Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please assist me in deleting this MICROS~1.VBS from my Flash Drive


  • Please log in to reply
1 reply to this topic

#1 silentarts

silentarts

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 03 December 2013 - 02:51 PM

I can't delete it. I've tried over and over again but it when I refresh it it is there again. It can't be detected by anti virus. How do I remove it?

 

I used USBFix.exe and it created two log files; one for Recovery and one for Listing.

 

PS: I also disabled the AutoRun Feature by Downloading Microsoft Fix It 50471.

 

---------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Recovery Log file

 

############################## | UsbFix V 7.152 | [Research]

 
User: user (Administrator) # USER-HP
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 14:48:22 | 03/12/2013
 
 
PC: Hewlett-Packard (169B)
CPU: AMD A4-3300M APU with Radeon™ HD Graphics
RAM -> [Total : 3563 | Free : 1808]
Bios: Hewlett-Packard
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16686
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 451 Gb (356 Mb free - 79%) [] # NTFS
D:\ -> Fixed drive # 15 Gb (2 Mb free - 11%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [Sameer] # NTFS
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID: 412 |ParentID: 376)
C:\Windows\system32\wininit.exe (ID: 488 |ParentID: 376)
C:\Windows\system32\csrss.exe (ID: 520 |ParentID: 496)
C:\Windows\system32\services.exe (ID: 552 |ParentID: 488)
C:\Windows\system32\lsass.exe (ID: 568 |ParentID: 488)
C:\Windows\system32\lsm.exe (ID: 576 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 680 |ParentID: 552)
C:\Windows\system32\winlogon.exe (ID: 748 |ParentID: 496)
C:\Windows\system32\svchost.exe (ID: 820 |ParentID: 552)
C:\Windows\System32\svchost.exe (ID: 948 |ParentID: 552)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 352 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 380 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 1304 |ParentID: 552)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1400 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 1700 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 3052 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 2640 |ParentID: 552)
C:\Windows\system32\Dwm.exe (ID: 3512 |ParentID: 996)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4744 |ParentID: 1292)
C:\Windows\System32\svchost.exe (ID: 4560 |ParentID: 552)
C:\Windows\explorer.exe (ID: 2552 |ParentID: 748)
C:\Windows\System32\WUDFHost.exe (ID: 5540 |ParentID: 996)
C:\Windows\System32\rundll32.exe (ID: 5096 |ParentID: 680)
C:\Windows\system32\DllHost.exe (ID: 4324 |ParentID: 680)
C:\Windows\system32\SearchIndexer.exe (ID: 4456 |ParentID: 552)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3872 |ParentID: 552)
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID: 3692 |ParentID: 552)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3280 |ParentID: 2552)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4660 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4016 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4248 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4624 |ParentID: 3280)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 236 |ParentID: 3280)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1576 |ParentID: 552)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 836 |ParentID: 1576)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 496 |ParentID: 3280)
C:\Windows\system32\taskeng.exe (ID: 1580 |ParentID: 380)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3472 |ParentID: 4456)
C:\Windows\explorer.exe (ID: 5232 |ParentID: 680)
C:\Windows\system32\SearchFilterHost.exe (ID: 872 |ParentID: 4456)
C:\UsbFix\Go.exe (ID: 5136 |ParentID: 428)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4800 |ParentID: 680)
 
################## | Regedit Run |
 
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS5.5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "c:\program files (x86)\real\realplayer\update\realsched.exe"  -osboot
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe /check
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5.5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "c:\program files (x86)\real\realplayer\update\realsched.exe"  -osboot
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [AdobeBridge] - 
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto 
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Facebook Update] - "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\user\AppData\Local\Smartbar\Application\SnapDo.exe startup
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [uTorrent] - "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [RocketDock] - "C:\Program Files (x86)\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\SOFTWARE | Run : [MICROS~1] - wscript.exe //B "C:\Users\user\AppData\Local\Temp\MICROS~1.VBS"
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Found ! C:\Users\user\AppData\Roaming\BabMaint.exe
Found ! C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Found ! C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Found ! G:\MICROS~1.VBS
Found ! G:\AAS LAB REPORT-karishma gobin.lnk
Found ! G:\APPENDIX.lnk
Found ! G:\AstroQuiz Presentations 2012.lnk
Found ! G:\celcius-rankin.lnk
Found ! G:\CHNG1000 Ass 2 13-14.lnk
Found ! G:\club_application.lnk
Found ! G:\Corrosion Studies Diagram.lnk
Found ! G:\Creep Results 5.lnk
Found ! G:\Creep Results 51.lnk
Found ! G:\Doc2.lnk
Found ! G:\Economic Evaluation of Projects.lnk
Found ! G:\Maths.lnk
Found ! G:\matlab_guide.lnk
Found ! G:\OCT 10.lnk
Found ! G:\Process Economics Tutorial.lnk
Found ! G:\QUESTIONNAIRE.lnk
Found ! G:\Sameer corrected.lnk
Found ! G:\Sameer.lnk
Found ! G:\sample corrosion studies lab 1.lnk
Found ! G:\sample corrosion studies lab 2.lnk
Found ! G:\SAN FERNANDO GENERAL HOSPITAL DATA.lnk
Found ! G:\Sando 1.lnk
Found ! G:\scimatlab1.lnk
Found ! G:\scimatlab2 (2).lnk
Found ! G:\scimatlab2.lnk
Found ! G:\scimatlab3.lnk
Found ! G:\SCIMATLABRESULTS.lnk
Found ! G:\The G Man.lnk
Found ! G:\TIME2.lnk
Found ! G:\TITLE.lnk
Found ! G:\UNIVERSITY OF THE WEST INDIES.lnk
Found ! G:\UV2.lnk
Found ! G:\VALEDITORY SPEECH.lnk
Found ! D:\desktop.ini
 
################## | Reference of comparison MD5 |
 
Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Md5 : E879A5B023C87A551BE8F693E0532C38 -> G:\MICROS~1.VBS
Md5 : CC1A55091FD96BCB624AD791CD15D179 -> C:\Users\user\AppData\Roaming\BabMaint.exe
Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
 
################## | Comparison MD5 |
 
Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
Found ! Md5 : CC1A55091FD96BCB624AD791CD15D179 -> C:\Users\user\AppData\Roaming\BabMaint.exe
Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
Found ! Md5 : E879A5B023C87A551BE8F693E0532C38 -> G:\MICROS~1.VBS
 
################## | Registry |
 
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Found ! HKU\S-1-5-21-3639331311-3520423502-2070970505-1001\Software\Microsoft\Windows\CurrentVersion\Run|MICROS~1
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MICROS~1
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 
---------------------------------------------------------------------------------------------------------------------------------------------------
 
Listing Log File
 
############################## | UsbFix V 7.152 | [Listing]
 
User: user (Administrator) # USER-HP
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 15:34:19 | 03/12/2013
 
 
PC: Hewlett-Packard (169B)
CPU: AMD A4-3300M APU with Radeon™ HD Graphics
RAM -> [Total : 3563 | Free : 1866]
Bios: Hewlett-Packard
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16686
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 451 Gb (356 Mb free - 79%) [] # NTFS
D:\ -> Fixed drive # 15 Gb (2 Mb free - 11%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [Sameer] # NTFS
 
################## | Listing |
 
[15/07/2012 - 18:03:41 | SHD ] C:\$Recycle.Bin
[30/06/2012 - 11:32:29 | D ] C:\45520063a796f360e041755606f9
[26/06/2012 - 21:20:49 | D ] C:\Adobe Dreamweaver CS5.5
[26/06/2012 - 21:21:31 | D ] C:\Adobe Illustrator CS5.1
[26/06/2012 - 21:23:49 | D ] C:\Adobe Photoshop CS5.1
[17/05/2011 - 17:27:38 | SHD ] C:\boot
[20/11/2010 - 23:23:51 | RASH | 383786] C:\bootmgr
[03/12/2013 - 13:52:12 | SHD ] C:\Config.Msi
[14/07/2009 - 01:08:56 | SHD ] C:\Documents and Settings
[03/12/2013 - 13:16:21 | ASH | 2801979392] C:\hiberfil.sys
[27/07/2011 - 11:49:31 | HD ] C:\HP
[29/07/2012 - 22:40:34 | RHD ] C:\MSOCache
[03/12/2013 - 13:16:30 | ASH | 10485760000] C:\pagefile.sys
[03/12/2013 - 10:18:46 | RD ] C:\Program Files
[27/11/2013 - 19:42:21 | RD ] C:\Program Files (x86)
[25/10/2013 - 14:15:14 | HD ] C:\ProgramData
[26/06/2012 - 21:01:32 | SHD ] C:\Recovery
[13/05/2013 - 14:01:43 | D ] C:\SearchProtect
[05/08/2012 - 16:08:55 | D ] C:\SWSetup
[03/12/2013 - 13:52:01 | SHD ] C:\System Volume Information
[26/06/2012 - 21:01:38 | AHD ] C:\SYSTEM.SAV
[03/12/2013 - 15:34:22 | D ] C:\UsbFix
[03/12/2013 - 15:34:22 | A | 2322] C:\UsbFix [Listing 2 ] USER-HP.txt
[03/12/2013 - 15:01:35 | A | 12394] C:\UsbFix [Scan 5] USER-HP.txt
[26/06/2012 - 21:00:53 | RD ] C:\Users
[03/12/2013 - 13:14:50 | D ] C:\Windows
[12/04/2012 - 17:25:39 | SHD ] D:\$RECYCLE.BIN
[24/06/2012 - 16:06:59 | RASH | 0] D:\2208_15140084_MVM_7.tmp
[12/04/2012 - 17:25:32 | RASHD ] D:\boot
[14/07/2009 - 14:39:00 | RASH | 383562] D:\bootmgr
[23/05/2010 - 08:55:46 | RASH | 67] D:\Desktop.ini
[12/04/2012 - 17:25:32 | ASHD ] D:\FactoryUpdate
[12/04/2012 - 17:25:32 | RASHD ] D:\hp
[13/04/2012 - 14:20:39 | RASH | 20] D:\HPSF_Rep.txt
[19/08/2012 - 15:39:34 | A | 8] D:\HP_WSD.dat
[31/01/2013 - 20:50:06 | A | 458] D:\Local Disk © - Shortcut.lnk
[12/04/2012 - 17:25:32 | RSHD ] D:\preload
[26/06/2012 - 21:01:38 | RSD ] D:\recovery
[12/04/2012 - 17:25:32 | SHD ] D:\RM_Reserve
[26/06/2012 - 21:18:46 | SHD ] D:\System Volume Information
[08/07/2013 - 23:56:35 | RAD ] E:\VIDEO_TS
[08/07/2013 - 23:56:35 | RAD ] E:\AUDIO_TS
[03/12/2013 - 13:48:28 | A | 800] G:\AAS LAB REPORT-karishma gobin.lnk
[03/12/2013 - 13:48:29 | A | 704] G:\APPENDIX.lnk
[03/12/2013 - 13:48:01 | A | 794] G:\AstroQuiz Presentations 2012.lnk
[03/12/2013 - 13:48:30 | A | 1566] G:\celcius-rankin.lnk
[03/12/2013 - 13:48:31 | A | 1592] G:\CHNG1000 Ass 2 13-14.lnk
[03/12/2013 - 13:48:37 | A | 762] G:\club_application.lnk
[03/12/2013 - 13:48:31 | A | 1598] G:\Corrosion Studies Diagram.lnk
[03/12/2013 - 13:48:32 | A | 1576] G:\Creep Results 5.lnk
[03/12/2013 - 13:48:32 | A | 1578] G:\Creep Results 51.lnk
[03/12/2013 - 13:48:32 | A | 1548] G:\Doc2.lnk
[03/12/2013 - 13:48:34 | A | 1614] G:\Economic Evaluation of Projects.lnk
[03/12/2013 - 13:48:37 | A | 740] G:\Maths.lnk
[03/12/2013 - 13:48:34 | A | 1562] G:\matlab_guide.lnk
[25/09/2013 - 08:46:54 | SH | 152739] G:\MICROS~1.VBS
[03/12/2013 - 13:48:37 | A | 746] G:\OCT 10.lnk
[03/12/2013 - 13:48:34 | A | 1600] G:\Process Economics Tutorial.lnk
[03/12/2013 - 13:48:35 | A | 1566] G:\QUESTIONNAIRE.lnk
[03/12/2013 - 13:48:36 | A | 1576] G:\Sameer corrected.lnk
[03/12/2013 - 13:48:36 | A | 1552] G:\Sameer.lnk
[03/12/2013 - 13:48:36 | A | 1616] G:\sample corrosion studies lab 1.lnk
[03/12/2013 - 13:48:36 | A | 1616] G:\sample corrosion studies lab 2.lnk
[03/12/2013 - 13:48:36 | A | 1624] G:\SAN FERNANDO GENERAL HOSPITAL DATA.lnk
[03/12/2013 - 13:48:36 | A | 1558] G:\Sando 1.lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab1.lnk
[03/12/2013 - 13:48:36 | A | 1572] G:\scimatlab2 (2).lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab2.lnk
[03/12/2013 - 13:48:36 | A | 1560] G:\scimatlab3.lnk
[03/12/2013 - 13:48:36 | A | 1572] G:\SCIMATLABRESULTS.lnk
[03/12/2013 - 13:48:36 | A | 744] G:\The G Man.lnk
[03/12/2013 - 13:48:36 | A | 730] G:\TIME2.lnk
[03/12/2013 - 13:48:36 | A | 730] G:\TITLE.lnk
[03/12/2013 - 13:48:36 | A | 794] G:\UNIVERSITY OF THE WEST INDIES.lnk
[03/12/2013 - 13:48:37 | A | 724] G:\UV2.lnk
[03/12/2013 - 13:48:37 | A | 758] G:\VALEDITORY SPEECH.lnk
 
################## | E.O.F |

 

 

---------------------------------------------------------------------------------------------------------------------------------------------------

 

 

FRST.txt Log File from Farbar Recovery Scan Tool

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by user (administrator) on USER-HP on 03-12-2013 15:45:06
Running from C:\Users\user\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-23] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () <===== ATTENTION
HKLM-x32\...\Runonce: [] -  [x]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [Pando Media Booster] - null\Pando Networks\Media Booster\PMB.exe
HKCU\...\Run: [Facebook Update] - C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-15] (Facebook Inc.)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\user\AppData\Local\Smartbar\Application\SnapDo.exe [21024 2013-08-11] (Smartbar)
HKCU\...\Run: [uTorrent] - C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-15] (BitTorrent Inc.)
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () <===== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-03-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5c81d99a-67c6-4979-8dc3-496647d92681.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-03] (AVAST Software)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.tt/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKLM-x32 - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
URLSearchHook: HKCU - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {812288FF-A2C6-4969-8159-20CAA7C8E863} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=a247b50d00000000000078e3b5573047&affilt=3&r=632
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {C8D40D51-543F-4D33-9583-9229A879D2FA} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {F985A1B2-1DD8-4733-B868-A3B9557EC9C7} URL = http://www.bing.com/search?q={searchTerms}&r=147
BHO: hosts - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho64.dll (Irismedia)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Setup1 - {11111111-1111-1111-1111-110111091189} - C:\Program Files (x86)\Setup1\Setup1.dll (Fatmir Miftari)
BHO-x32: hosts - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll (Irismedia)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Fast Search - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-17] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.1.104.35 200.1.104.36 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\user.js
FF DefaultSearchEngine: Search 
FF SelectedSearchEngine: Search 
FF Homepage: hxxp://search.ividi.org/?src=tbhp&id=a247b50d00000000000078e3b5573047&affilt=3
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\user\Desktop\null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\express-files-customized-web-search.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: hosts - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
FF Extension: Setup1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\crossriderapp10989@crossrider.com
FF Extension: ftdownloader2 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\ftdownloader2@ftdownloader.com.xpi
FF Extension: gophoto - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\gophoto@gophoto.it.xpi
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\user\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx
 
==================== Services (Whitelisted) =================
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-03] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-12-03] (WildTangent)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [808728 2013-11-29] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-03] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-03] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-03] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-03 15:45 - 2013-12-03 15:46 - 00025692 _____ C:\Users\user\Downloads\FRST.txt
2013-12-03 15:44 - 2013-12-03 15:44 - 00000000 ____D C:\FRST
2013-12-03 15:42 - 2013-12-03 15:43 - 01959614 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-03 15:34 - 2013-12-03 15:34 - 00005440 _____ C:\UsbFix [Listing 2 ] USER-HP.txt
2013-12-03 14:48 - 2013-12-03 15:01 - 00012394 _____ C:\UsbFix [Scan 5] USER-HP.txt
2013-12-03 13:53 - 2013-12-03 15:34 - 00000000 ____D C:\UsbFix
2013-12-03 13:52 - 2013-12-03 13:52 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\user\Desktop\UsbFix.exe
2013-12-03 13:51 - 2013-12-03 13:51 - 00655360 _____ C:\Users\user\Downloads\MicrosoftFixit50471.msi
2013-12-03 13:48 - 2013-12-03 13:48 - 00000000 ____D C:\Users\user\Desktop\Flash Drive Files
2013-12-03 13:23 - 2013-12-03 13:23 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2013-12-03 13:15 - 2013-12-03 13:15 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-03 10:18 - 2013-12-03 10:18 - 00003702 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\KMSpico
2013-12-03 09:22 - 2013-12-03 09:25 - 00000000 ____D C:\Users\user\Desktop\Projects
2013-11-28 21:33 - 2013-12-03 13:22 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job
2013-11-28 21:33 - 2013-12-02 21:37 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_user.job
2013-11-28 21:33 - 2013-12-02 19:35 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_user.job
2013-11-27 20:21 - 2013-11-27 20:21 - 00060460 _____ C:\Users\user\Downloads\The Role of a Chemical Engineer.pptx
2013-11-26 00:05 - 2013-11-26 00:05 - 00123392 _____ C:\Users\user\Downloads\1180-marks-2013 (1).xls
2013-11-25 23:09 - 2013-11-25 23:09 - 00248924 _____ C:\Users\user\Downloads\Applications for Comm Presentation.pptx
2013-11-25 23:09 - 2013-11-25 23:09 - 00048329 _____ C:\Users\user\Downloads\MATAINENCE OF CENTRIFUGAL PUMPS.pptx
2013-11-25 22:34 - 2013-11-25 22:34 - 03199096 _____ C:\Users\user\Downloads\centrifugal pumps pp (1).pptx
2013-11-25 21:51 - 2013-11-25 21:51 - 03205132 _____ C:\Users\user\Downloads\centrifugal pumps pp.pptx
2013-11-25 16:06 - 2013-11-25 14:49 - 00489256 _____ C:\Users\user\Documents\centrifugal pumps pp.pptx
2013-11-17 23:30 - 2013-11-17 23:30 - 00021423 _____ C:\Users\user\Documents\Book1.xlsx
2013-11-15 20:31 - 2013-11-16 07:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 22:24 - 2013-11-13 22:26 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_30EF
2013-11-12 22:23 - 2013-11-12 22:23 - 00121344 _____ C:\Users\user\Downloads\1180-marks-2013.xls
2013-11-08 22:15 - 2013-11-11 20:08 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_3CFE
2013-11-08 21:32 - 2013-11-08 21:32 - 00183146 _____ C:\Users\user\Downloads\sample corrosion studies.zip
2013-11-06 17:57 - 2013-11-29 19:24 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-06 06:57 - 2013-11-06 06:57 - 00345208 _____ C:\Windows\Minidump\110613-21325-01.dmp
2013-11-05 19:42 - 2013-11-07 10:59 - 00070030 _____ C:\Users\user\Downloads\Economic Evaluation of Projects.xlsx
 
==================== One Month Modified Files and Folders =======
 
2013-12-03 15:46 - 2013-12-03 15:45 - 00025692 _____ C:\Users\user\Downloads\FRST.txt
2013-12-03 15:44 - 2013-12-03 15:44 - 00000000 ____D C:\FRST
2013-12-03 15:44 - 2012-07-07 10:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 15:43 - 2013-12-03 15:42 - 01959614 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-03 15:40 - 2011-07-27 11:35 - 01766068 _____ C:\Windows\WindowsUpdate.log
2013-12-03 15:34 - 2013-12-03 15:34 - 00005440 _____ C:\UsbFix [Listing 2 ] USER-HP.txt
2013-12-03 15:34 - 2013-12-03 13:53 - 00000000 ____D C:\UsbFix
2013-12-03 15:30 - 2013-06-15 09:01 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA.job
2013-12-03 15:01 - 2013-12-03 14:48 - 00012394 _____ C:\UsbFix [Scan 5] USER-HP.txt
2013-12-03 14:47 - 2012-06-26 21:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 14:15 - 2011-05-17 15:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-12-03 13:52 - 2013-12-03 13:52 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\user\Desktop\UsbFix.exe
2013-12-03 13:52 - 2013-09-17 17:20 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-12-03 13:51 - 2013-12-03 13:51 - 00655360 _____ C:\Users\user\Downloads\MicrosoftFixit50471.msi
2013-12-03 13:48 - 2013-12-03 13:48 - 00000000 ____D C:\Users\user\Desktop\Flash Drive Files
2013-12-03 13:26 - 2009-07-14 01:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 13:23 - 2013-12-03 13:23 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2013-12-03 13:22 - 2013-11-28 21:33 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job
2013-12-03 13:22 - 2012-06-26 21:31 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 13:22 - 2009-07-14 00:45 - 00036128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 13:22 - 2009-07-14 00:45 - 00036128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 13:16 - 2013-10-14 09:03 - 00032760 _____ C:\Windows\PFRO.log
2013-12-03 13:16 - 2013-09-25 10:23 - 00009590 _____ C:\Windows\setupact.log
2013-12-03 13:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 13:15 - 2013-12-03 13:15 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-03 13:15 - 2012-07-14 07:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-03 13:14 - 2013-06-09 12:25 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-03 13:14 - 2013-06-09 12:25 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-03 13:14 - 2012-06-26 21:31 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-03 13:14 - 2012-06-26 21:31 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-03 13:14 - 2012-06-26 21:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-03 13:07 - 2012-06-26 21:30 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-03 13:06 - 2012-06-26 21:31 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-12-03 10:18 - 2013-12-03 10:18 - 00003702 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\KMSpico
2013-12-03 09:25 - 2013-12-03 09:22 - 00000000 ____D C:\Users\user\Desktop\Projects
2013-12-03 09:06 - 2013-06-15 09:01 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core.job
2013-12-02 21:37 - 2013-11-28 21:33 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_user.job
2013-12-02 21:36 - 2012-06-26 21:07 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7055F76A-DE65-4A14-A7E1-D80E94C3FEA5}
2013-12-02 21:29 - 2013-08-27 11:06 - 01005568 ___SH C:\Users\user\Downloads\Thumbs.db
2013-12-02 19:35 - 2013-11-28 21:33 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_user.job
2013-12-02 05:59 - 2013-09-20 22:12 - 00004964 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for user-HP-user user-HP
2013-12-01 20:35 - 2012-10-06 06:44 - 00172544 ___SH C:\Users\user\Documents\Thumbs.db
2013-11-29 19:24 - 2013-11-06 17:57 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-29 19:24 - 2013-10-23 21:10 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001
2013-11-29 07:00 - 2012-11-12 15:02 - 00000000 ____D C:\Users\user\Documents\Microsoft items
2013-11-27 20:21 - 2013-11-27 20:21 - 00060460 _____ C:\Users\user\Downloads\The Role of a Chemical Engineer.pptx
2013-11-27 19:42 - 2012-06-26 21:31 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-27 19:42 - 2012-06-26 21:31 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 13:17 - 2012-06-26 21:07 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-26 00:05 - 2013-11-26 00:05 - 00123392 _____ C:\Users\user\Downloads\1180-marks-2013 (1).xls
2013-11-25 23:09 - 2013-11-25 23:09 - 00248924 _____ C:\Users\user\Downloads\Applications for Comm Presentation.pptx
2013-11-25 23:09 - 2013-11-25 23:09 - 00048329 _____ C:\Users\user\Downloads\MATAINENCE OF CENTRIFUGAL PUMPS.pptx
2013-11-25 22:34 - 2013-11-25 22:34 - 03199096 _____ C:\Users\user\Downloads\centrifugal pumps pp (1).pptx
2013-11-25 21:51 - 2013-11-25 21:51 - 03205132 _____ C:\Users\user\Downloads\centrifugal pumps pp.pptx
2013-11-25 14:49 - 2013-11-25 16:06 - 00489256 _____ C:\Users\user\Documents\centrifugal pumps pp.pptx
2013-11-24 13:04 - 2012-07-31 16:27 - 00000000 ____D C:\Users\user\Documents\Youcam
2013-11-22 23:16 - 2012-06-26 22:07 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-11-19 19:17 - 2013-10-24 21:14 - 00000000 ____D C:\Users\user\Desktop\New folder
2013-11-18 09:27 - 2012-12-30 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 23:30 - 2013-11-17 23:30 - 00021423 _____ C:\Users\user\Documents\Book1.xlsx
2013-11-16 07:48 - 2013-11-15 20:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 22:26 - 2013-11-13 22:24 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_30EF
2013-11-13 16:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-13 06:39 - 2013-09-16 22:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-12 22:23 - 2013-11-12 22:23 - 00121344 _____ C:\Users\user\Downloads\1180-marks-2013.xls
2013-11-12 21:43 - 2012-07-15 17:35 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2013-11-12 08:05 - 2013-09-27 18:10 - 00002133 _____ C:\Users\user\Desktop\FLV Player.lnk
2013-11-12 08:05 - 2013-09-13 10:14 - 00000000 ____D C:\Users\user\AppData\Local\WebPlayer
2013-11-11 20:08 - 2013-11-08 22:15 - 00000000 ____D C:\Users\user\AppData\OICE_15_974FA576_32C1D314_3CFE
2013-11-08 22:05 - 2012-09-03 15:55 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUSER-HP$
2013-11-08 22:05 - 2012-09-03 15:55 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job
2013-11-08 21:32 - 2013-11-08 21:32 - 00183146 _____ C:\Users\user\Downloads\sample corrosion studies.zip
2013-11-07 10:59 - 2013-11-05 19:42 - 00070030 _____ C:\Users\user\Downloads\Economic Evaluation of Projects.xlsx
2013-11-06 06:57 - 2013-11-06 06:57 - 00345208 _____ C:\Windows\Minidump\110613-21325-01.dmp
2013-11-06 06:57 - 2013-10-16 06:40 - 476472568 _____ C:\Windows\MEMORY.DMP
2013-11-06 06:57 - 2012-07-17 21:49 - 00000000 ____D C:\Windows\Minidump
 
Files to move or delete:
====================
C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
 
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce (2).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\user\AppData\Local\Temp\PidGenX.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-01 05:21
 
==================== End Of Log ============================
 
 
---------------------------------------------------------------------------------------------------------------------------------------------------
 
 
Farbar Recovery Scan Tool Addition.txt LogFile
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by user at 2013-12-03 15:47:07
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30303)
3ivx MPEG-4 5.0.1 Decoder (remove only) (x32 Version: 5.0.1)
Adobe AIR (x32 Version: 3.6.0.5970)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Dreamweaver CS5.5 (x32 Version: 11.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Illustrator CS5.1 (x32 Version: 15.1)
Adobe Photoshop CS5.1 (x32 Version: 12.1)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Widget Browser (x32 Version: 2.0 Build 230)
Adobe Widget Browser (x32 Version: 2.0.230)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Fuel (Version: 2011.0401.2259.39449)
AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449)
ATI Catalyst Install Manager (Version: 3.0.820.0)
avast! Free Antivirus (x32 Version: 9.0.2008)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.95)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.6699)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center InstallProxy (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center Localization All (x32 Version: 2011.0401.2259.39449)
CCC Help Chinese Standard (x32 Version: 2011.0401.2258.39449)
CCC Help Chinese Traditional (x32 Version: 2011.0401.2258.39449)
CCC Help Czech (x32 Version: 2011.0401.2258.39449)
CCC Help Danish (x32 Version: 2011.0401.2258.39449)
CCC Help Dutch (x32 Version: 2011.0401.2258.39449)
CCC Help English (x32 Version: 2011.0401.2258.39449)
CCC Help Finnish (x32 Version: 2011.0401.2258.39449)
CCC Help French (x32 Version: 2011.0401.2258.39449)
CCC Help German (x32 Version: 2011.0401.2258.39449)
CCC Help Greek (x32 Version: 2011.0401.2258.39449)
CCC Help Hungarian (x32 Version: 2011.0401.2258.39449)
CCC Help Italian (x32 Version: 2011.0401.2258.39449)
CCC Help Japanese (x32 Version: 2011.0401.2258.39449)
CCC Help Korean (x32 Version: 2011.0401.2258.39449)
CCC Help Norwegian (x32 Version: 2011.0401.2258.39449)
CCC Help Polish (x32 Version: 2011.0401.2258.39449)
CCC Help Portuguese (x32 Version: 2011.0401.2258.39449)
CCC Help Russian (x32 Version: 2011.0401.2258.39449)
CCC Help Spanish (x32 Version: 2011.0401.2258.39449)
CCC Help Swedish (x32 Version: 2011.0401.2258.39449)
CCC Help Thai (x32 Version: 2011.0401.2258.39449)
CCC Help Turkish (x32 Version: 2011.0401.2258.39449)
ccc-utility64 (Version: 2011.0401.2259.39449)
CCleaner (Version: 4.05)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CyberLink YouCam (x32 Version: 3.5.1.3922)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Evernote v. 4.2.2 (x32 Version: 4.2.2.3979)
ExpressFiles (HKCU Version: 1.7.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
Fast Search (x32 Version: 5.0.1)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
FIFA 11 Demo (x32 Version: 1.0.0.0)
FilesFrog Update Checker (x32)
FLV Player (HKCU Version: 1.0)
Free YouTube Downloader 3.5.128 (x32)
Free YouTube to MP3 Converter version 3.12.1.320 (x32 Version: 3.12.1.320)
FTDownloader (x32 Version: 2.1 Build 26473)
Google Chrome (x32 Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
hosts (x32 Version: 1.28.153.3)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (x32 Version: 4.0.45.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Games (x32 Version: 1.0.2.4)
HP MovieStore (x32 Version: 1.0.047)
HP MovieStore (x32 Version: 2.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.7.2)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP Software Framework (x32 Version: 4.0.110.1)
IDT Audio (x32 Version: 1.0.6327.0)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0003)
Java Auto Updater (x32 Version: 2.0.7.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 35 (x32 Version: 6.0.350)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KMSpico v9.1.0.20131129 (Beta) (Version: 9.1.0.20131129)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
MATLAB R2013a (Version: 8.1)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1005)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Plugin 1.0 (x32 Version: 1.01.100)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
Pando Media Booster (x32 Version: 2.6.0.8)
PDF Settings CS5 (x32 Version: 10.0)
Penguins! (x32 Version: 2.2.0.95)
Picasa 3 (x32 Version: 3.8)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Practice Testing Software 220-702  (x32 Version: 1.0.0)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.1.13.1)
RealDownloader (x32 Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Recovery Manager (x32 Version: 2.0.0)
RocketDock 1.3.5 (x32)
RoxioNow Player (x32 Version: 1.9.5.103)
Setup1 (x32 Version: 1.26.153.2)
Slingo Supreme (x32 Version: 2.2.0.95)
Snap.Do (x32 Version: 1.128.1.11813)
Stellarium 0.11.4 (Version: 0.11.4)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Unity Web Player (HKCU Version: )
Unlocker 1.9.1 (x32 Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
UsbFix By El Desaparecido (x32)
VIO Player version 1.0.1 (x32 Version: 1.0.1)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App for HP (x32 Version: 4.0.10.25)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinZip 17.5 (Version: 17.5.10562)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Xvid Video Codec (x32 Version: 1.3.1)
Zuma Deluxe (x32 Version: 2.2.0.95)
 
==================== Restore Points  =========================
 
06-11-2013 05:18:29 Scheduled Checkpoint
16-11-2013 02:10:36 Scheduled Checkpoint
28-11-2013 10:51:07 Scheduled Checkpoint
03-12-2013 17:07:49 avast! antivirus system restore point
03-12-2013 17:51:42 Installed Microsoft Fix it 50471
 
==================== Hosts content: ==========================
 
2012-06-26 21:45 - 2011-01-27 15:00 - 00001211 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0AE7C1D7-9110-4C0B-B124-28ED1E69AB98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-15] (Facebook Inc.)
Task: {2C361D24-C51C-4C9B-BC9B-972861930BE6} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [2013-03-27] (http://www.express-files.com/)
Task: {32D9784D-9491-48E2-9479-455DD0BCA866} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {38FB4D12-C114-4D86-8395-30EE9B538D7B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {3B467103-1092-42AD-9E85-70E6F8937F81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {4237141F-786F-49E3-9015-49C08828AD84} - System32\Tasks\RNUpgradeHelperResumePrompt_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {442AA9E6-8E3C-4D40-AB7B-81D90D3F7977} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {476E63DE-8274-4CED-A779-1A99C2939FA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {47BDF155-5D16-4375-880F-A21DDF303A3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {54E7661C-D84F-4F4B-AE9F-3A5397BD21D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {5900E569-78D5-4384-88B4-837F5DDB7E12} - System32\Tasks\ReclaimerUpdateXML_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {76E083D8-0334-4BEB-A6D5-CD965A6232E4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-29] ()
Task: {7A0A92BC-1E69-4E52-828D-C7E8B3CCF0AB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {84D84E38-5466-4784-8796-0A3DB19D49EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-03] (AVAST Software)
Task: {9485608B-7DBE-48D8-B547-07F7A1755BAA} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {9DCEE83F-D3D4-4B4E-B782-7D974EA54029} - System32\Tasks\Microsoft Office 15 Sync Maintenance for user-HP-user user-HP => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-13] (Microsoft Corporation)
Task: {A75F0E03-10EA-4EA9-8687-64D7494D4E0D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-15] (Facebook Inc.)
Task: {A8612B67-D145-4F2B-91E5-9C7D2F545241} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {AB44C8AE-3154-4F08-A821-8FA72BBECFDB} - System32\Tasks\HPCeeScheduleForUSER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {ABFEDDAD-99B1-4954-930F-520B54CB60B4} - System32\Tasks\RNUpgradeHelperLogonPrompt_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {C29D9033-D6FC-4A40-B57A-B2CF9674600F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {D90DA100-7C98-4046-A443-A0315F91E6FB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {DA43D912-9E1D-48F4-A9AA-726988992A29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {EDEA0FC9-3FB4-4A1A-9013-D7B2836F3840} - System32\Tasks\ReclaimerUpdateFiles_user => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-28] (RealNetworks, Inc.)
Task: {FD752341-248A-4863-8AB1-7A84D354ADFC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3639331311-3520423502-2070970505-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job => C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-13 06:27 - 2013-11-13 06:27 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-03 13:14 - 2013-12-03 07:36 - 02150912 _____ () C:\Program Files\AVAST Software\Avast\defs\13120300\algo.dll
2013-12-03 13:14 - 2013-12-03 13:14 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-16 00:45 - 2013-11-14 07:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-16 00:45 - 2013-11-14 07:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\Users\user\Desktop\CleanTemp.bat:AFP_Resource
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/03/2013 01:18:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/03/2013 01:17:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5298c262
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff0016052f
Faulting process id: 0x5f4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}
 
Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}
 
Error: (10/01/2013 01:05:05 PM) (Source: Google Update) (User: user-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (10/01/2013 01:04:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2013 01:04:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 10.4.2.0, time stamp: 0x5298c262
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff0016052f
Faulting process id: 0x9c0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}
 
Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}
 
Error: (12/03/2013 11:39:28 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {BD5E8E72-0BE9-49FD-82ED-AECF910790C2}
 
 
System errors:
=============
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Office Service service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (12/03/2013 02:52:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (12/03/2013 02:13:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (12/03/2013 02:12:04 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: 
%%1056
 
Error: (12/03/2013 02:12:04 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (12/03/2013 01:18:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/03/2013 01:17:09 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe10.4.2.05298c262unknown0.0.0.00000000000000000000007ff0016052f5f401cef04b7053fc0cC:\Program Files\KMSpico\Service_KMS.exeunknownbd666daf-5c3e-11e3-aec5-78e3b5573047
 
Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}
 
Error: (10/01/2013 01:07:15 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {B075B142-804B-48C2-827F-A18D49CF4D8E}
 
Error: (10/01/2013 01:05:05 PM) (Source: Google Update)(User: user-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (10/01/2013 01:04:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2013 01:04:47 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe10.4.2.05298c262unknown0.0.0.00000000000000000000007ff0016052f9c001cebec84259a449C:\Program Files\KMSpico\Service_KMS.exeunknown93202f5d-2abb-11e3-b654-78e3b5573047
 
Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}
 
Error: (10/01/2013 11:47:02 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F9187C3-D69B-405A-A9EE-511EE45909F9}
 
Error: (12/03/2013 11:39:28 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {BD5E8E72-0BE9-49FD-82ED-AECF910790C2}
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 3562.9 MB
Available physical RAM: 1723.64 MB
Total Pagefile: 13561.09 MB
Available Pagefile: 11863.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.73 GB) (Free:355.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.74 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (SUPERCAGACUSTSUB) (CDROM) (Total:4.02 GB) (Free:0 GB) UDF
Drive g: (Sameer) (Removable) (Total:1.86 GB) (Free:1.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5D644BB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 

 

 

 

Anything else that you may require, please let me know! Thanks!

 



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:05:58 AM

Posted 03 December 2013 - 05:39 PM

:welcome: to BC forums, silentarts!

Let's do the following...

:step1: Please click on the Windows 7 Start button and then on Control Panel
In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

In the Advanced settings: area, locate the Hidden files and folders category.
Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)
Click Apply and OK at the bottom of the Folder Options window.


:step2: Next, open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt



start
HKLM\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () 
HKLM-x32\...\Runonce: [] -  [x]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () 
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS ()
URLSearchHook: HKLM-x32 - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
URLSearchHook: HKCU - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
SearchScopes: HKLM-x32 - DefaultScope {812288FF-A2C6-4969-8159-20CAA7C8E863} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
C:\Users\user\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce (2).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\user\AppData\Local\Temp\PidGenX.dll
end
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.


:step3: Now, please run USBFix once again.
Make sure the problem USB flash drive is connected to a USB port.
Press: Deletion
When done, the program closes on its own, and a report appears.
>> Please post the UsbFix.txt (Deletion) report in your reply.

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:
Restart your computer.
When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu
Using the arrow keys, select: Safe Mode
Press the Enter key on your keyboard to boot into the selected mode.

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:
Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
When done with USBFix, re-enable your AV!


:step4: Check the flash drive and see if the .vbs file is gone. Post back on its status.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users