\Microsoft Help
2013-10-05 15:20 - 2013-10-05 15:14 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-05 15:19 - 2013-10-05 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2013-10-05 15:15 - 2013-10-05 15:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\TuneUp Software
2013-10-05 14:57 - 2013-10-05 14:57 - 00003310 _____ C:\Windows\System32\Tasks\{0DBCCEA2-9BD2-41CA-A7B9-D497F7F8A590}
2013-10-05 14:55 - 2013-10-05 10:44 - 00000000 ____D C:\Program Files (x86)\iRobinHood
2013-10-05 14:51 - 2013-10-05 10:55 - 00002651 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-10-05 14:45 - 2013-03-01 12:50 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-05 14:38 - 2013-10-05 14:28 - 32773544 _____ (TuneUp Software) C:\Users\Acer\Downloads\TuneUpUtilities2014_en-US.exe
2013-10-05 11:39 - 2013-10-05 11:39 - 00003030 _____ C:\Windows\System32\Tasks\{768F53E2-8199-4737-9240-7235EFDE9B30}
2013-10-05 11:11 - 2013-10-05 11:11 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-05 10:54 - 2013-10-05 10:52 - 00000000 ____D C:\Users\Acer\AppData\Local\Smartbar
2013-10-05 10:45 - 2013-10-05 10:44 - 00000000 ____D C:\Users\Acer\AppData\Roaming\okitspace
2013-10-05 10:44 - 2013-10-05 10:44 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-10-05 10:42 - 2013-10-05 10:41 - 04088904 _____ C:\Users\Acer\Downloads\installer_warcraft_iii_reign_of_chaos_1_0_2_110__English.exe
2013-10-05 09:53 - 2013-03-01 12:36 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-03 22:14 - 2013-10-03 22:14 - 01983549 _____ C:\Users\Acer\Downloads\Aralin 28- Que powerpoint.pptx
2013-10-03 18:04 - 2013-10-03 18:03 - 00939295 _____ C:\Users\Acer\Downloads\UNANG YUGTO SA NG IMPERYALISMONG KANLURANIN.pptx
2013-10-03 17:36 - 2013-10-03 17:36 - 00501498 _____ C:\Users\Acer\Downloads\MGA SALIK SA PAGLAKAS NG EUROPE(ARALIN 21-GRAJO).pptx
2013-10-01 20:28 - 2013-10-01 20:25 - 00275659 _____ C:\Users\Acer\Downloads\Intaglio.pptx
2013-10-01 19:43 - 2013-09-29 15:31 - 00000000 ____D C:\Users\Acer\AppData\Local\Windows Live
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____D C:\Windows\system32\NV
2013-09-30 18:08 - 2013-09-30 17:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-30 17:00 - 2013-09-30 17:00 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-09-30 17:00 - 2013-03-01 12:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-30 17:00 - 2013-03-01 12:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-30 09:20 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Help
2013-09-29 17:00 - 2013-09-29 17:00 - 00000000 ____D C:\Windows\en
2013-09-29 16:58 - 2013-09-29 16:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-29 16:58 - 2013-09-29 15:57 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-09-29 16:55 - 2013-09-29 16:55 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-29 16:55 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-29 16:53 - 2013-09-29 15:56 - 00000554 _____ C:\Windows\DirectX.log
2013-09-29 16:31 - 2013-09-29 16:31 - 00000000 ____D C:\ad1a3159a2a27ee2623da543dc52
2013-09-29 16:00 - 2013-09-29 16:00 - 00000000 ____D C:\f8972721e29f222398
2013-09-29 15:35 - 2013-09-29 15:35 - 00000000 ____D C:\ec16f391e63535c72d5fccc4fc
2013-09-29 15:28 - 2013-09-29 15:28 - 01239536 _____ (Microsoft Corporation) C:\Users\Acer\Downloads\wlsetup-web.exe
2013-09-29 08:59 - 2013-09-29 08:55 - 14047491 _____ C:\Users\Acer\Downloads\https---www.facebook.com-photo.php-v=3452144159869.mp4
2013-09-28 17:09 - 2009-07-14 13:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-26 18:55 - 2013-09-26 18:55 - 00000000 ____D C:\Users\Acer\AppData\Local\WebPlayer
2013-09-26 18:55 - 2013-09-26 18:55 - 00000000 ____D C:\Users\Acer\AppData\Local\Minibar
2013-09-26 18:55 - 2013-09-26 18:55 - 00000000 ____D C:\Program Files (x86)\Minibar
2013-09-26 18:54 - 2013-09-26 18:54 - 00000000 ____D C:\Users\Acer\AppData\Local\somotomoviestoolbar1
2013-09-26 18:54 - 2013-09-26 18:54 - 00000000 ____D C:\ProgramData\Wincert
2013-09-26 18:52 - 2013-09-26 18:52 - 00000000 ____D C:\Program Files (x86)\Movies Toolbar
2013-09-24 05:50 - 2013-10-05 09:53 - 00167773 ___SH C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs
2013-09-20 17:58 - 2010-03-04 03:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-20 15:25 - 2013-04-13 17:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-20 15:23 - 2013-09-20 15:22 - 00000000 ____D C:\Program Files (x86)\PLDT Weroam PLUS
2013-09-20 15:22 - 2013-09-20 15:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-20 15:22 - 2013-09-20 15:22 - 00000000 ____D C:\Windows\SysWOW64\SupportAppXL
2013-09-20 10:05 - 2013-09-20 10:05 - 00003584 _____ C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-19 21:29 - 2013-09-19 21:16 - 10306800 _____ C:\Users\Acer\Downloads\Energy 101- Natural Gas Power Plants [LoudTronix.me].mp4
2013-09-18 21:02 - 2013-09-18 21:01 - 04646608 _____ C:\Users\Acer\Downloads\Protein Structure Song (Biology Presentation) - Lazy Song Bruno Mars [LoudTronix.me].mp4
2013-09-18 19:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-16 20:26 - 2013-09-16 20:26 - 00000110 _____ C:\Users\Acer\Downloads\1atom.pdb
2013-09-09 21:29 - 2013-10-05 15:19 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-09-09 21:29 - 2013-10-05 15:19 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2013-09-09 21:29 - 2013-10-05 15:16 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2013-09-09 21:29 - 2013-10-05 15:16 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-09-09 21:29 - 2013-10-05 15:16 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
 
Files to move or delete:
====================
C:\Users\Acer\loop.bat
 
 
Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Acer\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\Acer\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\Acer\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Acer\AppData\Local\Temp\instloffer.exe
C:\Users\Acer\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Acer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Acer\AppData\Local\Temp\UpdateCheckerSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-18 00:20
 
==================== End Of Log ============================


#9 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 06 October 2013 - 01:42 AM

This is the addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013

Ran by Acer at 2013-10-06 14:38:55
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
AppsHat Mobile Apps (HKCU Version: 1.0.0.0)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4020.3)
BlackBerry App World Browser Plugin (x32 Version: 3.1.3.6)
BlackBerry World Browser Plugin (x32 Version: 4.4.1.5)
D3DX10 (x32 Version: 15.4.2368.0902)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Foxit Reader (x32 Version: 5.0.2.718)
Globe Tattoo Broadband (x32 Version: 23.009.11.01.158)
Google Chrome (HKCU Version: 29.0.1547.76)
Intel® Processor Graphics (x32 Version: 8.15.10.2401)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
K-Lite Codec Pack 7.5.0 (Full) (x32 Version: 7.5.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Movie Maker (x32 Version: 16.4.3508.0205)
Movies Toolbar for Chrome (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0)
Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0)
Movies Toolbar for Internet Explorer (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Photo Gallery (x32 Version: 16.4.3508.0205)
PLDT Weroam PLUS (x32 Version: 1.0.0.1)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6343)
SanDiskSecureAccess_Manager.exe (HKCU Version: 1.1.19755)
Skype™ 6.3 (x32 Version: 6.3.105)
Smart Bro (x32 Version: 22.001.18.18.238)
Snap.Do (x32 Version: 1.96.1.11688)
SoftwareUpdater (x32)
Sun Broadband Wireless (x32)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.110)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.110)
Unity Web Player (HKCU Version: )
UsbFix By El Desaparecido (x32)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
WinZip 17.5 (Version: 17.5.10480)
Yahoo! Messenger (x32)
 
==================== Restore Points  =========================
 
29-09-2013 08:00:45 Windows Live Essentials
29-09-2013 08:24:03 Windows Update
29-09-2013 08:30:41 Windows Live Essentials
29-09-2013 08:50:51 Installed DirectX
29-09-2013 08:53:20 Installed DirectX
29-09-2013 08:54:05 Installed DirectX
29-09-2013 08:55:09 WLSetup
29-09-2013 10:35:19 Windows Update
29-09-2013 21:37:28 Windows Update
30-09-2013 01:15:04 Windows Update
05-10-2013 02:55:53 Uniblue DriverScanner installation
05-10-2013 04:38:42 Removed AVG PC TuneUp
05-10-2013 04:40:51 Removed AVG PC TuneUp
05-10-2013 06:40:28 Removed AVG PC TuneUp
05-10-2013 06:43:18 Removed AVG PC TuneUp
05-10-2013 07:13:12 Removed AVG PC TuneUp
05-10-2013 07:14:57 Installed TuneUp Utilities 2014
06-10-2013 04:11:40 Installed Microsoft Fix it 50471
06-10-2013 04:37:42 Installed Microsoft Fix it 50471
06-10-2013 04:44:08 Installed Microsoft Fix it 50471
06-10-2013 04:58:54 Windows Backup
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2249484B-9DA6-4E15-8925-27D15CB2B9A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000UA => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-10] (Google Inc.)
Task: {2A2B46FF-FCE4-485E-B579-47CF5A79BAA7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {335F31C4-655A-40CA-BE79-EC2B9DCD82D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {372E52D0-7B04-4B64-897B-0ECE89E4D429} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000UA => C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-02] (Facebook Inc.)
Task: {3E4EBDAA-5075-4F37-94E8-17625D415DDD} - System32\Tasks\Google Updater and Installer => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-10] (Google Inc.)
Task: {442E3B6F-CE8D-496F-BE42-DCA34223AC19} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-05] (Adobe Systems Incorporated)
Task: {7CD15B36-E948-4BBC-93EA-D094AD7CD7BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23] (Adobe Systems Incorporated)
Task: {AC160F03-3E9A-45AC-A3FF-EAB3A29BF393} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000Core => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-10] (Google Inc.)
Task: {D9ADA4A5-3036-490B-B3EB-8711F2E992A4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000Core => C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-02] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000Core.job => C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000UA.job => C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000Core.job => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3609343803-1789047090-3455872377-1000UA.job => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-26 18:53 - 2013-08-20 23:42 - 00647688 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll
2013-03-01 12:47 - 2011-05-22 01:32 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-26 18:53 - 2013-08-20 23:42 - 00476680 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll
2013-10-06 05:33 - 2013-10-05 23:49 - 02104832 _____ () C:\Program Files\Alwil Software\Avast5\defs\13100501\algo.dll
2013-07-02 11:41 - 2009-01-11 02:32 - 00011362 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\mingwm10.dll
2013-07-02 11:41 - 2009-06-23 10:42 - 00043008 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2013-07-02 11:41 - 2012-10-31 17:11 - 02417152 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtCore4.dll
2013-07-02 11:41 - 2012-10-31 17:14 - 01148416 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtNetwork4.dll
2013-07-02 11:41 - 2012-11-12 11:48 - 00843264 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QueryStrategy.dll
2013-07-02 11:41 - 2012-10-31 17:11 - 00398336 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtXml4.dll
2012-02-15 07:05 - 2012-02-15 07:37 - 11796096 _____ () C:\Users\Acer\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00032800 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00056352 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00150560 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00112672 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 01767456 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00078880 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00013344 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00726048 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00081952 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00014368 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00016928 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-08-04 17:40 - 2013-08-04 17:40 - 00020512 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
2013-08-04 17:40 - 2013-08-04 17:40 - 00026144 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00057888 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00014880 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00052256 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00014368 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
2013-08-04 17:38 - 2013-08-04 17:38 - 00048160 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-08-04 17:40 - 2013-08-04 17:40 - 00026144 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00194080 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll
2013-08-04 17:38 - 2013-08-04 17:38 - 00068640 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2013-08-04 17:39 - 2013-08-04 17:39 - 00246304 _____ () C:\Users\Acer\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
2013-09-26 18:53 - 2013-08-20 23:42 - 00017416 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll
2013-08-31 11:17 - 2013-08-25 01:49 - 00709584 _____ () C:\Users\Acer\AppData\Local\Google\Chrome\Application\29.0.1547.62\libglesv2.dll
2013-08-31 11:17 - 2013-08-25 01:49 - 00099792 _____ () C:\Users\Acer\AppData\Local\Google\Chrome\Application\29.0.1547.62\libegl.dll
2013-08-31 11:17 - 2013-08-25 01:49 - 04053456 _____ () C:\Users\Acer\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll
2013-08-31 11:17 - 2013-08-25 01:49 - 00410576 _____ () C:\Users\Acer\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
2013-08-31 11:17 - 2013-08-25 01:48 - 01604560 _____ () C:\Users\Acer\AppData\Local\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/06/2013 01:25:22 PM) (Source: Application Hang) (User: )
Description: The program Go.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ff0
 
Start Time: 01cec25388cc1c9e
 
Termination Time: 5
 
Application Path: C:\UsbFix\Go.exe
 
Report Id:
 
Error: (10/05/2013 02:09:01 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 6.3.0.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8d8
 
Start Time: 01cec14dc61f97f2
 
Termination Time: 4674
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id:
 
Error: (10/05/2013 00:35:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (10/05/2013 00:35:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (10/05/2013 11:55:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (10/05/2013 11:55:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (10/05/2013 10:52:38 AM) (Source: MsiInstaller) (User: Acer-PC)
Description: Product: Snap.Do -- Error 1704. An installation for Microsoft Office Shared MUI (English) 2007 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (10/05/2013 10:39:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (10/05/2013 10:39:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (10/05/2013 10:29:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
 
System errors:
=============
Error: (10/06/2013 02:38:24 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (10/06/2013 02:38:24 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (10/06/2013 02:16:25 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (10/06/2013 02:09:23 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (10/06/2013 02:01:28 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (10/06/2013 02:01:28 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (10/06/2013 01:53:37 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (10/06/2013 01:44:34 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (10/06/2013 01:44:34 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (10/06/2013 01:24:16 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
 
Microsoft Office Sessions:
=========================
Error: (10/03/2013 11:08:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1736 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error: (10/03/2013 10:39:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1492 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (09/22/2013 07:45:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6714 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (08/06/2013 09:00:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1893 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (07/21/2013 07:41:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 274 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2013 01:38:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13552 seconds with 300 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 79%
Total physical RAM: 1888.3 MB
Available physical RAM: 378.91 MB
Total Pagefile: 3776.59 MB
Available Pagefile: 1564.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:390.53 GB) (Free:334.5 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:308.01 GB) (Free:300.95 GB) NTFS
Drive g: (JUSTINE) (Removable) (Total:0.94 GB) (Free:0.13 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 52A08821)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=391 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=308 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=964 MB) - (Type=06)
 
==================== End Of Log ============================


#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,221 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 06 October 2013 - 03:10 AM

Apparently, the USBfix Research results are found here (called Scan):

 

C:\UsbFix [Scan 1] ACER-PC.txt

 

and here:

 

C:\UsbFix [Scan 2] ACER-PC.txt

 

Please go to Start, and in the Search option right above the Start button, copy/paste the following entry:

C:\UsbFix [Scan *] ACER-PC.txt

 

That should show on a list above the Search option.

 

Just click on the report to open it, then copy it, and post it in your reply.

 

 

Thanks!


To do is to be - Socrates

#11 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 06 October 2013 - 04:19 AM

Do you mean this one? 

############################## | UsbFix V 7.143 | [Research]

 

User: Acer (Administrator) # ACER-PC

Updated 05/10/2013 by El Desaparecido - Team SosVirus

Started at 13:23:24 | 06/10/2013

 

Website: http://www.usbfix.net/

Forum : http://www.sosvirus.net/

Upload Malware: http://www.sosvirus.net/upload_malware.php

Contact: http://www.usbfix.net/contact/

 

PC: Acer (Aspire 4755)

CPU: Intel® Core™ i5-2430M CPU @ 2.40GHz

RAM -> [Total : 1888 | Free : 368]

Bios: Phoenix Technologies Ltd.

Boot: Normal boot

 

OS: Microsoft Windows 7 Ultimate  (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 8.0.7600.16385

 

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: avast! Antivirus [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

 

C:\ (%systemdrive%) -> Fixed drive # 391 Gb (335 Mb free - 86%) [] # NTFS

D:\ -> Fixed drive # 308 Gb (302 Mb free - 98%) [New Volume] # NTFS

E:\ -> CD-ROM

G:\ -> Removable drive # 964 Mb (134 Mb free - 14%) [JUSTINE] # FAT

 

################## | Active Processes |

 

C:\Windows\system32\csrss.exe (ID 560 |ParentID 548)

C:\Windows\system32\wininit.exe (ID 684 |ParentID 548)

C:\Windows\system32\csrss.exe (ID 708 |ParentID 692)

C:\Windows\system32\services.exe (ID 756 |ParentID 684)

C:\Windows\system32\lsass.exe (ID 772 |ParentID 684)

C:\Windows\system32\lsm.exe (ID 780 |ParentID 684)

C:\Windows\system32\svchost.exe (ID 904 |ParentID 756)

C:\Windows\system32\nvvsvc.exe (ID 984 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 120 |ParentID 756)

C:\Windows\system32\winlogon.exe (ID 568 |ParentID 692)

C:\Windows\System32\svchost.exe (ID 572 |ParentID 756)

C:\Windows\System32\svchost.exe (ID 552 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 540 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 1092 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 1212 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 1344 |ParentID 756)

C:\Windows\system32\WLANExt.exe (ID 1376 |ParentID 552)

C:\Windows\system32\conhost.exe (ID 1388 |ParentID 560)

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID 1448 |ParentID 756)

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1492 |ParentID 984)

C:\Windows\system32\nvvsvc.exe (ID 1504 |ParentID 984)

C:\Windows\System32\spoolsv.exe (ID 1768 |ParentID 756)

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1920 |ParentID 756)

C:\Windows\system32\taskhost.exe (ID 1968 |ParentID 756)

C:\Windows\system32\Dwm.exe (ID 1524 |ParentID 552)

C:\Windows\Explorer.EXE (ID 1788 |ParentID 1396)

C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe (ID 1892 |ParentID 2032)

C:\ProgramData\DatacardService\HWDeviceService64.exe (ID 2060 |ParentID 756)

C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe (ID 2124 |ParentID 756)

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID 2176 |ParentID 1788)

C:\Windows\System32\igfxtray.exe (ID 2184 |ParentID 1788)

C:\Windows\System32\hkcmd.exe (ID 2208 |ParentID 1788)

C:\Windows\System32\igfxpers.exe (ID 2228 |ParentID 1788)

C:\Users\Acer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (ID 2296 |ParentID 1788)

C:\Windows\System32\StikyNot.exe (ID 2368 |ParentID 1788)

C:\Users\Acer\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (ID 2400 |ParentID 1788)

C:\Windows\System32\wscript.exe (ID 2436 |ParentID 1788)

C:\Users\Acer\AppData\Local\Smartbar\Application\SnapDo.exe (ID 2496 |ParentID 1788)

C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID 2716 |ParentID 2516)

C:\ProgramData\DatacardService\DCSHelper.exe (ID 2816 |ParentID 2060)

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID 2708 |ParentID 1492)

C:\Windows\system32\svchost.exe (ID 1412 |ParentID 756)

C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (ID 1564 |ParentID 756)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2680 |ParentID 756)

C:\Windows\system32\wbem\wmiprvse.exe (ID 2636 |ParentID 904)

C:\Windows\system32\SearchIndexer.exe (ID 3084 |ParentID 756)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3108 |ParentID 2680)

C:\Windows\system32\svchost.exe (ID 3184 |ParentID 756)

C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3564 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 4040 |ParentID 756)

C:\Windows\System32\svchost.exe (ID 3884 |ParentID 756)

C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (ID 3580 |ParentID 1564)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 4852 |ParentID 1788)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 4932 |ParentID 4852)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 1516 |ParentID 4852)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 4396 |ParentID 4852)

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (ID 4716 |ParentID 756)

C:\Windows\System32\svchost.exe (ID 3296 |ParentID 756)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 832 |ParentID 4852)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 3168 |ParentID 4852)

C:\UsbFix\Go.exe (ID 4080 |ParentID 2260)

C:\Windows\system32\taskeng.exe (ID 3952 |ParentID 540)

C:\Windows\system32\WUDFHost.exe (ID 1364 |ParentID 552)

C:\Windows\system32\taskeng.exe (ID 4700 |ParentID 540)

 

################## | Regedit Run |

 

HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

HKLM\SOFTWARE\wow6432Node | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

HKLM\SOFTWARE | RunOnce : [] -

HKLM\SOFTWARE\wow6432Node | RunOnce : [] -

HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [SanDiskSecureAccess_Manager.exe] - C:\Users\Acer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [AppsHat] - C:\Users\Acer\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [kpcgrhynko] - wscript.exe //B "C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs"

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\Acer\AppData\Local\Smartbar\Application\SnapDo.exe startup

HKU\S-1-5-21-3609343803-1789047090-3455872377-1236\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1236\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

 

################## | Files # Infected Folders |



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,221 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 06 October 2013 - 10:50 AM

Yes, that is the one, however, not all of it copied. It is cut off at:

 

################## | Files # Infected Folders |

 

Need the info that goes below that.

 

Thanks!


To do is to be - Socrates

#13 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 07 October 2013 - 06:18 AM

Is it this one?

############################## | UsbFix V 7.143 | [Research]

 

User: Acer (Administrator) # ACER-PC

Updated 05/10/2013 by El Desaparecido - Team SosVirus

Started at 13:43:56 | 06/10/2013

 

Website: http://www.usbfix.net/

Forum : http://www.sosvirus.net/

Upload Malware: http://www.sosvirus.net/upload_malware.php

Contact: http://www.usbfix.net/contact/

 

PC: Acer (Aspire 4755)

CPU: Intel® Core™ i5-2430M CPU @ 2.40GHz

RAM -> [Total : 1888 | Free : 259]

Bios: Phoenix Technologies Ltd.

Boot: Normal boot

 

OS: Microsoft Windows 7 Ultimate  (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 8.0.7600.16385

 

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: avast! Antivirus [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

 

C:\ (%systemdrive%) -> Fixed drive # 391 Gb (335 Mb free - 86%) [] # NTFS

D:\ -> Fixed drive # 308 Gb (301 Mb free - 98%) [New Volume] # NTFS

E:\ -> CD-ROM

F:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [] # FAT32

G:\ -> Removable drive # 964 Mb (134 Mb free - 14%) [JUSTINE] # FAT

 

################## | Active Processes |

 

C:\Windows\system32\csrss.exe (ID 560 |ParentID 548)

C:\Windows\system32\wininit.exe (ID 684 |ParentID 548)

C:\Windows\system32\csrss.exe (ID 708 |ParentID 692)

C:\Windows\system32\services.exe (ID 756 |ParentID 684)

C:\Windows\system32\lsass.exe (ID 772 |ParentID 684)

C:\Windows\system32\lsm.exe (ID 780 |ParentID 684)

C:\Windows\system32\svchost.exe (ID 904 |ParentID 756)

C:\Windows\system32\nvvsvc.exe (ID 984 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 120 |ParentID 756)

C:\Windows\system32\winlogon.exe (ID 568 |ParentID 692)

C:\Windows\System32\svchost.exe (ID 572 |ParentID 756)

C:\Windows\System32\svchost.exe (ID 552 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 540 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 1092 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 1212 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 1344 |ParentID 756)

C:\Windows\system32\WLANExt.exe (ID 1376 |ParentID 552)

C:\Windows\system32\conhost.exe (ID 1388 |ParentID 560)

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID 1448 |ParentID 756)

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1492 |ParentID 984)

C:\Windows\system32\nvvsvc.exe (ID 1504 |ParentID 984)

C:\Windows\System32\spoolsv.exe (ID 1768 |ParentID 756)

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1920 |ParentID 756)

C:\Windows\system32\taskhost.exe (ID 1968 |ParentID 756)

C:\Windows\system32\Dwm.exe (ID 1524 |ParentID 552)

C:\Windows\Explorer.EXE (ID 1788 |ParentID 1396)

C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe (ID 1892 |ParentID 2032)

C:\ProgramData\DatacardService\HWDeviceService64.exe (ID 2060 |ParentID 756)

C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe (ID 2124 |ParentID 756)

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID 2176 |ParentID 1788)

C:\Windows\System32\igfxtray.exe (ID 2184 |ParentID 1788)

C:\Windows\System32\hkcmd.exe (ID 2208 |ParentID 1788)

C:\Windows\System32\igfxpers.exe (ID 2228 |ParentID 1788)

C:\Users\Acer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (ID 2296 |ParentID 1788)

C:\Windows\System32\StikyNot.exe (ID 2368 |ParentID 1788)

C:\Users\Acer\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (ID 2400 |ParentID 1788)

C:\Windows\System32\wscript.exe (ID 2436 |ParentID 1788)

C:\Users\Acer\AppData\Local\Smartbar\Application\SnapDo.exe (ID 2496 |ParentID 1788)

C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID 2716 |ParentID 2516)

C:\ProgramData\DatacardService\DCSHelper.exe (ID 2816 |ParentID 2060)

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID 2708 |ParentID 1492)

C:\Windows\system32\svchost.exe (ID 1412 |ParentID 756)

C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (ID 1564 |ParentID 756)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2680 |ParentID 756)

C:\Windows\system32\wbem\wmiprvse.exe (ID 2636 |ParentID 904)

C:\Windows\system32\SearchIndexer.exe (ID 3084 |ParentID 756)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3108 |ParentID 2680)

C:\Windows\system32\svchost.exe (ID 3184 |ParentID 756)

C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3564 |ParentID 756)

C:\Windows\system32\svchost.exe (ID 4040 |ParentID 756)

C:\Windows\System32\svchost.exe (ID 3884 |ParentID 756)

C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (ID 3580 |ParentID 1564)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 4852 |ParentID 1788)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 4932 |ParentID 4852)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 1516 |ParentID 4852)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 4396 |ParentID 4852)

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (ID 4716 |ParentID 756)

C:\Windows\System32\svchost.exe (ID 3296 |ParentID 756)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 832 |ParentID 4852)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 3168 |ParentID 4852)

C:\Windows\system32\WUDFHost.exe (ID 1364 |ParentID 552)

C:\Users\Acer\AppData\Local\Google\Chrome\Application\old_chrome.exe (ID 3016 |ParentID 4852)

C:\UsbFix\Go.exe (ID 2780 |ParentID 608)

 

################## | Regedit Run |

 

HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

HKLM\SOFTWARE\wow6432Node | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

HKLM\SOFTWARE | RunOnce : [] -

HKLM\SOFTWARE\wow6432Node | RunOnce : [] -

HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [SanDiskSecureAccess_Manager.exe] - C:\Users\Acer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [AppsHat] - C:\Users\Acer\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [kpcgrhynko] - wscript.exe //B "C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs"

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\Acer\AppData\Local\Smartbar\Application\SnapDo.exe startup

HKU\S-1-5-21-3609343803-1789047090-3455872377-1236\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1236\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

 

################## | Files # Infected Folders |

 

Found ! C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs

Found ! G:\kpcgrhynko..vbs

Found ! C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs

Found ! G:\P3198934.lnk

Found ! G:\P3198939.lnk

Found ! G:\P3198940.lnk

Found ! G:\P3198941.lnk

Found ! G:\P3198942.lnk

Found ! G:\P3198943.lnk

Found ! G:\P3198944.lnk

Found ! G:\P3198945.lnk

Found ! G:\P3198946.lnk

Found ! G:\P3198947.lnk

Found ! G:\P3198948.lnk

Found ! G:\P3198950.lnk

Found ! G:\P3198951.lnk

Found ! G:\P3198952.lnk

Found ! G:\P3198953.lnk

Found ! G:\P3198954.lnk

Found ! G:\My Family.lnk

Found ! G:\FOUND.000.lnk

Found ! G:\FOUND.001.lnk

Found ! G:\entertainment.lnk

Found ! G:\Pics.lnk

Found ! G:\From Arnold.lnk

Found ! G:\mix pix.lnk

Found ! G:\EASTER SUNDAY 2011.lnk

Found ! G:\HOMEWORK.lnk

Found ! G:\Maetus.lnk

Found ! G:\New Folder.lnk

Found ! G:\New Folder (2).lnk

Found ! G:\New Folder (3).lnk

 

################## | Registry |

 

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offdiag.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko

HKCU\.\.\.\.\Explorer\MountPoints2\F

Shell\AutoRun\Command = F:\AutoRun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{011e01a8-fd56-11de-9609-206a8a545ca3}

Shell\AutoRun\Command = F:\AutoRun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{011e01c5-fd56-11de-9609-206a8a545ca3}

Shell\AutoRun\Command = F:\AutoRun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6bc16ec9-822a-11e2-8dc2-bb2a102f98bc}

Shell\AutoRun\Command = G:\fscommand\LS_Start_Launch.cmd

Shell\Launcher\Command = G:\fscommand\LS_Start_Launch.cmd

 

HKCU\.\.\.\.\Explorer\MountPoints2\{75832014-f26e-11e2-a715-206a8a545ca3}

Shell\AutoRun\Command = F:\AutoRun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{8669ba21-d949-11e2-bb38-206a8a545ca3}

Shell\AutoRun\Command = F:\AutoRun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{8bf264f5-fd38-11de-9eea-206a8a545ca3}

Shell\AutoRun\Command = F:\.\StartModem.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{ccf8a454-d881-11e2-8716-206a8a545ca3}

Shell\AutoRun\Command = F:\AutoRun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{d6b4df92-21c3-11e3-8743-206a8a545ca3}

Shell\AutoRun\Command = G:\Windows/AutoRun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{de23c1b0-26f0-11df-acae-206a8a545ca3}

Shell\AutoRun\Command = F:\autorun.exe

 

 

 

################## | Vaccin |

 

(!) This computer is not vaccinated!

 

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

 

***sorry for late replies. I'm not online during the day especially during weekdays.



#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,221 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 07 October 2013 - 07:52 AM

Yes!  Thank you!

 

Let's press on with FRST...

 

:step1:  Please open Notepad (Start > All Programs > Accessories > Notepad)
 Copy the entire contents of the code box below
 Save it to the Desktop, and name it: fixlist.txt

 

start
HKLM-x32\...\Runonce: [] -  [x]
HKCU\...\Run: [kpcgrhynko] - C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs [167773 2013-09-24] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs ()
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction
2013-10-05 09:53 - 2013-09-24 05:50 - 00167773 ___SH C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs
2013-09-24 05:50 - 2013-10-05 09:53 - 00167773 ___SH C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs
C:\Users\Acer\loop.bat

 

Once again, double-click FRST to run it.
When the tool opens click Yes to disclaimer.

Press the Fix button.

When done, FRST produces Fixlog.txt on the Desktop.

>> Please provide the Fixlog.txt on your reply. 

 

 

:step2:  Next, please press the Windows key and the R key at the same time for the Run prompt to appear.
In the Run prompt, type the following in the Open area, and press Enter: cmd
 
When the Command Prompt opens, copy/paste (with the mouse) the following text in the code box, and press: Enter

attrib -h -s -r -a /s /d X:\*.*

 

(Change the drive letter X to the letter corresponding to the problem USB removable drive.)
 

 

:step3:  Now, please run USBFix once again

 

Press: Deletion

 

When done, the program closes on its own, and a report appears.
The report file is also found at C:\UsbFix.txt

>> Please post the UsbFix.txt (Deletion) report in your reply.

 

Note: As before, if your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program.

 

Also, please check the USB drive and see if the shortcuts are gone.


To do is to be - Socrates

#15 justinemaetus

justinemaetus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 08 October 2013 - 06:23 AM

Fix Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013

Ran by Acer at 2013-10-08 19:01:18 Run:1

Running from C:\Users\Acer\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKLM-x32\...\Runonce: [] -  [x]

HKCU\...\Run: [kpcgrhynko] - C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs [167773 2013-09-24] ()

Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs ()

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction

2013-10-05 09:53 - 2013-09-24 05:50 - 00167773 ___SH C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs

2013-09-24 05:50 - 2013-10-05 09:53 - 00167773 ___SH C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs

C:\Users\Acer\loop.bat

 

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\kpcgrhynko => Value deleted successfully.

C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs => Moved successfully.

Default URLSearchHook was restored successfully .

HKCU\SOFTWARE\Policies\Google => Key deleted successfully.

C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs => Moved successfully.

"C:\Users\Acer\AppData\Roaming\kpcgrhynko..vbs" => File/Directory not found.

C:\Users\Acer\loop.bat => Moved successfully.

 

==== End of Fixlog ====


USBFix:

############################## | UsbFix V 7.143 | [Deletion]

 

User: Acer (Administrator) # ACER-PC

Updated 05/10/2013 by El Desaparecido - Team SosVirus

Started at 19:10:33 | 08/10/2013

 

Website: http://www.usbfix.net/

Forum : http://www.sosvirus.net/

Upload Malware: http://www.sosvirus.net/upload_malware.php

Contact: http://www.usbfix.net/contact/

 

PC: Acer (Aspire 4755)

CPU: Intel® Core™ i5-2430M CPU @ 2.40GHz

RAM -> [Total : 1888 | Free : 844]

Bios: Phoenix Technologies Ltd.

Boot: Normal boot

 

OS: Microsoft Windows 7 Ultimate  (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 8.0.7600.16385

 

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: avast! Antivirus [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

 

C:\ (%systemdrive%) -> Fixed drive # 391 Gb (334 Mb free - 85%) [] # NTFS

D:\ -> Fixed drive # 308 Gb (299 Mb free - 97%) [New Volume] # NTFS

E:\ -> CD-ROM

F:\ -> Removable drive # 2 Gb (2 Mb free - 97%) [ROVI] # FAT

 

################## | Regedit Run |

 

HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

HKLM\SOFTWARE\wow6432Node | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

HKLM\SOFTWARE | RunOnce : [] -

HKLM\SOFTWARE\wow6432Node | RunOnce : [] -

HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [SanDiskSecureAccess_Manager.exe] - C:\Users\Acer\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [AppsHat] - C:\Users\Acer\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe

HKU\S-1-5-21-3609343803-1789047090-3455872377-1000\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\Acer\AppData\Local\Smartbar\Application\SnapDo.exe startup

HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

 

################## | Stopped processes |

 

Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID 1640 |ParentID 712)

Stopped! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID 2416 |ParentID 2208)

Stopped! C:\Windows\system32\WUDFHost.exe (ID 4112 |ParentID 592)

Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 4296 |ParentID 712)

Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 5008 |ParentID 4296)

Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 4020 |ParentID 712)

Stopped! C:\Windows\system32\SearchIndexer.exe (ID 4444 |ParentID 712)

Stopped! C:\Windows\System32\spoolsv.exe (ID 4632 |ParentID 712)

 

################## | Files # Infected Folders |

 

Deleted ! F:\ROVI.lnk

Deleted ! F:\EDITORIAL.lnk

Deleted ! F:\RESEARCH.lnk

Deleted ! F:\RECYCLER.lnk

Deleted ! F:\Test Folder in Chemistry.lnk

Deleted ! F:\P3198934.lnk

Deleted ! F:\ARALIN 21 HANDOUT- GRAJO.lnk

Deleted ! F:\ARALIN 21 TEST.lnk

Deleted ! F:\ARALIN 22.lnk

Deleted ! F:\HANDOUTS FINAL.lnk

Deleted ! F:\ARALIN 23.lnk

Deleted ! F:\ARALIN 29 test PRINT.lnk

Deleted ! F:\Aralin 23-HANDOUTS PRINT.lnk

Deleted ! F:\Aralin 24 test Mararac.lnk

Deleted ! F:\ARALIN 25  Ang Rebolusyong Siyentipiko at ang Panahon ng Enlightenment.lnk

Deleted ! F:\Aralin 30.lnk

Deleted ! F:\ARALIN 25 test PRINT.lnk

Deleted ! F:\Aralin 26 (HANDOUTS) MEDINA.lnk

Deleted ! F:\Aralin 39 TEST PRINT.lnk

Deleted ! F:\ARALIN 27 test PRINT.lnk

Deleted ! F:\Aralin 28- Que.lnk

Deleted ! F:\Aralin 28 test PRINT.lnk

Deleted ! F:\Aralin 29 (Rosete).lnk

Deleted ! F:\ARALIN 31- test PRINT.lnk

Deleted ! F:\Aralin 30 test PRINT.lnk

Deleted ! F:\Aralin 26 TEST PRINT.lnk

Deleted ! F:\Aralin 39 (HANDOUTS) MEDINA.lnk

Deleted ! F:\Thank you.lnk

Deleted ! F:\ARALIN 31 handouts PRINT.lnk

Deleted ! F:\Aralin 24  hand-outs PRINT.lnk

Deleted ! F:\ARALIN 27 handouts PRINT.lnk

Deleted ! F:\Thumbs.lnk

Deleted ! F:\~$ARW(Don Bosco)- Defense.lnk

Deleted ! F:\~$4th Generation Computers.lnk

Deleted ! F:\Print 8-18-13.lnk

Deleted ! F:\Print 10-1-13.lnk

Deleted ! F:\Print.lnk

Deleted ! F:\mix pix.lnk

Deleted ! F:\My Family.lnk

Deleted ! F:\New Folder (2).lnk

Deleted ! F:\New Folder (3).lnk

Deleted ! F:\New Folder.lnk

Deleted ! F:\P3198939.lnk

Deleted ! F:\P3198940.lnk

Deleted ! F:\P3198941.lnk

Deleted ! F:\P3198942.lnk

Deleted ! F:\P3198943.lnk

Deleted ! F:\P3198944.lnk

Deleted ! F:\P3198945.lnk

Deleted ! F:\P3198946.lnk

Deleted ! F:\P3198947.lnk

Deleted ! F:\P3198948.lnk

Deleted ! F:\P3198950.lnk

Deleted ! F:\P3198951.lnk

Deleted ! F:\P3198952.lnk

Deleted ! F:\P3198953.lnk

Deleted ! F:\P3198954.lnk

Deleted ! F:\Pics.lnk

Deleted ! F:\EASTER SUNDAY 2011.lnk

Deleted ! F:\entertainment.lnk

Deleted ! F:\FOUND.000.lnk

Deleted ! F:\FOUND.001.lnk

Deleted ! F:\From Arnold.lnk

Deleted ! F:\HOMEWORK.lnk

Deleted ! F:\Maetus.lnk

Deleted ! F:\pictures.lnk

Deleted ! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

Deleted ! C:\FRST\Quarantine\kpcgrhynko..vbs

Deleted ! F:\kpcgrhynko..vbs

 

(!) Temporary files deleted.

 

################## | Registry |

 

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\F

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{011e01a8-fd56-11de-9609-206a8a545ca3}

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{6bc16ec9-822a-11e2-8dc2-bb2a102f98bc}

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{75832014-f26e-11e2-a715-206a8a545ca3}

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{8669ba21-d949-11e2-bb38-206a8a545ca3}

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{8bf264f5-fd38-11de-9eea-206a8a545ca3}

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{ccf8a454-d881-11e2-8716-206a8a545ca3}

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d6b4df92-21c3-11e3-8743-206a8a545ca3}

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{de23c1b0-26f0-11df-acae-206a8a545ca3}

 

################## | Listing |

 

[21/09/2012 - 08:27:07 | D ] C:\$AVG

[07/09/2013 - 11:24:52 | SHD ]      C:\$Recycle.Bin

[29/09/2013 - 16:31:10 | D ] C:\ad1a3159a2a27ee2623da543dc52

[11/06/2009 - 05:42:20 | N | 24]    C:\autoexec.bat

[06/10/2013 - 12:44:21 | SHD ]      C:\Config.Msi

[11/06/2009 - 05:42:20 | N | 10]    C:\config.sys

[14/07/2009 - 13:08:56 | SHD ]      C:\Documents and Settings

[29/09/2013 - 15:35:46 | D ] C:\ec16f391e63535c72d5fccc4fc

[29/09/2013 - 16:00:58 | D ] C:\f8972721e29f222398

[06/10/2013 - 14:37:34 | D ] C:\FRST

[08/10/2013 - 16:53:24 | ASH | 1485017088]      C:\hiberfil.sys

[02/03/2012 - 12:41:10 | RHD ]      C:\MSOCache

[08/10/2013 - 16:53:24 | ASH | 1980022784]      C:\pagefile.sys

[14/07/2009 - 11:20:08 | D ] C:\PerfLogs

[07/08/2013 - 20:40:16 | D ] C:\Program Files

[05/10/2013 - 15:15:19 | D ] C:\Program Files (x86)

[05/10/2013 - 15:14:52 | HD ]       C:\ProgramData

[01/03/2013 - 12:35:25 | SHD ]      C:\Recovery

[06/10/2013 - 12:59:04 | SHD ]      C:\System Volume Information

[17/03/2012 - 17:35:03 | D ] C:\UDK

[08/10/2013 - 19:18:55 | D ] C:\UsbFix

[08/10/2013 - 19:03:46 | N | 6071] C:\UsbFix [Clean 1] ACER-PC.txt

[08/10/2013 - 19:19:09 | A | 7232] C:\UsbFix [Clean 2] ACER-PC.txt

[06/10/2013 - 13:58:43 | N | 5994] C:\UsbFix [Listing 1 ] ACER-PC.txt

[06/10/2013 - 13:59:27 | N | 6066] C:\UsbFix [Listing 2 ] ACER-PC.txt

[06/10/2013 - 13:23:28 | N | 7189] C:\UsbFix [Scan 1] ACER-PC.txt

[06/10/2013 - 13:55:22 | N | 11162]       C:\UsbFix [Scan 2] ACER-PC.txt

[06/10/2013 - 14:11:09 | N | 10062]       C:\UsbFix [Scan 3] ACER-PC.txt

[28/05/2012 - 08:53:17 | N | 1539] C:\user.js

[30/09/2013 - 17:00:03 | RD ]       C:\Users

[06/10/2013 - 14:39:09 | D ] C:\Windows

[02/03/2013 - 04:00:49 | D ] C:\Windows.old

[01/03/2013 - 12:36:08 | SHD ]      D:\$RECYCLE.BIN

[08/10/2013 - 19:07:59 | D ] D:\Desktop

[06/01/2009 - 16:48:25 | D ] D:\DirectX

[06/10/2013 - 16:43:38 | D ] D:\Documents

[06/10/2013 - 16:42:54 | D ] D:\Downloads

[06/10/2013 - 16:44:23 | D ] D:\Support

[05/05/2012 - 07:08:26 | SHD ]      D:\System Volume Information

[03/10/2013 - 20:26:44 | N | 11752]       F:\EDITORIAL.docx

[18/08/2013 - 11:22:38 | D ] F:\Print 8-18-13

[28/07/2013 - 20:37:28 | D ] F:\ROVI

[03/10/2013 - 17:42:16 | N | 72985]       F:\Test Folder in Chemistry.docx

[03/10/2013 - 23:49:48 | N | 23902]       F:\ARALIN 21 HANDOUT- GRAJO.docx

[03/10/2013 - 17:36:36 | N | 14063]       F:\ARALIN 21 TEST.docx

[03/10/2013 - 17:44:02 | N | 15883]       F:\ARALIN 22.docx

[12/09/2013 - 20:51:56 | D ] F:\Print 10-1-13

[03/10/2013 - 23:50:08 | N | 22841]       F:\HANDOUTS FINAL.docx

[04/10/2013 - 08:24:42 | N | 15431]       F:\ARALIN 23.docx

[04/10/2013 - 08:47:54 | N | 17384]       F:\ARALIN 29 test PRINT.docx

[04/10/2013 - 08:58:34 | N | 17431]       F:\Aralin 23-HANDOUTS PRINT.docx

[03/10/2013 - 23:29:46 | N | 16516]       F:\Aralin 24 test Mararac.docx

[03/10/2013 - 23:51:18 | N | 25779]       F:\ARALIN 25  Ang Rebolusyong Siyentipiko at ang Panahon ng Enlightenment.docx

[04/10/2013 - 08:52:32 | N | 15083]       F:\ARALIN 25 test PRINT.docx

[03/10/2013 - 23:52:50 | N | 96215]       F:\Aralin 26 (HANDOUTS) MEDINA.docx

[04/10/2013 - 08:53:28 | N | 13785]       F:\Aralin 39 TEST PRINT.docx

[04/10/2013 - 08:50:30 | N | 14568]       F:\ARALIN 27 test PRINT.docx

[03/10/2013 - 22:14:22 | N | 24754]       F:\Aralin 28- Que.docx

[04/10/2013 - 08:49:42 | N | 17441]       F:\Aralin 28 test PRINT.docx

[03/10/2013 - 20:15:12 | N | 20723]       F:\Aralin 29 (Rosete).docx

[04/10/2013 - 08:46:10 | N | 67788]       F:\ARALIN 31- test PRINT.rtf

[05/10/2013 - 09:59:24 | D ] F:\pictures

[04/10/2013 - 08:47:06 | N | 22562]       F:\Aralin 30 test PRINT.docx

[04/10/2013 - 13:28:36 | N | 17145]       F:\Aralin 30.docx

[04/10/2013 - 08:51:18 | N | 13809]       F:\Aralin 26 TEST PRINT.docx

[03/10/2013 - 23:09:50 | N | 37398]       F:\Aralin 39 (HANDOUTS) MEDINA.docx

[03/10/2013 - 13:08:46 | N | 10508]       F:\Thank you.docx

[04/10/2013 - 09:22:52 | N | 215960]      F:\ARALIN 31 handouts PRINT.docx

[04/10/2013 - 08:58:46 | N | 20719]       F:\Aralin 24  hand-outs PRINT.docx

[03/10/2013 - 23:54:00 | N | 52051]       F:\ARALIN 27 handouts PRINT.docx

[28/02/2013 - 18:31:26 | RASH | 270397]   F:\Thumbs.db

[23/06/2011 - 18:56:22 | N | 16384]       F:\GRAPH

[11/03/2013 - 20:45:46 | D ] F:\RESEARCH

[14/03/2013 - 13:28:08 | N | 165]   F:\~$ARW(Don Bosco)- Defense.pptx

[12/06/2013 - 17:22:54 | D ] F:\Print

[25/06/2013 - 06:31:20 | N | 165]   F:\~$4th Generation Computers.pptx

[03/07/2013 - 06:26:30 | D ] F:\RECYCLER

 

################## | Vaccin |

 

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

 

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users