Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various startup errors after deleting rasav.exe


  • This topic is locked This topic is locked
17 replies to this topic

#1 Dave100h

Dave100h

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 04 November 2014 - 01:53 PM

Hi there

 

Found rasav.exe running in 30-40 cases on laptop, traced folder and deleted and now can not open Google chrome or internet explorer unless in safe mode.

 

Have tried to run DDS but it will not complete and generate log files.

 

Help appreciated

 

Many thanks

Dave



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 09 November 2014 - 01:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554708 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 14 November 2014 - 02:00 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,559 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:59 AM

Posted 16 November 2014 - 09:49 PM

Do you still require assistance?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 Dave100h

Dave100h
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 17 November 2014 - 01:38 AM

Yes please :-) System is still running slow and google chrome is a nightmare some days, my operating system is Windows Vista Home Basic 32 bit, I do not have any install discs. DDS will still not complete and generate a log.

Thanks


Edited by Dave100h, 17 November 2014 - 01:46 AM.


#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,559 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:59 AM

Posted 17 November 2014 - 01:59 AM

Hi Dave100h, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

If you cannot download the files with your browser, kindly download them to a clean computer and transfer it to your PC and run it from there.

 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
  
  • Required Log(s):
    • Farbar's tool log(s)--
      • FRST.txt
      • Addition.txt
    • RogueKiller Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 Dave100h

Dave100h
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 17 November 2014 - 03:08 AM

Ok the two logs from Farbar as required, but the Roguekiller program scanned and then halted at 40% and would not go any further.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 03
Ran by User (administrator) on USER-PC on 17-11-2014 07:15:30
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files\DC++\DCPlusPlus.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Users\User\AppData\Local\Temp\nslA451.tmp\nsB820.tmp
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\User\AppData\Local\Temp\nslA451.tmp\PEV.DAT
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [snpstd] => C:\Windows\vsnpstd.exe [339968 2005-10-11] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-24] (Google Inc.)
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [movziuz] => rundll32 "C:\Users\User\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [bridockx] => C:\Users\User\AppData\Local\Temp\crtdlu32.exe <===== ATTENTION
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [IofokHoczu] => regsvr32.exe "C:\ProgramData\IofokHoczu\IofokHoczu.dat"
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [WazoNart] => regsvr32.exe "C:\ProgramData\WazoNart\WazoNart.dat"
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [OcoFhfqp] => C:\Users\User\AppData\Local\gywswfhc\ocofhfqp.exe
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [Ylivolama] => "C:\Users\User\AppData\Roaming\Kumiucog\rasav.exe"
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [OodzUsfaq] => regsvr32.exe "C:\ProgramData\OodzUsfaq\OodzUsfaq.dat"
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [DepgOhiyu] => regsvr32.exe "C:\ProgramData\DepgOhiyu\DepgOhiyu.dat"
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [YehhIkyif] => regsvr32.exe "C:\ProgramData\YehhIkyif\YehhIkyif.dat"
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [MotayZamay] => regsvr32.exe "C:\ProgramData\MotayZamay\MotayZamay.dat"
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [PenoMlul] => regsvr32.exe "C:\ProgramData\PenoMlul\PenoMlul.dat"
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\MountPoints2: {77ef59a1-0ea8-11e0-ab97-00238bf1d11c} - I:\Windows\CHECK\DriveNavigator.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{4BB1AE2B-A1F8-4BE1-96C9-1B380B0CC068}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8F5AFB4C-9BED-48AF-91E2-2F68DB932D37}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-03-11]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.co.uk/
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-25]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (WOT) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-03-05]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-25]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-06-02] (Freemake) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [547904 2007-12-13] (Atheros Communications, Inc.)
R2 DLPortIO; C:\Windows\system32\Drivers\DLPortIO.sys [3584 1999-01-10] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 NMRKUSBA; C:\Windows\System32\drivers\nmrkusba.sys [31744 2007-06-20] (Numark) [File not signed]
S3 NMRKUSBU; C:\Windows\System32\Drivers\nmrkusbu.sys [351232 2007-06-20] (Ploytec GmbH) [File not signed]
S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2013-03-18] (Apple, Inc.) [File not signed]
S3 FTDIBUS; system32\drivers\ftdibus.sys [X]
S3 FTSER2K; system32\drivers\ftser2k.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\System32\DRIVERS\ar5211.sys 89873AEBBF0309393F0737E26D891209
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\system32\Drivers\DLPortIO.sys 1D95D36DB805787D54EB50E45ED4AF40
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys A81AB23EDDB4693612014D87367D014C
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys 3F90E001369A07243763BD5A523D8722
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 7EBEC5EB56B90ED65A8BBD91464E5CFB
C:\Windows\System32\drivers\HTTP.sys 0EEECA26C8D4BDE2A4664DB058A81937
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\System32\DRIVERS\igdkmd32.sys 4F2E26D1C15E79CD8FA26EDC79FB08D8
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys 4B9C0F4D4A3ACC535F9771039ECD6365
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\mbam.sys D2DED3C333A5D9CB3F4C244B0F0DD877
C:\Windows\system32\drivers\mwac.sys F341782DC4C0DC1261DFCC0CBA40962C
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 5DA347912FD3AF24D7BFB3DE519D4BD0
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\System32\drivers\msahci.sys 5457DCFA7C0DA43522F4D9D4049C1472
C:\Windows\system32\drivers\msdsm.sys 2C563AEF15B8D0014C36C5F27742AC7B
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\nmrkusba.sys A69211150DDB1DA3F496F7A267736868
C:\Windows\System32\Drivers\nmrkusbu.sys 16B00C1CFDD0F01C835237E6AD048415
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\system32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys 5B6C11DE7E839C05248CED8825470FEF
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys 943B18305EAE3935598A9B4A3D560B4C
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\Rtlh86.sys F875E277A79EF9D6F3AC89ABB557A689
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E5EAFE85815BD89095FEF3144A09AB68
C:\Windows\system32\drivers\sffp_sd.sys 9F66A46C55D6F1CCABC79BB7AFCCC545
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\DRIVERS\snpstd.sys D08D19EE68CB88AB1BC5DA3081505847
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\drivers\usbser.sys 8E6C378A885D6FFDA8F05E8D27B95C0E
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-17 07:15 - 2014-11-17 07:17 - 00030720 _____ () C:\Users\User\Desktop\FRST.txt
2014-11-17 07:14 - 2014-11-17 07:16 - 00000000 ____D () C:\FRST
2014-11-17 07:13 - 2014-11-17 07:13 - 01108992 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-11-17 06:55 - 2014-11-17 07:05 - 145933285 _____ () C:\Users\User\Downloads\The Veronicas - You Ruin Me  (Clean) (Single) (HD).mp4
2014-11-17 06:53 - 2014-11-17 07:01 - 146612435 _____ () C:\Users\User\Downloads\Kendrick Lamar - I  (Clean) (Single) (HD).mp4
2014-11-17 06:48 - 2014-11-17 06:55 - 92686247 _____ () C:\Users\User\Downloads\Kylie Minogue & Jason Donovan - Especially For You  (Clean) (Single).mp4
2014-11-17 06:48 - 2014-11-17 06:54 - 80887616 _____ () C:\Users\User\Downloads\Kylie Minogue - Give Me Just A Little More Time  (Clean) (Single).mp4
2014-11-17 06:48 - 2014-11-17 06:53 - 66481368 _____ () C:\Users\User\Downloads\Kylie Minogue - Tears On My Pillow  (Clean) (Single).mp4
2014-11-17 06:47 - 2014-11-17 06:55 - 81784978 _____ () C:\Users\User\Downloads\Kylie Minogue - Step Back In Time  (Clean) (Single).mp4
2014-11-17 06:47 - 2014-11-17 06:55 - 104637416 _____ () C:\Users\User\Downloads\Kylie Minogue - Celebration  (Clean) (Single).mp4
2014-11-17 06:47 - 2014-11-17 06:54 - 93708053 _____ () C:\Users\User\Downloads\Kylie Minogue - On A Night Like This  (Clean) (Single).mp4
2014-11-17 06:38 - 2014-11-17 06:39 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-11-16 20:08 - 2014-11-16 20:08 - 00017511 _____ () C:\Users\User\Downloads\[ComeRight.in]The Official UK Top 40 Singles Chart 16-11-2014.torrent
2014-11-16 16:44 - 2014-11-16 16:48 - 00000000 ____D () C:\Users\User\Downloads\Tim Wheeler - Lost Domain (2014)  CD - MrStrongHold
2014-11-16 16:43 - 2014-11-16 17:42 - 00000000 ____D () C:\Users\User\Downloads\Stevie Wonder - Number Ones (2007) Flac EAC peaSoup
2014-11-16 16:38 - 2014-11-16 17:25 - 00000000 ____D () C:\Users\User\Downloads\Bob_Seger-Ultimate_Hits_Rock_and_Roll_Never_Forgets-2CD-2011-gF
2014-11-16 16:38 - 2014-11-16 16:51 - 00000000 ____D () C:\Users\User\Downloads\Joell Ortiz – House Slippers (2014)
2014-11-16 16:15 - 2014-11-16 16:15 - 00013768 _____ () C:\Users\User\Downloads\[ComeRight.in]Joell Ortiz – House Slippers (2014).torrent
2014-11-16 16:14 - 2014-11-16 16:14 - 00019699 _____ () C:\Users\User\Downloads\[ComeRight.in]Bob_Seger-Ultimate_Hits_Rock_and_Roll_Never_Forgets-2CD-2011-gF.torrent
2014-11-16 16:13 - 2014-11-16 16:13 - 00019539 _____ () C:\Users\User\Downloads\[ComeRight.in]Tim Wheeler - Lost Domain (2014)  CD - MrStrongHold.torrent
2014-11-16 16:13 - 2014-11-16 16:13 - 00012608 _____ () C:\Users\User\Downloads\[ComeRight.in]Darius_Rucker-Home_For_The_Holidays-CD-FLAC-2014-FORSAKEN.torrent
2014-11-16 16:12 - 2014-11-16 16:32 - 00000000 ____D () C:\Users\User\Downloads\VA - Absolute High-Energy Volume 2 (2003)
2014-11-16 16:12 - 2014-11-16 16:27 - 00000000 ____D () C:\Users\User\Downloads\VA - Absolute High-Energy Volume 3 (2004)
2014-11-16 16:12 - 2014-11-16 16:13 - 00000000 ____D () C:\Users\User\Downloads\VA - Absolute High-Energy Volume 1 (2002)
2014-11-16 16:12 - 2014-11-16 16:12 - 00012342 _____ () C:\Users\User\Downloads\[ComeRight.in]Stevie Wonder - Number Ones (2007) Flac EAC peaSoup.torrent
2014-11-16 16:11 - 2014-11-16 16:11 - 00016648 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Absolute High-Energy Volume 2 (2003).torrent
2014-11-16 16:11 - 2014-11-16 16:11 - 00016418 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Absolute High-Energy Volume 1 (2002).torrent
2014-11-16 16:11 - 2014-11-16 16:11 - 00015587 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Absolute High-Energy Volume 3 (2004).torrent
2014-11-16 08:15 - 2014-11-16 20:16 - 00000000 ____D () C:\Users\User\Downloads\Mastermix DJ Beats Chart Volume 13 October 2014
2014-11-16 07:33 - 2014-11-16 07:39 - 00000000 ____D () C:\Users\User\Downloads\[REQ]  Now  Thats  What I Call Music  88 - Various
2014-11-16 07:32 - 2014-11-16 07:32 - 00018606 _____ () C:\Users\User\Downloads\[ComeRight.in][REQ]  Now  Thats  What I Call Music  88 - Various.torrent
2014-11-16 07:31 - 2014-11-16 07:31 - 00022441 _____ () C:\Users\User\Downloads\[ComeRight.in]Various - 2000 - More Greatest Hits Of The 80s 8CD (1).torrent
2014-11-16 07:30 - 2014-11-16 07:35 - 93316949 _____ () C:\Users\User\Downloads\Amy Winehouse - Stronger Than Me  (Clean) (Single).mp4
2014-11-15 14:16 - 2014-11-15 15:32 - 00000000 ____D () C:\Users\User\Downloads\Alias Bar Release MP3 Week 7
2014-11-15 14:15 - 2014-11-15 15:06 - 00000000 ____D () C:\Users\User\Downloads\Various - 2000 - More Greatest Hits Of The 80s 8CD
2014-11-15 14:15 - 2014-11-15 14:15 - 00074030 _____ () C:\Users\User\Downloads\[ComeRight.in]Alias Bar Release MP3 Week 7.torrent
2014-11-15 14:14 - 2014-11-15 14:14 - 00022441 _____ () C:\Users\User\Downloads\[ComeRight.in]Various - 2000 - More Greatest Hits Of The 80s 8CD.torrent
2014-11-15 07:49 - 2014-11-15 07:56 - 141109663 _____ () C:\Users\User\Downloads\Spandau Ballet - Through The Barricades  (Clean) (Single).mp4
2014-11-15 07:49 - 2014-11-15 07:55 - 115460947 _____ () C:\Users\User\Downloads\James Ingram & Michael MacDonald - Yah Mo B There  (Clean) (Single).mp4
2014-11-15 07:47 - 2014-11-15 07:54 - 128921892 _____ () C:\Users\User\Downloads\David Guetta ft Sam Martin - Dangerous  (Clean) (Single) (HD).mp4
2014-11-15 07:47 - 2014-11-15 07:52 - 88582206 _____ () C:\Users\User\Downloads\Lily Allen - Not Fair  (Clean) (Single).mp4
2014-11-15 00:23 - 2014-11-15 00:38 - 00000000 ____D () C:\Users\User\Downloads\VA-The.Hunger.Games-Mockingjay-Part.1.320kbps-2014
2014-11-15 00:23 - 2014-11-15 00:35 - 00000000 ____D () C:\Users\User\Downloads\Various - 2010 - Haynes - Dad - Ultimate Guide To Rock 3CD
2014-11-15 00:21 - 2014-11-15 00:41 - 00000000 ____D () C:\Users\User\Downloads\Various - 2011 - Haynes Ultimate Guide To Country 2CD
2014-11-15 00:20 - 2014-11-15 00:20 - 00020658 _____ () C:\Users\User\Downloads\[ComeRight.in]VA-The.Hunger.Games-Mockingjay-Part.1.320kbps-2014.torrent
2014-11-15 00:20 - 2014-11-15 00:20 - 00015411 _____ () C:\Users\User\Downloads\[ComeRight.in]Various - 2010 - Haynes - Dad - Ultimate Guide To Rock 3CD.torrent
2014-11-15 00:19 - 2014-11-15 01:02 - 00000000 ____D () C:\Users\User\Downloads\Bruce_Springsteen-The_Album_Collection_Vol_1_1973-1984-(Remastered)-8CD-2014-404
2014-11-15 00:19 - 2014-11-15 00:23 - 00000000 ____D () C:\Users\User\Downloads\Manfred Mann - World of Mann The Very Best of...(2006)
2014-11-15 00:19 - 2014-11-15 00:19 - 00015663 _____ () C:\Users\User\Downloads\[ComeRight.in]PVRIS - White Noise (2014).torrent
2014-11-15 00:19 - 2014-11-15 00:19 - 00015233 _____ () C:\Users\User\Downloads\[ComeRight.in]Manfred Mann - World of Mann The Very Best of...(2006).torrent
2014-11-15 00:19 - 2014-11-15 00:19 - 00015019 _____ () C:\Users\User\Downloads\[ComeRight.in]Various - 2011 - Haynes Ultimate Guide To Country 2CD.torrent
2014-11-15 00:19 - 2014-11-15 00:19 - 00000000 ____D () C:\Users\User\Downloads\PVRIS - White Noise (2014)
2014-11-15 00:18 - 2014-11-15 00:50 - 00000000 ____D () C:\Users\User\Downloads\VA - Now That's What I Call Music 89 2014 Pre-release MP3
2014-11-15 00:18 - 2014-11-15 00:18 - 00019198 _____ () C:\Users\User\Downloads\[ComeRight.in]Bruce_Springsteen-The_Album_Collection_Vol_1_1973-1984-(Remastered)-8CD-2014-404.torrent
2014-11-15 00:18 - 2014-11-15 00:18 - 00019173 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Now That's What I Call Music 89 2014 Pre-release MP3.torrent
2014-11-15 00:17 - 2014-11-15 00:18 - 00000000 ____D () C:\Users\User\Downloads\The Potato Pirates – Raised Better Than This (2014)
2014-11-15 00:17 - 2014-11-15 00:17 - 00012429 _____ () C:\Users\User\Downloads\[ComeRight.in]The Potato Pirates – Raised Better Than This (2014).torrent
2014-11-14 12:46 - 2014-11-14 12:46 - 15392612 _____ () C:\Users\User\Downloads\1962_022[CD_s] - Chubby Checker - Limbo Rock [2.22 MK57].flac
2014-11-14 12:14 - 2014-11-14 12:14 - 17624221 _____ () C:\Users\User\Downloads\15 - War - Low Rider.flac
2014-11-14 11:51 - 2014-11-14 11:51 - 13216372 _____ () C:\Users\User\Downloads\21  The Champs - Limbo Rock.flac
2014-11-14 11:37 - 2014-11-14 11:37 - 10559605 _____ () C:\Users\User\Downloads\06 - Banana Boat Song.flac
2014-11-14 11:25 - 2014-11-14 11:25 - 17314506 _____ () C:\Users\User\Downloads\10 - Mary Ann Limbo.flac
2014-11-14 11:11 - 2014-11-14 11:11 - 15644079 _____ () C:\Users\User\Downloads\14 - Frankie Anderson - The Limbo Song.flac
2014-11-14 11:11 - 2014-11-14 11:11 - 13568723 _____ () C:\Users\User\Downloads\1963_171[CD_s] - Chubby Checker - Let's Limbo Some More [2.10 SMJ].flac
2014-11-14 07:17 - 2014-11-14 08:34 - 00000000 ____D () C:\Users\User\Downloads\VA - Mastermix Pro Disc 173 November (2014)
2014-11-14 07:16 - 2014-11-14 07:35 - 00000000 ____D () C:\Users\User\Downloads\VA - Mastermix Pro Dance 82 November (2014)
2014-11-14 07:16 - 2014-11-14 07:16 - 00016752 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Mastermix Pro Disc 173 November (2014).torrent
2014-11-14 07:16 - 2014-11-14 07:16 - 00014960 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Mastermix Pro Dance 82 November (2014).torrent
2014-11-14 07:15 - 2014-11-14 07:15 - 00014860 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Mastermix Grandmaster 2014 Part 2 And DJ Set 28.torrent
2014-11-14 07:14 - 2014-11-14 07:14 - 00012201 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Mastermix Extended Floorfillers Chart Hits 11 (2014).torrent
2014-11-14 07:13 - 2014-11-14 07:13 - 00015824 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - DMC Dance Mixes 123 November (2014).torrent
2014-11-14 07:11 - 2014-11-14 07:11 - 00015697 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - DMC Dance Extra Mixes 83 November (2014).torrent
2014-11-13 22:44 - 2014-11-13 22:46 - 00000000 ____D () C:\Users\User\Downloads\Pink_Floyd-The_Endless_River-CD-2014-LAMERz
2014-11-13 22:43 - 2014-11-13 22:43 - 00016712 _____ () C:\Users\User\Downloads\[ComeRight.in]Pink_Floyd-The_Endless_River-CD-2014-LAMERz.torrent
2014-11-13 16:35 - 2014-11-13 16:40 - 114284422 _____ () C:\Users\User\Downloads\Robin Thicke ft T.I. & Pharrell - Blurred Lines (XXX)  (Dirty) (Single) (HD).mp4
2014-11-13 15:41 - 2014-11-13 15:49 - 173985396 _____ () C:\Users\User\Downloads\Robin Thicke ft T.I. & Pharrell - Blurred Lines  (Dirty) (Single) (HD).mp4
2014-11-12 23:44 - 2014-11-13 00:04 - 00000000 ____D () C:\Users\User\Downloads\Absolute Christmas Collection (Top 100)
2014-11-12 23:43 - 2014-11-12 23:46 - 00000000 ____D () C:\Users\User\Downloads\Damien Rice - My Favourite Faded Fantasy
2014-11-12 23:43 - 2014-11-12 23:43 - 00021250 _____ () C:\Users\User\Downloads\[ComeRight.in]Absolute Christmas Collection (Top 100).torrent
2014-11-12 23:42 - 2014-11-12 23:42 - 00020463 _____ () C:\Users\User\Downloads\[ComeRight.in]Damien Rice - My Favourite Faded Fantasy.torrent
2014-11-12 09:59 - 2014-11-12 10:00 - 00000000 ____D () C:\Users\User\Downloads\VA - Sweet Chocolate Chill, Vol. 1 (Relaxing Chill out Tunes for Sweet Moments)
2014-11-12 09:57 - 2014-11-12 09:57 - 00021410 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Sweet Chocolate Chill, Vol. 1 (Relaxing Chill out Tunes for Sweet Moments).torrent
2014-11-11 22:54 - 2014-11-11 23:05 - 06764524 _____ () C:\Users\User\Downloads\Olly Murs - Wrapped Up (feat. Travie McCoy) [iTunes Purchased AAC M4A] By - iZoheb.m4a
2014-11-11 22:53 - 2014-11-11 22:53 - 00008804 _____ () C:\Users\User\Downloads\Olly+Murs+-+Wrapped+Up+%28feat.+Travie+McCoy%29+%5BiTunes+Purchased+AAC+M4A%5D+By+-+iZoheb.m4a.torrent
2014-11-11 20:40 - 2014-11-11 20:53 - 00000000 ____D () C:\Users\User\Downloads\Queen - 1984 - Thank God It's Christmas
2014-11-11 20:40 - 2014-11-11 20:44 - 00000000 ____D () C:\Users\User\Downloads\Katy B - Little Red 2014
2014-11-11 20:40 - 2014-11-11 20:40 - 00082475 _____ () C:\Users\User\Downloads\[ComeRight.in]weekly new mp3 - week 45.torrent
2014-11-11 20:40 - 2014-11-11 20:40 - 00015583 _____ () C:\Users\User\Downloads\[ComeRight.in]Katy B - Little Red 2014.torrent
2014-11-11 20:39 - 2014-11-11 20:40 - 00000000 ____D () C:\Users\User\Downloads\Paul Taylor - Tenacity [2014]
2014-11-11 20:39 - 2014-11-11 20:39 - 00015047 _____ () C:\Users\User\Downloads\[ComeRight.in]Queen - 1984 - Thank God It's Christmas.torrent
2014-11-11 20:38 - 2014-11-11 20:38 - 00017951 _____ () C:\Users\User\Downloads\[ComeRight.in]Paul Taylor - Tenacity [2014].torrent
2014-11-11 13:08 - 2014-11-11 13:08 - 00054998 _____ () C:\Users\User\Downloads\[ComeRight.in]R3V MP3 WEEK 45 2014.torrent
2014-11-11 10:16 - 2014-11-17 06:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 10:16 - 2014-11-11 10:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-11 10:16 - 2014-11-11 10:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-10 21:45 - 2014-11-10 21:45 - 00010503 _____ () C:\Users\User\Downloads\Madeon+-+Imperium+%28Single+-+320+kbps%29.torrent
2014-11-10 21:43 - 2014-11-10 21:43 - 00020320 _____ () C:\Users\User\Downloads\Henry+Krinkle+-+Stay+%5BSingle-2012%5D.torrent
2014-11-10 21:42 - 2014-11-10 21:43 - 00000000 ____D () C:\Users\User\Downloads\The Script - No Good In Goodbye (2014) [320 KBPS]
2014-11-10 21:41 - 2014-11-10 21:41 - 00014232 _____ () C:\Users\User\Downloads\The+Script+-+No+Good+In+Goodbye+%282014%29+%5B320+KBPS%5D.torrent
2014-11-10 21:23 - 2014-11-10 21:23 - 00013143 _____ () C:\Users\User\Downloads\The+Script+-+No+Good+In+Goodbye+%7B2014-Single%7D.torrent
2014-11-09 22:35 - 2014-11-09 23:52 - 00000000 ____D () C:\Users\User\Downloads\T Rex - The Albums Collection (2014) 10CD Box Set
2014-11-09 22:35 - 2014-11-09 22:35 - 00028903 _____ () C:\Users\User\Downloads\[ComeRight.in]T Rex - The Albums Collection (2014) 10CD Box Set.torrent
2014-11-09 22:34 - 2014-11-09 22:34 - 00017581 _____ () C:\Users\User\Downloads\[ComeRight.in]The Official UK Top 40 Singles Chart 09-11-2014.torrent
2014-11-09 22:33 - 2014-11-09 22:33 - 00019387 _____ () C:\Users\User\Downloads\[ComeRight.in]SF345 - Sunfly Hits November 2014.torrent
2014-11-09 13:12 - 2014-11-09 13:13 - 00000000 ____D () C:\Users\User\Downloads\VA-Merry Xmas (2014)
2014-11-09 13:11 - 2014-11-09 13:11 - 00016895 _____ () C:\Users\User\Downloads\[ComeRight.in]VA-Merry Xmas (2014).torrent
2014-11-09 13:10 - 2014-11-09 13:10 - 00058101 _____ () C:\Users\User\Downloads\[ComeRight.in]Kindle Books - New Releases and Others - Nov Week Two 131 Books.torrent
2014-11-07 11:23 - 2014-11-07 11:23 - 00013503 _____ () C:\Users\User\Downloads\[ComeRight.in]Kindle Book - Guiness World Records 2015.torrent
2014-11-07 09:50 - 2014-11-07 09:50 - 00012153 _____ () C:\Users\User\Downloads\[ComeRight.in]Guinness World Records 2015 - Mantesh.torrent
2014-11-07 06:37 - 2014-11-07 06:37 - 00000000 ____D () C:\Users\User\Downloads\PRO DANCE VOL 82
2014-11-07 06:26 - 2014-11-07 06:27 - 00000000 ____D () C:\Users\User\Downloads\Simple Minds - Big Music - Covers
2014-11-07 06:26 - 2014-11-07 06:26 - 00001091 _____ () C:\Users\User\Downloads\[ComeRight.in]Simple Minds - Big Music - Covers.torrent
2014-11-06 22:54 - 2014-11-06 23:24 - 00000000 ____D () C:\Users\User\Downloads\Annie Mac Presents 2014
2014-11-06 22:51 - 2014-11-06 22:58 - 00000000 ____D () C:\Users\User\Downloads\Simple Minds - Big Music 2014
2014-11-06 22:51 - 2014-11-06 22:51 - 00064316 _____ () C:\Users\User\Downloads\[ComeRight.in]R3V MP3 WEEK 44 2014.torrent
2014-11-06 22:51 - 2014-11-06 22:51 - 00020285 _____ () C:\Users\User\Downloads\[ComeRight.in]Simple Minds - Big Music 2014.torrent
2014-11-06 22:51 - 2014-11-06 22:51 - 00013733 _____ () C:\Users\User\Downloads\[ComeRight.in]Annie Mac Presents 2014.torrent
2014-11-06 22:50 - 2014-11-06 22:51 - 00000000 ____D () C:\Users\User\Downloads\Pink Floyd - The Endless River (2014) [V0]
2014-11-06 22:50 - 2014-11-06 22:50 - 00016438 _____ () C:\Users\User\Downloads\[ComeRight.in]Pink Floyd - The Endless River (2014) [V0].torrent
2014-11-06 17:11 - 2014-11-06 17:18 - 00000000 ____D () C:\Users\User\Downloads\VA-Now Thats What I Call Music 52
2014-11-06 17:11 - 2014-11-06 17:11 - 00015651 _____ () C:\Users\User\Downloads\[ComeRight.in]VA-Now Thats What I Call Music 52.torrent
2014-11-06 13:08 - 2014-11-06 13:32 - 00000000 ____D () C:\Users\User\Downloads\Mash Up Fever  Vol .1 (2014)
2014-11-06 13:07 - 2014-11-06 13:07 - 00017656 _____ () C:\Users\User\Downloads\[ComeRight.in]Mash Up Fever  Vol .1 (2014).torrent
2014-11-06 11:49 - 2014-11-06 12:33 - 00000000 ____D () C:\Users\User\Downloads\Mash Up Fever  Vol. 2 (2014)
2014-11-06 11:48 - 2014-11-06 11:48 - 00019053 _____ () C:\Users\User\Downloads\[ComeRight.in]Mash Up Fever  Vol. 2 (2014).torrent
2014-11-06 11:23 - 2014-11-06 11:42 - 00000000 ____D () C:\Users\User\Downloads\The Byrds - Byrdmaniax 1971 [Expanded & Remastered] (2014)
2014-11-06 11:22 - 2014-11-06 11:22 - 00012298 _____ () C:\Users\User\Downloads\[ComeRight.in]The Byrds - Byrdmaniax 1971 [Expanded & Remastered] (2014).torrent
2014-11-06 11:21 - 2014-11-06 11:24 - 00000000 ____D () C:\Users\User\Downloads\The Byrds - Farther Along 1971 [Expanded & Remastered] (2014)
2014-11-06 11:20 - 2014-11-06 11:20 - 00012475 _____ () C:\Users\User\Downloads\[ComeRight.in]The Byrds - Farther Along 1971 [Expanded & Remastered] (2014).torrent
2014-11-06 11:19 - 2014-11-06 11:31 - 00000000 ____D () C:\Users\User\Downloads\VA - Club Mix Vol 01( 2014)
2014-11-06 11:18 - 2014-11-06 11:18 - 00021003 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Club Mix Vol 01( 2014).torrent
2014-11-06 11:17 - 2014-11-06 12:00 - 00000000 ____D () C:\Users\User\Downloads\Clubland 26 2014
2014-11-06 11:17 - 2014-11-06 11:30 - 00000000 ____D () C:\Users\User\Downloads\Ella_Henderson-Chapter_One-(Deluxe_Edition)-2014-gnvr
2014-11-06 11:17 - 2014-11-06 11:17 - 00020585 _____ () C:\Users\User\Downloads\[ComeRight.in]Ella_Henderson-Chapter_One-(Deluxe_Edition)-2014-gnvr.torrent
2014-11-06 11:16 - 2014-11-06 11:16 - 00014607 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Hed Kandi The Mix 2015 (2014).torrent
2014-11-06 11:15 - 2014-11-06 12:41 - 00000000 ____D () C:\Users\User\Downloads\Calvin Harris - Motion Flac.z
2014-11-06 11:15 - 2014-11-06 12:17 - 00000000 ____D () C:\Users\User\Downloads\Weekend_Beats_-_Ibiza_Vol__1_Finest_White_Isle_Deep_Chilled_House_Grooves
2014-11-06 11:15 - 2014-11-06 11:16 - 00000000 ____D () C:\Users\User\Downloads\Studio Killers - Studio Killers (2013)
2014-11-06 11:15 - 2014-11-06 11:15 - 00024899 _____ () C:\Users\User\Downloads\[ComeRight.in]Clubland 26 2014.torrent
2014-11-06 11:14 - 2014-11-06 11:14 - 00016137 _____ () C:\Users\User\Downloads\[ComeRight.in]Weekend_Beats_-_Ibiza_Vol__1_Finest_White_Isle_Deep_Chilled_House_Grooves.torrent
2014-11-06 11:13 - 2014-11-06 12:05 - 00000000 ____D () C:\Users\User\Downloads\VA - Let It Snow - The Best Of Christmas (2014)
2014-11-06 11:13 - 2014-11-06 11:13 - 00021219 _____ () C:\Users\User\Downloads\[ComeRight.in]Calvin Harris - Motion Flac.z.torrent
2014-11-06 11:13 - 2014-11-06 11:13 - 00017558 _____ () C:\Users\User\Downloads\[ComeRight.in]Studio Killers - Studio Killers (2013).torrent
2014-11-06 11:12 - 2014-11-06 12:37 - 00000000 ____D () C:\Users\User\Downloads\The Ultimate Collection 70's School Days
2014-11-06 11:12 - 2014-11-06 11:12 - 00013844 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Let It Snow - The Best Of Christmas (2014).torrent
2014-11-06 11:11 - 2014-11-06 11:11 - 00032222 _____ () C:\Users\User\Downloads\[ComeRight.in]The Ultimate Collection 70's School Days.torrent
2014-11-06 11:09 - 2014-11-06 11:09 - 00066529 _____ () C:\Users\User\Downloads\[ComeRight.in]new weekly mp3 - week 44.torrent
2014-11-06 11:08 - 2014-11-06 11:56 - 00000000 ____D () C:\Users\User\Downloads\VA-Big_Box_of_Rockabilly-6CD-2014-gF
2014-11-06 11:07 - 2014-11-06 12:46 - 00000000 ____D () C:\Users\User\Downloads\Rewind The 80's Album 320Kbs
2014-11-06 11:07 - 2014-11-06 11:24 - 00000000 ____D () C:\Users\User\Downloads\VA - 90s Party VIVA Legends (2014)
2014-11-06 11:07 - 2014-11-06 11:09 - 00000000 ____D () C:\Users\User\Downloads\VA - Yes! This Is What I Call Southern Soul Xmas (2014) mp3
2014-11-06 11:07 - 2014-11-06 11:08 - 00000000 ____D () C:\Users\User\Downloads\You+Me - Rose Ave. (2014) [320]
2014-11-06 11:07 - 2014-11-06 11:07 - 00029490 _____ () C:\Users\User\Downloads\[ComeRight.in]VA-Big_Box_of_Rockabilly-6CD-2014-gF.torrent
2014-11-06 11:07 - 2014-11-06 11:07 - 00012062 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Yes! This Is What I Call Southern Soul Xmas (2014) mp3.torrent
2014-11-06 11:05 - 2014-11-06 11:05 - 00020170 _____ () C:\Users\User\Downloads\[ComeRight.in]Rewind The 80's Album 320Kbs.torrent
2014-11-06 11:05 - 2014-11-06 11:05 - 00015365 _____ () C:\Users\User\Downloads\[ComeRight.in]You+Me - Rose Ave. (2014) [320].torrent
2014-11-06 11:03 - 2014-11-06 12:01 - 00000000 ____D () C:\Users\User\Downloads\Time Life - 80s Music Explosion (10 CD)
2014-11-06 11:03 - 2014-11-06 11:03 - 00030414 _____ () C:\Users\User\Downloads\[ComeRight.in]Time Life - 80s Music Explosion (10 CD).torrent
2014-11-06 11:03 - 2014-11-06 11:03 - 00017605 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - 90s Party VIVA Legends (2014).torrent
2014-11-06 11:02 - 2014-11-06 11:27 - 00000000 ____D () C:\Users\User\Downloads\Get_Wise-The_Nightlife-CD-FLAC-2014-DeVOiD
2014-11-06 11:02 - 2014-11-06 11:26 - 00000000 ____D () C:\Users\User\Downloads\The Byrds - Ballad Of Easy Rider 1969 [Expanded & Remastered] (2014)
2014-11-06 11:02 - 2014-11-06 11:10 - 00000000 ____D () C:\Users\User\Downloads\Top 30 Country Nov 4, 2014
2014-11-06 11:02 - 2014-11-06 11:08 - 00000000 ____D () C:\Users\User\Downloads\Madness - One Step Beyond 35th Anniversary 2014
2014-11-06 11:02 - 2014-11-06 11:06 - 00000000 ____D () C:\Users\User\Downloads\The Byrds - (Untitled) 1970 [Expanded & Remastered] (2014)
2014-11-06 11:02 - 2014-11-06 11:02 - 00000000 ____D () C:\Users\User\Downloads\Hilary Scott - Freight Train Love (2014) mp3
2014-11-06 11:01 - 2014-11-06 11:04 - 00000000 ____D () C:\Users\User\Downloads\Thompson Twins - Remixes & Rarities (2014) 2CD
2014-11-06 11:01 - 2014-11-06 11:01 - 00016399 _____ () C:\Users\User\Downloads\[ComeRight.in]Get_Wise-The_Nightlife-CD-FLAC-2014-DeVOiD.torrent
2014-11-06 11:01 - 2014-11-06 11:01 - 00014842 _____ () C:\Users\User\Downloads\[ComeRight.in]Top 30 Country Nov 4, 2014.torrent
2014-11-06 11:00 - 2014-11-06 11:00 - 00015196 _____ () C:\Users\User\Downloads\[ComeRight.in]Hilary Scott - Freight Train Love (2014) mp3.torrent
2014-11-06 10:59 - 2014-11-06 10:59 - 00015386 _____ () C:\Users\User\Downloads\[ComeRight.in]The Byrds - Ballad Of Easy Rider 1969 [Expanded & Remastered] (2014).torrent
2014-11-06 10:59 - 2014-11-06 10:59 - 00013523 _____ () C:\Users\User\Downloads\[ComeRight.in]The Byrds - (Untitled) 1970 [Expanded & Remastered] (2014).torrent
2014-11-06 10:58 - 2014-11-06 10:58 - 00017015 _____ () C:\Users\User\Downloads\[ComeRight.in]Madness - One Step Beyond 35th Anniversary 2014.torrent
2014-11-06 10:57 - 2014-11-06 10:57 - 00017799 _____ () C:\Users\User\Downloads\[ComeRight.in]Thompson Twins - Remixes & Rarities (2014) 2CD.torrent
2014-11-06 06:31 - 2014-11-06 06:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-06 06:28 - 2014-11-06 06:30 - 165507544 _____ () C:\Users\User\Desktop\setup_11.0.3.8.x01_2014_11_06_07_28.exe
2014-11-05 20:46 - 2014-11-06 10:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 20:45 - 2014-11-05 20:45 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-05 20:45 - 2014-11-05 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 20:45 - 2014-11-05 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 20:45 - 2014-11-05 20:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-05 20:45 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-05 20:45 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-05 20:45 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-05 20:44 - 2014-11-05 20:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-05 20:30 - 2014-11-06 10:29 - 00000000 ____D () C:\ProgramData\KoqebUqull
2014-11-05 20:30 - 2014-11-05 20:30 - 00000000 ____D () C:\ProgramData\PenoMlul
2014-11-05 20:23 - 2014-11-05 20:25 - 00000000 ____D () C:\Users\User\Documents\RegRun2
2014-11-05 20:23 - 2014-11-05 20:23 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-11-05 20:22 - 2014-11-05 20:27 - 00000000 ____D () C:\Program Files\UnHackMe
2014-11-05 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-11-05 15:35 - 2014-11-05 15:37 - 00000000 ____D () C:\AdwCleaner
2014-11-05 15:30 - 2014-11-05 15:30 - 00000000 ____D () C:\Windows\ERUNT
2014-11-05 15:20 - 2014-11-05 20:40 - 00001553 _____ () C:\Users\User\Desktop\Computer.lnk
2014-11-05 15:20 - 2014-11-05 20:40 - 00000288 _____ () C:\Users\User\AppData\Roaming\E74A2C92.reg
2014-11-05 08:38 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\YehhIkyif
2014-11-05 08:38 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\MotayZamay
2014-11-05 00:06 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\DepgOhiyu
2014-11-05 00:06 - 2014-11-05 00:06 - 00000000 ____D () C:\ProgramData\OodzUsfaq
2014-11-04 10:25 - 2014-11-05 22:00 - 00000000 ____D () C:\Users\User\AppData\Local\gywswfhc
2014-11-04 10:06 - 2014-11-04 10:06 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-04 10:06 - 2014-11-04 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-04 10:04 - 2014-11-05 21:59 - 00000000 _____ () C:\Users\User\AppData\Local\gqgbqgre.log
2014-11-04 08:10 - 2014-11-05 21:40 - 135456421 _____ () C:\Users\User\AppData\Local\wwhylxbr.log
2014-11-04 04:45 - 2014-11-05 21:55 - 01077377 _____ () C:\Users\User\AppData\Local\kpqlvnef.log
2014-11-04 04:45 - 2014-11-05 11:01 - 00375476 _____ () C:\Users\User\AppData\Local\rbdpkbfc.log
2014-11-04 04:45 - 2014-11-05 11:01 - 00002737 _____ () C:\Users\User\AppData\Local\pijvxcxy.log
2014-11-04 04:45 - 2014-11-05 06:16 - 00000217 _____ () C:\Users\User\AppData\Local\vpsfpkcd.log
2014-11-04 04:45 - 2014-11-04 04:45 - 00001143 _____ () C:\Users\User\AppData\Local\rwenlwsl.log
2014-11-04 04:44 - 2014-11-05 06:16 - 00000054 _____ () C:\Users\User\AppData\Local\iygmjfgg.log
2014-11-04 04:44 - 2014-11-04 04:44 - 00000000 _____ () C:\Users\User\AppData\Local\iykwibgw.log
2014-11-04 04:44 - 2014-11-04 04:44 - 00000000 _____ () C:\Users\User\AppData\Local\ecwhqgdl.log
2014-11-04 04:43 - 2014-11-05 21:59 - 00000028 _____ () C:\Users\User\AppData\Local\ictifjtr.log
2014-11-04 04:43 - 2014-11-04 04:44 - 00595440 _____ () C:\Users\User\AppData\Local\jsbvxgbo.log
2014-11-04 04:43 - 2014-11-04 04:43 - 00000064 _____ () C:\ProgramData\vdcddxbs.log
2014-11-03 20:24 - 2014-11-03 20:24 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-03 18:42 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\WazoNart
2014-11-03 18:41 - 2014-11-05 22:00 - 00000000 ____D () C:\ProgramData\IofokHoczu
2014-11-03 14:47 - 2014-11-03 14:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oracle
2014-11-03 14:45 - 2014-11-03 14:45 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-03 14:45 - 2014-11-03 14:44 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-03 14:44 - 2014-11-03 14:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-03 14:44 - 2014-11-03 14:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-03 14:44 - 2014-11-03 14:44 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-03 14:44 - 2014-11-03 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-03 14:44 - 2014-11-03 14:44 - 00000000 ____D () C:\Program Files\Java
2014-11-03 13:50 - 2014-11-03 14:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Quxame
2014-11-03 13:46 - 2014-11-06 10:29 - 00000000 ____D () C:\ProgramData\KuwrOhye
2014-11-03 13:46 - 2014-11-06 10:29 - 00000000 ____D () C:\ProgramData\HuhmOzhur
2014-11-03 13:46 - 2014-11-05 20:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-03 12:34 - 2014-11-03 12:34 - 00014777 _____ () C:\Users\User\Downloads\[ComeRight.in]New Funky House 143.torrent
2014-11-02 20:33 - 2014-11-02 20:33 - 00009236 _____ () C:\Users\User\Downloads\Jack+U+Official-TAKE+U+THERE+%28Feat.+Kiesza%29.mp3.torrent
2014-11-02 20:31 - 2014-11-02 20:37 - 11977023 _____ () C:\Users\User\Downloads\01 Gold Skies (feat. Aleesia).m4a
2014-11-02 20:31 - 2014-11-02 20:31 - 00015362 _____ () C:\Users\User\Downloads\Sander+van+Doorn%2C+Martin+Garrix+%26+DVBBS+-+Gold+Skies+%28feat.+Aleesia%29+%5BiTunes+Version%5D+%5B256Kbps%5D+%5B2014%5D.torrent
2014-11-02 20:11 - 2014-11-02 20:11 - 06797734 _____ () C:\Users\User\Downloads\12 Open Wide (feat. Big Sean).m4a
2014-11-02 20:10 - 2014-11-02 20:10 - 00009024 _____ () C:\Users\User\Downloads\Calvin+Harris+-+Open+Wide+%28feat.+Big+Sean%29+%5BPre-Ordered+Single%5D+%5BiTunes+Version%5D+%5B256Kbps%5D+%5B2014%5D.torrent
2014-11-02 19:34 - 2014-11-02 19:34 - 00017523 _____ () C:\Users\User\Downloads\[ComeRight.in]The Official UK Top 40 Singles Chart 02-11-2014.torrent
2014-11-02 15:18 - 2014-11-02 15:18 - 00000000 ____D () C:\Users\User\Downloads\The Golden Age Of American Rock 'n' Roll (18 CDs)
2014-11-02 15:07 - 2014-11-02 15:07 - 00159305 _____ () C:\Users\User\Downloads\[ComeRight.in]The Golden Age Of American Rock 'n' Roll (18 CDs).torrent
2014-11-02 02:13 - 2014-11-02 02:17 - 00000000 ____D () C:\Users\User\Downloads\VA - NRJ Total Hits 2014
2014-11-02 02:12 - 2014-11-02 02:12 - 00016829 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - NRJ Total Hits 2014.torrent
2014-11-01 13:15 - 2014-11-01 13:15 - 00114427 _____ () C:\Users\User\Downloads\[ComeRight.in]Kindle Books - New Releases and Others - Nov Week One 237 Books.torrent
2014-10-30 15:41 - 2014-10-30 15:41 - 00002124 _____ () C:\Users\User\Downloads\[ComeRight.in]Smash Hits  Annual.torrent
2014-10-29 08:04 - 2014-10-29 08:29 - 00000000 ____D () C:\Users\User\Downloads\VA - Rock Classics - Best Of Classic Rock (2014)
2014-10-29 08:03 - 2014-10-29 08:03 - 00015960 _____ () C:\Users\User\Downloads\[ComeRight.in]VA - Rock Classics - Best Of Classic Rock (2014).torrent
2014-10-28 20:07 - 2014-10-28 23:19 - 00000000 ____D () C:\Users\User\Downloads\TimeLife The Collection
2014-10-28 20:07 - 2014-10-28 20:08 - 00000000 ____D () C:\Users\User\Downloads\VA- Smash Hits 80's Annual - Covers
2014-10-28 20:06 - 2014-10-28 20:06 - 00075306 _____ () C:\Users\User\Downloads\[ComeRight.in]new weekly mp3 - week 43.torrent
2014-10-28 20:06 - 2014-10-28 20:06 - 00000695 _____ () C:\Users\User\Downloads\[ComeRight.in]VA- Smash Hits 80's Annual - Covers.torrent
2014-10-28 20:05 - 2014-10-28 20:25 - 00000000 ____D () C:\Users\User\Downloads\Bargrooves Over Ice  2 Disc
2014-10-28 20:05 - 2014-10-28 20:05 - 00121181 _____ () C:\Users\User\Downloads\[ComeRight.in]TimeLife The Collection.torrent
2014-10-28 20:04 - 2014-10-28 20:04 - 00012224 _____ () C:\Users\User\Downloads\[ComeRight.in]Bargrooves Over Ice  2 Disc.torrent
2014-10-28 20:03 - 2014-10-28 20:03 - 00146107 _____ () C:\Users\User\Downloads\[ComeRight.in]Kindle Book - Mega Collection - 1604 Books.torrent
2014-10-27 22:22 - 2014-10-28 01:18 - 00000000 ____D () C:\Users\User\Downloads\Kool & The Gang - The Singles Collection
2014-10-27 22:18 - 2014-10-27 22:18 - 00019103 _____ () C:\Users\User\Downloads\Kool+%26amp%3B+The+Gang+-+The+Singles+Collection.torrent
2014-10-27 14:15 - 2014-10-27 14:31 - 00000000 ____D () C:\Users\User\Downloads\TIMELIFE  The Rock n Roll  Era  1960
2014-10-27 14:14 - 2014-10-27 14:14 - 00000000 ____D () C:\Users\User\Downloads\The Legendary Buddy Holly
2014-10-27 14:13 - 2014-10-27 14:15 - 00000000 ____D () C:\Users\User\Downloads\Time Life Rock n Roll Era 1959
2014-10-27 14:12 - 2014-10-27 14:12 - 00021865 _____ () C:\Users\User\Downloads\[ComeRight.in]Time Life Rock n Roll Era 1959.torrent
2014-10-27 14:12 - 2014-10-27 14:12 - 00012768 _____ () C:\Users\User\Downloads\[ComeRight.in]The Legendary Buddy Holly.torrent
2014-10-27 14:12 - 2014-10-27 14:12 - 00012497 _____ () C:\Users\User\Downloads\[ComeRight.in]TIMELIFE  The Rock n Roll  Era  1960.torrent
2014-10-27 14:06 - 2014-10-27 14:19 - 08367841 _____ () C:\Users\User\Downloads\04_Out_Of_The_Woods.m4a
2014-10-27 14:06 - 2014-10-27 14:10 - 09394896 _____ () C:\Users\User\Downloads\Rick Gang - Lifestyle (feat. Young Thug & Rich Homie Quan) 2014 - iTunes - Single - the.HH.m4a
2014-10-27 14:06 - 2014-10-27 14:06 - 00012067 _____ () C:\Users\User\Downloads\Rick+Gang+-+Lifestyle+%28feat.+Young+Thug+%26+Rich+Homie+Quan%29+2014+-+iTunes+-+Single+-+the.HH.m4a.torrent
2014-10-27 14:04 - 2014-10-27 14:04 - 00010740 _____ () C:\Users\User\Downloads\Taylor+Swift+-+Out+Of+The+Woods+%28Single%29+Itunes+Plus+AAC.torrent
2014-10-27 13:58 - 2014-10-27 13:58 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-27 13:58 - 2014-10-27 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-27 13:57 - 2014-10-27 13:58 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-27 13:57 - 2014-10-27 13:58 - 00000000 ____D () C:\Program Files\iTunes
2014-10-27 13:57 - 2014-10-27 13:57 - 00000000 ____D () C:\Program Files\iPod
2014-10-27 13:31 - 2014-10-27 13:42 - 07411706 _____ () C:\Users\User\Downloads\David Guetta - Dangerous (feat. Sam Martin) - iTunes - Single.m4a
2014-10-27 13:31 - 2014-10-27 13:31 - 00009584 _____ () C:\Users\User\Downloads\David+Guetta+-+Dangerous+%28feat.+Sam+Martin%29+-+iTunes+-+Single.torrent
2014-10-27 09:39 - 2014-10-27 10:13 - 00000000 ____D () C:\Users\User\Downloads\The Rock 'n' Roll Years - The Love Collection
2014-10-27 09:39 - 2014-10-27 09:40 - 00000000 ____D () C:\Users\User\Downloads\UB40 - Gold (2014) MP3
2014-10-27 09:39 - 2014-10-27 09:39 - 00016865 _____ () C:\Users\User\Downloads\[ComeRight.in]UB40 - Gold (2014) MP3.torrent
2014-10-27 09:38 - 2014-10-27 09:38 - 00025451 _____ () C:\Users\User\Downloads\[ComeRight.in]The Rock 'n' Roll Years - The Love Collection.torrent
2014-10-27 09:38 - 2014-10-27 09:38 - 00012728 _____ () C:\Users\User\Downloads\[ComeRight.in]Black Star Elephant.torrent
2014-10-27 06:25 - 2014-10-27 06:25 - 00018966 _____ () C:\Users\User\Downloads\MRH121+-+Mr+Entertainer+Hits+September+2014+-+KaraokeRG.torrent
2014-10-27 06:25 - 2014-10-27 06:25 - 00018942 _____ () C:\Users\User\Downloads\MRH122+-+Mr+Entertainer+Hits+October+2014+-+KaraokeRG.torrent
2014-10-26 19:54 - 2014-10-26 19:54 - 00017583 _____ () C:\Users\User\Downloads\[ComeRight.in]The Official UK Top 40 Singles Chart 26-10-2014.torrent
2014-10-26 13:19 - 2014-10-26 13:19 - 00011591 _____ () C:\Users\User\Downloads\[ComeRight.in]Ben.Howard-I.Forget.Where.We.Were.MP3.320kbps-2014.torrent
2014-10-26 13:18 - 2014-10-26 13:18 - 00014001 _____ () C:\Users\User\Downloads\[ComeRight.in]American Jazz - Cole Porter Songs (2014).torrent
2014-10-26 13:17 - 2014-10-26 13:17 - 00015512 _____ () C:\Users\User\Downloads\[ComeRight.in]Walking.On.Sunshine.2014.DVDRip.x264.AC3-iFT.torrent
2014-10-26 13:17 - 2014-10-26 13:17 - 00011296 _____ () C:\Users\User\Downloads\[ComeRight.in]Jersey.Boys.2014.DVDRip.x264.AC3-iFT.torrent
2014-10-26 06:58 - 2014-10-26 06:58 - 08101395 _____ () C:\Users\User\Downloads\Calvin Harris - Slow Acid.m4a
2014-10-26 06:58 - 2014-10-26 06:58 - 00000875 _____ () C:\Users\User\Downloads\Calvin+Harris+-+Slow+Acid.m4a+%5BiTunes+Plus+AAC+M4A%5D+%5BEDM+RG%5D+%2AmousR.torrent
2014-10-26 01:01 - 2014-10-26 01:01 - 00028230 _____ () C:\Users\User\Downloads\[ComeRight.in]The Great Big Scottish Songbook [MP3].torrent
2014-10-25 15:56 - 2014-10-25 15:56 - 00020551 _____ () C:\Users\User\Downloads\[ComeRight.in]Boney M  - Original Album Classics  (5CD Box).torrent
2014-10-24 11:39 - 2014-10-24 11:39 - 00015705 _____ () C:\Users\User\Downloads\[ComeRight.in]Palo Alto (2013).torrent
2014-10-24 09:31 - 2014-10-24 09:31 - 00017838 _____ () C:\Users\User\Downloads\Sgt.+Peppers+Lonely+Hearts+Club+Band+%28Original+Soundtrack%29.torrent
2014-10-23 16:10 - 2014-10-23 16:13 - 00000000 ____D () C:\Users\User\Downloads\Queen-Queen Forever(2014).2CD Deluxe Edition
2014-10-23 16:09 - 2014-10-23 16:09 - 00053876 _____ () C:\Users\User\Downloads\[ComeRight.in]Kindle Books - New Releases and Others - Oct Week Four 99 Books.torrent
2014-10-22 22:24 - 2014-10-22 22:24 - 00000709 _____ () C:\Users\User\Downloads\[ComeRight.in]Northern Soul Cover    Dvd  Cover Set.torrent
2014-10-22 22:23 - 2014-10-22 22:23 - 00015077 _____ () C:\Users\User\Downloads\[ComeRight.in]Queen-Queen Forever(2014).2CD Deluxe Edition.torrent
2014-10-21 20:29 - 2014-10-21 20:29 - 00011228 _____ () C:\Users\User\Downloads\Charli+XCX+-+Break+The+Rules+%282014%29+%5B320+KBPS%5D.torrent
2014-10-21 19:44 - 2014-10-21 19:44 - 00011848 _____ () C:\Users\User\Downloads\Nickelback+-+What+Are+You+Waiting+For%3F+%7B2014-Single%7D.torrent
2014-10-21 19:37 - 2014-10-21 19:37 - 00011619 _____ () C:\Users\User\Downloads\Nickelback+-+What+Are+You+Waiting+For%3F+%7B2014-Single%7D+%28By+Alexis.torrent
2014-10-21 19:36 - 2014-10-21 19:36 - 00013204 _____ () C:\Users\User\Downloads\Lenny+Kravitz+-+The+Chamber+%282014%29+FLAC+Single.torrent
2014-10-21 19:34 - 2014-10-21 19:34 - 00011553 _____ () C:\Users\User\Downloads\Avicii+-+The+Days+%28Radio+Edit%29+%28320+kbit%2Fs+MP3%29.torrent
2014-10-21 19:32 - 2014-10-21 19:32 - 00009427 _____ () C:\Users\User\Downloads\Robin+Schulz+feat.+Jasmine+Thompson+-+Sun+Goes+Down.mp3.torrent
2014-10-21 19:25 - 2014-10-21 19:25 - 00012780 _____ () C:\Users\User\Downloads\Avicii+-+The+Days+-+Single+%28iTunes%29+%5Bluman%5D.torrent
2014-10-21 19:11 - 2014-10-21 19:11 - 00061851 _____ () C:\Users\User\Downloads\[ComeRight.in]new weekly mp3 - week 42.torrent
2014-10-21 12:02 - 2014-10-21 12:02 - 00024916 _____ () C:\Users\User\Downloads\[ComeRight.in]VA-Toolroom_Amsterdam_2014-(TOOL34402Z)-WEB-2014-PWT.torrent
2014-10-21 10:39 - 2014-10-21 10:40 - 00014430 _____ () C:\Users\User\Downloads\[ComeRight.in]VA-Vision_Of_Reggae-CD-FLAC-2013-YARD.torrent
2014-10-21 10:38 - 2014-10-21 10:38 - 00014658 _____ () C:\Users\User\Downloads\[ComeRight.in]Northern.Soul.2014.DVDRiP.XVID.AC3-MAJESTIC.torrent
2014-10-19 19:19 - 2014-10-19 19:19 - 00017355 _____ () C:\Users\User\Downloads\[ComeRight.in]The Official UK Top 40 Singles Chart 19-10-2014.torrent
2014-10-19 16:11 - 2014-10-19 16:11 - 00018532 _____ () C:\Users\User\Downloads\[ComeRight.in]PLANES MULTI + Art Work.torrent
2014-10-19 16:10 - 2014-10-19 16:53 - 00000000 ____D () C:\Users\User\Downloads\Walking.on.Sunshine.2014.BDRip.x264-ROVERS
2014-10-19 16:09 - 2014-10-19 16:10 - 00018187 _____ () C:\Users\User\Downloads\[ComeRight.in]Walking.on.Sunshine.2014.BDRip.x264-ROVERS.torrent
2014-10-19 16:08 - 2014-10-19 16:09 - 00000922 _____ () C:\Users\User\Downloads\[ComeRight.in]Now Thats What I Call A Million.torrent
2014-10-18 11:35 - 2014-10-18 11:35 - 00022393 _____ () C:\Users\User\Downloads\[ComeRight.in]DISNEY CLASSICS MULTI - Vol 08.torrent
2014-10-18 11:35 - 2014-10-18 11:35 - 00022318 _____ () C:\Users\User\Downloads\[ComeRight.in]DISNEY CLASSICS MULTI - Vol 07.torrent
2014-10-18 11:33 - 2014-10-18 11:33 - 00022415 _____ () C:\Users\User\Downloads\[ComeRight.in]DISNEY CLASSICS MULTI - Vol 09.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-17 07:18 - 2014-03-05 09:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-11-17 07:17 - 2014-03-05 10:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\DC++
2014-11-17 07:13 - 2014-03-08 08:04 - 00000000 ____D () C:\Users\User\Documents\Outlook Files
2014-11-17 06:43 - 2014-02-24 13:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-17 06:36 - 2006-11-02 12:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 06:36 - 2006-11-02 12:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 06:11 - 2009-04-11 12:34 - 01271714 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 20:13 - 2006-11-02 10:33 - 00763630 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 14:43 - 2014-02-24 13:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 14:28 - 2014-03-05 13:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-11-13 22:42 - 2014-03-05 10:35 - 00000000 ____D () C:\Users\User\AppData\Local\DC++
2014-11-13 11:16 - 2014-08-17 13:43 - 00000000 ____D () C:\Users\User\Desktop\Transfer Folder
2014-11-12 14:17 - 2006-11-02 12:49 - 00064780 _____ () C:\Windows\setupact.log
2014-11-11 10:18 - 2014-02-24 13:15 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-11-08 10:02 - 2014-03-15 14:43 - 00000000 ___RD () C:\Users\User\Dropbox
2014-11-08 10:02 - 2014-03-15 14:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-11-06 10:33 - 2008-01-21 03:02 - 00053200 _____ () C:\Windows\PFRO.log
2014-11-06 10:33 - 2006-11-02 12:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 10:32 - 2006-11-02 12:58 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 20:37 - 2014-03-12 22:23 - 00000000 ____D () C:\Program Files\Adobe
2014-11-05 20:23 - 2006-11-02 10:23 - 00002577 _____ () C:\Windows\system32\config.nt
2014-11-05 20:23 - 2006-11-02 10:23 - 00001688 _____ () C:\Windows\system32\autoexec.nt
2014-11-04 10:05 - 2014-02-24 13:16 - 00000000 ____D () C:\Program Files\Google
2014-11-03 14:46 - 2014-05-12 10:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 13:57 - 2014-08-22 10:08 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-27 13:57 - 2014-03-10 15:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-27 13:57 - 2014-03-10 15:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-26 20:24 - 2014-03-12 16:09 - 00001057 _____ () C:\Users\User\AppData\Roaming\vso_ts_preview.xml
2014-10-26 20:24 - 2014-03-12 16:07 - 00000000 ____D () C:\Users\User\AppData\Roaming\Vso
2014-10-26 20:03 - 2014-03-12 16:11 - 00000000 ____D () C:\Users\User\Documents\ConvertXToDVD
2014-10-18 09:39 - 2010-12-23 22:24 - 00054784 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplhlggg.dll
C:\Users\User\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.59.exe
C:\Users\User\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\mirc732.exe
C:\Users\User\AppData\Local\Temp\NEventMessages.dll
C:\Users\User\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\User\AppData\Local\Temp\optprosetup.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\setup.exe
C:\Users\User\AppData\Local\Temp\setup_m.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\temp2729880178.exe
C:\Users\User\AppData\Local\Temp\VirtualDJ New Version.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {5a7b7df2-0ed2-11e0-9e4c-9c0ce1eaa5fc}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5a7b7df2-0ed2-11e0-9e4c-9c0ce1eaa5fc}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {5a7b7df2-0ed2-11e0-9e4c-9c0ce1eaa5fc}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
 
LastRegBack: 2014-11-17 00:06
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2014 03
Ran by User at 2014-11-17 07:18:48
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Any Video Converter 3.2.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{4B76F79D-7FC9-4007-9EE4-27B4A84477D6}) (Version: 1.29.0 - Kovid Goyal)
ConvertXtoDVD 4.0.12.327 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version:  - )
DC++ 0.843 (HKLM\...\DC++) (Version: 0.843 - Jacek Sieka)
Dropbox (HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Free MP4 Video Converter version 5.0.46.820 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Freemake Audio Converter version 1.1.0 (HKLM\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GWDMX Configuration Program version 2.2.0.6 (HKLM\...\{D2AB671B-9181-4681-A762-941BC79C0FCD}_is1) (Version: 2.2.0.6 - Greenwich Instruments.)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{90BBACD9-526F-4AD5-8B92-80BB5F5E1A6D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{B97BD710-382C-453D-B23C-C0663C6EDFA2}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
Numark USB Audio driver (HKLM\...\USB_AUDIO_DEusb-audio.deNumark) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SiudiDriver version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedQuizzing (HKLM\...\com.speedquizzing) (Version: 2.6.7 - SPEEDQUIZZING LIMITED)
SpeedQuizzing (Version: 2.6.7 - SPEEDQUIZZING LIMITED) Hidden
T2S Mobile V4 FREE (HKLM\...\T2S Mobile V4 FREE) (Version: 4.00 - NRWP)
Virtual DJ Pro Full - Atomix Productions (HKLM\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
VirtualDJ 8 (HKLM\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinAVI Video Converter (HKLM\...\WinAVI Video Converter) (Version: 11.6.1.4734 - ZJMedia Digital Technology Ltd.)
WinAVI Video Converter v11.6.1 (HKLM\...\WinAVI Video Converter v11.6.1_is1) (Version: 11.6.1.4653 - ZJ Computing,Inc)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> C:\Windows\system32\thumbcache.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547232638-1572771747-4048230575-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
30-10-2014 00:29:57 Scheduled Checkpoint
31-10-2014 06:12:47 Scheduled Checkpoint
01-11-2014 08:35:35 Scheduled Checkpoint
03-11-2014 14:02:50 Windows Defender Checkpoint
03-11-2014 14:42:08 Installed Java 7 Update 71
03-11-2014 20:24:30 Windows Defender Checkpoint
13-11-2014 21:31:54 Scheduled Checkpoint
14-11-2014 16:56:54 Scheduled Checkpoint
16-11-2014 00:45:54 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 10:23 - 2014-11-03 20:24 - 00001512 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.79.123 www.google-analytics.com.
85.25.79.123 google-analytics.com.
85.25.79.123 connect.facebook.net.
158.58.173.194 www.google-analytics.com.
158.58.173.194 google-analytics.com.
158.58.173.194 connect.facebook.net.
198.100.156.140 www.google-analytics.com.
198.100.156.140 google-analytics.com.
198.100.156.140 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05B87654-D8BF-469C-8724-D1B93838AB3B} - \task4138815 No Task File <==== ATTENTION
Task: {0D698CCF-EDA5-4721-A0CE-1E7B69D00298} - \task16586213 No Task File <==== ATTENTION
Task: {16064535-8DFB-45FE-A80C-A5E5A9EB4966} - \task595059324 No Task File <==== ATTENTION
Task: {202ADBFB-0A8B-4723-90CA-07497CEA143F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {363AA54F-FF86-410F-8F01-143B306ED1D6} - System32\Tasks\task1416723 => msiexec.exe /param <==== ATTENTION
Task: {39EE6F6C-6A48-42A5-AC7F-906673C9063E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {4F91CE72-6A2F-4939-98E5-B7A5C17E20C1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {97D17EAC-F707-4184-9ACA-0357D59759F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {A2839C7D-8882-4EAD-B041-E69599D66EBE} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-04 10:05 - 2014-10-22 04:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-04 10:05 - 2014-10-22 04:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-04-16 05:39 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-16 05:39 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-11-08 10:02 - 2014-11-08 10:02 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplhlggg.dll
2013-08-23 19:01 - 2013-08-23 19:01 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-28 10:59 - 2014-04-28 10:59 - 08089614 _____ () C:\Program Files\DC++\DCPlusPlus.exe
2014-05-20 10:09 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-05-20 10:09 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-11-17 06:39 - 2014-11-17 06:39 - 00006656 _____ () C:\Users\User\AppData\Local\Temp\nslA451.tmp\nsB820.tmp
2011-06-26 06:45 - 2011-06-26 06:45 - 00256000 _____ () C:\Users\User\AppData\Local\Temp\nslA451.tmp\PEV.DAT
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1547232638-1572771747-4048230575-500 - Administrator - Disabled)
Guest (S-1-5-21-1547232638-1572771747-4048230575-501 - Limited - Disabled)
User (S-1-5-21-1547232638-1572771747-4048230575-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/14/2014 02:09:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application YahooMessenger.exe, version 11.5.0.228, time stamp 0x4fbf6b79, faulting module Flash32_15_0_0_223.ocx_unloaded, version 0.0.0.0, time stamp 0x544ecba4, exception code 0xc0000005, fault offset 0x0f970b47,
process id 0xa04, application start time 0xYahooMessenger.exe0.
 
Error: (11/14/2014 02:08:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/14/2014 02:08:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/14/2014 02:08:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (11/17/2014 06:06:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (11/16/2014 07:58:07 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/15/2014 11:17:33 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.2.
The computer with the IP address 192.168.0.7 did not allow the name to be claimed by
this computer.
 
Error: (11/15/2014 07:57:11 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/14/2014 07:12:37 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/12/2014 11:42:18 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/12/2014 10:53:00 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer LAPTOP-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F5AFB4C-9BED-48AF-91E2-2F68DB93.
The master browser is stopping or an election is being forced.
 
Error: (11/11/2014 09:08:14 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/10/2014 09:07:14 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/09/2014 01:10:22 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (11/14/2014 02:09:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: YahooMessenger.exe11.5.0.2284fbf6b79Flash32_15_0_0_223.ocx_unloaded0.0.0.0544ecba4c00000050f970b47a0401d00009f7efadd0
 
Error: (11/14/2014 02:08:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
 
Error: (11/14/2014 02:08:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK
 
Error: (11/14/2014 02:08:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK
 
Error: (11/14/2014 02:08:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-17 07:18:05.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:18:04.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:18:04.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:18:04.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:18:04.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:18:04.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:18:03.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:18:03.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:16:56.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-17 07:16:56.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz
Percentage of memory in use: 68%
Total physical RAM: 2935.87 MB
Available physical RAM: 911.78 MB
Total Pagefile: 8352.17 MB
Available Pagefile: 3170.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.58 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.09 GB) (Free:151.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Home 01 D) (Fixed) (Total:1863.01 GB) (Free:3.36 GB) NTFS
Drive f: (Home 02 F) (Fixed) (Total:121.9 GB) (Free:31.66 GB) NTFS
Drive g: (Home 03 G) (Fixed) (Total:31.48 GB) (Free:0.28 GB) NTFS
Drive h: (Home 04 H) (Fixed) (Total:1863.01 GB) (Free:455.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 64BA3767)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77810009)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 153.4 GB) (Disk ID: C649C649)
Partition 1: (Not Active) - (Size=31.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=121.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 1863 GB) (Disk ID: 9D7DD27B)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 


#8 Dave100h

Dave100h
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 17 November 2014 - 05:00 AM

Finally the roguekiller scan finished
 
 
RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 11/17/2014  09:58:54
 
¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] nsB820.tmp -- C:\Users\User\AppData\Local\Temp\nslA451.tmp\nsB820.tmp[-] -> Killed [TermThr]
[Suspicious.Path] PEV.DAT -- C:\Users\User\AppData\Local\Temp\nslA451.tmp\PEV.DAT[-] -> Killed [TermThr]
 
¤¤¤ Registry : 30 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | movziuz : rundll32 "C:\Users\User\AppData\Local\movziuz.dll",movziuz  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | bridockx : C:\Users\User\AppData\Local\Temp\crtdlu32.exe  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | IofokHoczu : regsvr32.exe "C:\ProgramData\IofokHoczu\IofokHoczu.dat"  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | WazoNart : regsvr32.exe "C:\ProgramData\WazoNart\WazoNart.dat"  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | OcoFhfqp : C:\Users\User\AppData\Local\gywswfhc\ocofhfqp.exe  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ylivolama : "C:\Users\User\AppData\Roaming\Kumiucog\rasav.exe"  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | OodzUsfaq : regsvr32.exe "C:\ProgramData\OodzUsfaq\OodzUsfaq.dat"  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | DepgOhiyu : regsvr32.exe "C:\ProgramData\DepgOhiyu\DepgOhiyu.dat"  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | YehhIkyif : regsvr32.exe "C:\ProgramData\YehhIkyif\YehhIkyif.dat"  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | MotayZamay : regsvr32.exe "C:\ProgramData\MotayZamay\MotayZamay.dat"  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run | PenoMlul : regsvr32.exe "C:\ProgramData\PenoMlul\PenoMlul.dat"  -> Found
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Partizan (system32\drivers\Partizan.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\User\AppData\Local\Temp\mbr.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\User\AppData\Local\Temp\mbr.sys) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4BB1AE2B-A1F8-4BE1-96C9-1B380B0CC068} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F5AFB4C-9BED-48AF-91E2-2F68DB932D37} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4BB1AE2B-A1F8-4BE1-96C9-1B380B0CC068} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8F5AFB4C-9BED-48AF-91E2-2F68DB932D37} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{4BB1AE2B-A1F8-4BE1-96C9-1B380B0CC068} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8F5AFB4C-9BED-48AF-91E2-2F68DB932D37} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[Tr.Poweliks] HKEY_USERS\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 45 (Driver: Loaded) ¤¤¤
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x50c02d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x50c0270
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x50c0250
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x50c01d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x50c01f0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x50c0290
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x50c02b0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x50c0210
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x50c0230
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x4410130
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x44100d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x44100b0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x4410030
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x4410050
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x44100f0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x4410110
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x4410070
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x4410090
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x98e0e60
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x98e0e00
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x98e0de0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x98e0d60
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x98e0d80
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x98e0e20
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x98e0e40
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x98e0da0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x98e0dc0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x44b04d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x44b0470
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x44b0450
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x44b03d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x44b03f0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x44b0490
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x44b04b0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x44b0410
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x44b0430
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x2b6007c0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x2b600760
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x2b600740
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x2b6006c0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x2b6006e0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x2b600780
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x2b6007a0
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x2b600700
[IAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x2b600720
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] f887ce010c755615d8a0bd1eed9d6edf
[BSP] 824c56e78085d04b6101159998c0b3f9 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2:  +++++
--- User ---
[MBR] eaab3560c575fb5a826d3ee63026a195
[BSP] 6aa6491111d8baa43f46ff68326179b9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3:  +++++
--- User ---
[MBR] 406ef027f0939b306162c1dec52f122f
[BSP] 4db3686ebe209ba73068e734b721d085 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 32239 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 66027520 | Size: 124825 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4:  +++++
--- User ---
[MBR] cf20980bd0f2e3382a30c8fceeea86e3
[BSP] ad26c2980db5485f5c234df3cd10745c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 1907726 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5:  +++++
--- User ---
[MBR] 09e5dfa925a62185acaf9cef5726ae21
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16-LBA (0xe) [VISIBLE] Offset (sectors): 32 | Size: 1927 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_11172014_095106.log

Edited by Dave100h, 17 November 2014 - 05:01 AM.


#9 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,559 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:59 AM

Posted 17 November 2014 - 11:21 PM

Hi,

Did you add the custom entries to your Hosts file?
 

  • Step #3 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  • µTorrent

I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
 



  • Step #4 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      
      Closeprocesses:
      
      Emptytemp:
      
      Task: {05B87654-D8BF-469C-8724-D1B93838AB3B} - \task4138815 No Task File <==== ATTENTION
      
      Task: {0D698CCF-EDA5-4721-A0CE-1E7B69D00298} - \task16586213 No Task File <==== ATTENTION
      
      Task: {16064535-8DFB-45FE-A80C-A5E5A9EB4966} - \task595059324 No Task File <==== ATTENTION
      
      Task: {363AA54F-FF86-410F-8F01-143B306ED1D6} - System32\Tasks\task1416723 => msiexec.exe /param <==== ATTENTION
      
      2014-11-17 06:39 - 2014-11-17 06:39 - 00006656 _____ () C:\Users\User\AppData\Local\Temp\nslA451.tmp\nsB820.tmp
      
      2011-06-26 06:45 - 2011-06-26 06:45 - 00256000 _____ () C:\Users\User\AppData\Local\Temp\nslA451.tmp\PEV.DAT
      
      C:\Users\User\AppData\Local\Temp\nslA451.tmp
      
      HKLM\...\Run: [] => [X]
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [movziuz] => rundll32 "C:\Users\User\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [bridockx] => C:\Users\User\AppData\Local\Temp\crtdlu32.exe <===== ATTENTION
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [IofokHoczu] => regsvr32.exe "C:\ProgramData\IofokHoczu\IofokHoczu.dat"
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [WazoNart] => regsvr32.exe "C:\ProgramData\WazoNart\WazoNart.dat"
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [OcoFhfqp] => C:\Users\User\AppData\Local\gywswfhc\ocofhfqp.exe
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [Ylivolama] => "C:\Users\User\AppData\Roaming\Kumiucog\rasav.exe"
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [OodzUsfaq] => regsvr32.exe "C:\ProgramData\OodzUsfaq\OodzUsfaq.dat"
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [DepgOhiyu] => regsvr32.exe "C:\ProgramData\DepgOhiyu\DepgOhiyu.dat"
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [YehhIkyif] => regsvr32.exe "C:\ProgramData\YehhIkyif\YehhIkyif.dat"
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [MotayZamay] => regsvr32.exe "C:\ProgramData\MotayZamay\MotayZamay.dat"
      
      HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [PenoMlul] => regsvr32.exe "C:\ProgramData\PenoMlul\PenoMlul.dat"
      
      C:\Users\User\AppData\Local\movziuz.dll
      
      C:\Users\User\AppData\Local\Temp\crtdlu32.exe
      
      C:\ProgramData\IofokHoczu
      
      C:\ProgramData\WazoNart
      
      C:\Users\User\AppData\Local\gywswfhc\
      
      C:\Users\User\AppData\Roaming\Kumiucog\
      
      C:\ProgramData\OodzUsfaq
      
      C:\ProgramData\DepgOhiyu\
      
      C:\ProgramData\YehhIkyif\
      
      C:\ProgramData\MotayZamay\
      
      C:\ProgramData\PenoMlul\
      
      2014-11-05 08:38 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\YehhIkyif
      
      2014-11-05 08:38 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\MotayZamay
      
      2014-11-05 00:06 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\DepgOhiyu
      
      2014-11-05 00:06 - 2014-11-05 00:06 - 00000000 ____D () C:\ProgramData\OodzUsfaq
      
      2014-11-04 10:25 - 2014-11-05 22:00 - 00000000 ____D () C:\Users\User\AppData\Local\gywswfhc
      
      2014-11-04 10:04 - 2014-11-05 21:59 - 00000000 _____ () C:\Users\User\AppData\Local\gqgbqgre.log
      
      2014-11-04 08:10 - 2014-11-05 21:40 - 135456421 _____ () C:\Users\User\AppData\Local\wwhylxbr.log
      
      2014-11-04 04:45 - 2014-11-05 21:55 - 01077377 _____ () C:\Users\User\AppData\Local\kpqlvnef.log
      
      2014-11-04 04:45 - 2014-11-05 11:01 - 00375476 _____ () C:\Users\User\AppData\Local\rbdpkbfc.log
      
      2014-11-04 04:45 - 2014-11-05 11:01 - 00002737 _____ () C:\Users\User\AppData\Local\pijvxcxy.log
      
      2014-11-04 04:45 - 2014-11-05 06:16 - 00000217 _____ () C:\Users\User\AppData\Local\vpsfpkcd.log
      
      2014-11-04 04:45 - 2014-11-04 04:45 - 00001143 _____ () C:\Users\User\AppData\Local\rwenlwsl.log
      
      2014-11-04 04:44 - 2014-11-05 06:16 - 00000054 _____ () C:\Users\User\AppData\Local\iygmjfgg.log
      
      2014-11-04 04:44 - 2014-11-04 04:44 - 00000000 _____ () C:\Users\User\AppData\Local\iykwibgw.log
      
      2014-11-04 04:44 - 2014-11-04 04:44 - 00000000 _____ () C:\Users\User\AppData\Local\ecwhqgdl.log
      
      2014-11-04 04:43 - 2014-11-05 21:59 - 00000028 _____ () C:\Users\User\AppData\Local\ictifjtr.log
      
      2014-11-04 04:43 - 2014-11-04 04:44 - 00595440 _____ () C:\Users\User\AppData\Local\jsbvxgbo.log
      
      2014-11-04 04:43 - 2014-11-04 04:43 - 00000064 _____ () C:\ProgramData\vdcddxbs.log
      
      2014-11-03 18:42 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\WazoNart
      
      2014-11-03 18:41 - 2014-11-05 22:00 - 00000000 ____D () C:\ProgramData\IofokHoczu
      
      2014-11-03 13:46 - 2014-11-06 10:29 - 00000000 ____D () C:\ProgramData\KuwrOhye
      
      2014-11-03 13:46 - 2014-11-06 10:29 - 00000000 ____D () C:\ProgramData\HuhmOzhur
      
      End
    • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 
 

  • Required Log(s):
  • FRST Fix Log

Regards,
Valinorum

 


Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#10 Dave100h

Dave100h
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 18 November 2014 - 05:38 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-11-2014 03
Ran by User at 2014-11-18 10:12:06 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
 
Closeprocesses:
 
Emptytemp:
 
Task: {05B87654-D8BF-469C-8724-D1B93838AB3B} - \task4138815 No Task File <==== ATTENTION
 
Task: {0D698CCF-EDA5-4721-A0CE-1E7B69D00298} - \task16586213 No Task File <==== ATTENTION
 
Task: {16064535-8DFB-45FE-A80C-A5E5A9EB4966} - \task595059324 No Task File <==== ATTENTION
 
Task: {363AA54F-FF86-410F-8F01-143B306ED1D6} - System32\Tasks\task1416723 => msiexec.exe /param <==== ATTENTION
 
2014-11-17 06:39 - 2014-11-17 06:39 - 00006656 _____ () C:\Users\User\AppData\Local\Temp\nslA451.tmp\nsB820.tmp
 
2011-06-26 06:45 - 2011-06-26 06:45 - 00256000 _____ () C:\Users\User\AppData\Local\Temp\nslA451.tmp\PEV.DAT
 
C:\Users\User\AppData\Local\Temp\nslA451.tmp
 
HKLM\...\Run: [] => [X]
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [movziuz] => rundll32 "C:\Users\User\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [bridockx] => C:\Users\User\AppData\Local\Temp\crtdlu32.exe <===== ATTENTION
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [IofokHoczu] => regsvr32.exe "C:\ProgramData\IofokHoczu\IofokHoczu.dat"
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [WazoNart] => regsvr32.exe "C:\ProgramData\WazoNart\WazoNart.dat"
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [OcoFhfqp] => C:\Users\User\AppData\Local\gywswfhc\ocofhfqp.exe
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [Ylivolama] => "C:\Users\User\AppData\Roaming\Kumiucog\rasav.exe"
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [OodzUsfaq] => regsvr32.exe "C:\ProgramData\OodzUsfaq\OodzUsfaq.dat"
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [DepgOhiyu] => regsvr32.exe "C:\ProgramData\DepgOhiyu\DepgOhiyu.dat"
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [YehhIkyif] => regsvr32.exe "C:\ProgramData\YehhIkyif\YehhIkyif.dat"
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [MotayZamay] => regsvr32.exe "C:\ProgramData\MotayZamay\MotayZamay.dat"
 
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\...\Run: [PenoMlul] => regsvr32.exe "C:\ProgramData\PenoMlul\PenoMlul.dat"
 
C:\Users\User\AppData\Local\movziuz.dll
 
C:\Users\User\AppData\Local\Temp\crtdlu32.exe
 
C:\ProgramData\IofokHoczu
 
C:\ProgramData\WazoNart
 
C:\Users\User\AppData\Local\gywswfhc\
 
C:\Users\User\AppData\Roaming\Kumiucog\
 
C:\ProgramData\OodzUsfaq
 
C:\ProgramData\DepgOhiyu\
 
C:\ProgramData\YehhIkyif\
 
C:\ProgramData\MotayZamay\
 
C:\ProgramData\PenoMlul\
 
2014-11-05 08:38 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\YehhIkyif
 
2014-11-05 08:38 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\MotayZamay
 
2014-11-05 00:06 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\DepgOhiyu
 
2014-11-05 00:06 - 2014-11-05 00:06 - 00000000 ____D () C:\ProgramData\OodzUsfaq
 
2014-11-04 10:25 - 2014-11-05 22:00 - 00000000 ____D () C:\Users\User\AppData\Local\gywswfhc
 
2014-11-04 10:04 - 2014-11-05 21:59 - 00000000 _____ () C:\Users\User\AppData\Local\gqgbqgre.log
 
2014-11-04 08:10 - 2014-11-05 21:40 - 135456421 _____ () C:\Users\User\AppData\Local\wwhylxbr.log
 
2014-11-04 04:45 - 2014-11-05 21:55 - 01077377 _____ () C:\Users\User\AppData\Local\kpqlvnef.log
 
2014-11-04 04:45 - 2014-11-05 11:01 - 00375476 _____ () C:\Users\User\AppData\Local\rbdpkbfc.log
 
2014-11-04 04:45 - 2014-11-05 11:01 - 00002737 _____ () C:\Users\User\AppData\Local\pijvxcxy.log
 
2014-11-04 04:45 - 2014-11-05 06:16 - 00000217 _____ () C:\Users\User\AppData\Local\vpsfpkcd.log
 
2014-11-04 04:45 - 2014-11-04 04:45 - 00001143 _____ () C:\Users\User\AppData\Local\rwenlwsl.log
 
2014-11-04 04:44 - 2014-11-05 06:16 - 00000054 _____ () C:\Users\User\AppData\Local\iygmjfgg.log
 
2014-11-04 04:44 - 2014-11-04 04:44 - 00000000 _____ () C:\Users\User\AppData\Local\iykwibgw.log
 
2014-11-04 04:44 - 2014-11-04 04:44 - 00000000 _____ () C:\Users\User\AppData\Local\ecwhqgdl.log
 
2014-11-04 04:43 - 2014-11-05 21:59 - 00000028 _____ () C:\Users\User\AppData\Local\ictifjtr.log
 
2014-11-04 04:43 - 2014-11-04 04:44 - 00595440 _____ () C:\Users\User\AppData\Local\jsbvxgbo.log
 
2014-11-04 04:43 - 2014-11-04 04:43 - 00000064 _____ () C:\ProgramData\vdcddxbs.log
 
2014-11-03 18:42 - 2014-11-05 21:59 - 00000000 ____D () C:\ProgramData\WazoNart
 
2014-11-03 18:41 - 2014-11-05 22:00 - 00000000 ____D () C:\ProgramData\IofokHoczu
 
2014-11-03 13:46 - 2014-11-06 10:29 - 00000000 ____D () C:\ProgramData\KuwrOhye
 
2014-11-03 13:46 - 2014-11-06 10:29 - 00000000 ____D () C:\ProgramData\HuhmOzhur
 
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05B87654-D8BF-469C-8724-D1B93838AB3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05B87654-D8BF-469C-8724-D1B93838AB3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task4138815" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D698CCF-EDA5-4721-A0CE-1E7B69D00298}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D698CCF-EDA5-4721-A0CE-1E7B69D00298}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task16586213" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16064535-8DFB-45FE-A80C-A5E5A9EB4966}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16064535-8DFB-45FE-A80C-A5E5A9EB4966}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task595059324" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{363AA54F-FF86-410F-8F01-143B306ED1D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{363AA54F-FF86-410F-8F01-143B306ED1D6}" => Key deleted successfully.
C:\Windows\System32\Tasks\task1416723 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task1416723" => Key deleted successfully.
C:\Users\User\AppData\Local\Temp\nslA451.tmp\nsB820.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\nslA451.tmp\PEV.DAT => Moved successfully.
C:\Users\User\AppData\Local\Temp\nslA451.tmp => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\movziuz => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\bridockx => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IofokHoczu => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WazoNart => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OcoFhfqp => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ylivolama => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OodzUsfaq => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DepgOhiyu => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YehhIkyif => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MotayZamay => value deleted successfully.
HKU\S-1-5-21-1547232638-1572771747-4048230575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PenoMlul => value deleted successfully.
"C:\Users\User\AppData\Local\movziuz.dll" => File/Directory not found.
"C:\Users\User\AppData\Local\Temp\crtdlu32.exe" => File/Directory not found.
C:\ProgramData\IofokHoczu => Moved successfully.
C:\ProgramData\WazoNart => Moved successfully.
C:\Users\User\AppData\Local\gywswfhc => Moved successfully.
"C:\Users\User\AppData\Roaming\Kumiucog" => File/Directory not found.
C:\ProgramData\OodzUsfaq => Moved successfully.
C:\ProgramData\DepgOhiyu => Moved successfully.
C:\ProgramData\YehhIkyif => Moved successfully.
C:\ProgramData\MotayZamay => Moved successfully.
C:\ProgramData\PenoMlul => Moved successfully.
"C:\ProgramData\YehhIkyif" => File/Directory not found.
"C:\ProgramData\MotayZamay" => File/Directory not found.
"C:\ProgramData\DepgOhiyu" => File/Directory not found.
"C:\ProgramData\OodzUsfaq" => File/Directory not found.
"C:\Users\User\AppData\Local\gywswfhc" => File/Directory not found.
C:\Users\User\AppData\Local\gqgbqgre.log => Moved successfully.
C:\Users\User\AppData\Local\wwhylxbr.log => Moved successfully.
C:\Users\User\AppData\Local\kpqlvnef.log => Moved successfully.
C:\Users\User\AppData\Local\rbdpkbfc.log => Moved successfully.
C:\Users\User\AppData\Local\pijvxcxy.log => Moved successfully.
C:\Users\User\AppData\Local\vpsfpkcd.log => Moved successfully.
C:\Users\User\AppData\Local\rwenlwsl.log => Moved successfully.
C:\Users\User\AppData\Local\iygmjfgg.log => Moved successfully.
C:\Users\User\AppData\Local\iykwibgw.log => Moved successfully.
C:\Users\User\AppData\Local\ecwhqgdl.log => Moved successfully.
C:\Users\User\AppData\Local\ictifjtr.log => Moved successfully.
C:\Users\User\AppData\Local\jsbvxgbo.log => Moved successfully.
C:\ProgramData\vdcddxbs.log => Moved successfully.
"C:\ProgramData\WazoNart" => File/Directory not found.
"C:\ProgramData\IofokHoczu" => File/Directory not found.
C:\ProgramData\KuwrOhye => Moved successfully.
C:\ProgramData\HuhmOzhur => Moved successfully.
EmptyTemp: => Removed 6.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#11 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,559 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:59 AM

Posted 18 November 2014 - 10:37 AM

How is your PC?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#12 Dave100h

Dave100h
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 18 November 2014 - 03:38 PM

Seems quicker, no problems now with windows explorer or iexplorer or chrome



#13 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,559 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:59 AM

Posted 19 November 2014 - 12:27 AM

Hi,
  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#14 Dave100h

Dave100h
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 19 November 2014 - 05:34 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19/11/2014
Scan Time: 08:12:43
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.19.01
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290608
Time Elapsed: 10 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7fe66d78ee6c474c9fb5d670ff15ef10
# engine=21158
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-19 09:50:17
# local_time=2014-11-19 09:50:17 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 27007 253923389 0 0
# scanned=237578
# found=2
# cleaned=0
# scan_time=4666
sh=0778D1ECC66A2AC24CAD0ACE10C2D25CFB5D51F3 ft=1 fh=c71c0011b4d012d2 vn="Win32/PSW.Papras.DR trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\OodzUsfaq\OodzUsfaq.dat"
sh=2137D12D84C969CB7D884B6BC779BDFF7CF85517 ft=1 fh=1b19bc3628e9368e vn="Win32/PSW.Papras.DR trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\PenoMlul\PenoMlul.dat"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7fe66d78ee6c474c9fb5d670ff15ef10
# engine=21164
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-19 08:41:22
# local_time=2014-11-19 08:41:22 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 66072 253962454 0 0
# scanned=554257
# found=16
# cleaned=0
# scan_time=21906
sh=0778D1ECC66A2AC24CAD0ACE10C2D25CFB5D51F3 ft=1 fh=c71c0011b4d012d2 vn="Win32/PSW.Papras.DR trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\OodzUsfaq\OodzUsfaq.dat"
sh=2137D12D84C969CB7D884B6BC779BDFF7CF85517 ft=1 fh=1b19bc3628e9368e vn="Win32/PSW.Papras.DR trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\PenoMlul\PenoMlul.dat"
sh=C85641763A1918F6C4011396037435CD91AC297C ft=1 fh=350c0df7b0d24dde vn="a variant of Win32/InstallCore.JW potentially unwanted application" ac=I fn="C:\Users\User\Downloads\AcrobatReaderSetup.exe"
sh=C43BD082C82404E873AB989C15A267C2EA1A56AA ft=1 fh=1537f3085148b08f vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\User\Downloads\FreeMP4VideoConverter.exe"
sh=23ED1411D08E2CF29AF3B5AF31AFA72A542800DA ft=1 fh=06700698d106e372 vn="Win32/Adware.RK.AP application" ac=I fn="C:\Users\User\Dropbox\Downloads\AllFreeDVDtoAVIConverter.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\User\Dropbox\Downloads\cbsidlm-cbsi118-Free_MP3_Converter-ORG-10380792.exe"
sh=3B38ECE8A1605F66D7FC38CC9BCC5FF325A2ED55 ft=1 fh=bc0c24e3a63c61a6 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\User\Dropbox\Downloads\ccsetup313.exe"
sh=C942037FB2AD6AB7ACDB5472CBB486641A6A4CF9 ft=1 fh=d537beeeee828814 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\User\Dropbox\Downloads\WinZip175.exe"
sh=1D0149A15B1D2E4B19D5B0D474A399A1A9590F85 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AD potentially unsafe application" ac=I fn="D:\Software\Arkaos GrandVJ 1.6.5 OSX.zip"
sh=C87D2FC032CC036EB8E5FD5A2F284679966D6221 ft=1 fh=8145b14b6a7a164d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Software\avc-free.exe"
sh=F646AB211DAEC05A3166035A65E8E4F1AAB3F235 ft=1 fh=bb7a6bb9c0af9d12 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="D:\Software\flacmp311.exe"
sh=D068BAB857058AF2D9461B2F70ABEC04F06685BE ft=1 fh=920229556a405bb4 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Software\FreemakeAudioConverterSetup.exe"
sh=2835EF6886BE8496B891C2E0632085C72903D2C4 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="D:\Software\mp.zip"
sh=6DFCD1E64842320703947FE214C833403670B754 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="D:\Software\ArKaos GrandVJ 1.6.5 2012 + Patch-MPT\arkaos.grandvj.1.6.5-MPT.rar"
sh=1082CAA9389263976DE7587E6CF94AC375E6C5C5 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="D:\Software\ArKaos GrandVJ 1.6.5 2012 + Patch-MPT\ArKaos.GrandVJ.1.6.5.rar"
sh=C381B8ED051E4F2FE7612677F3A61FD17646C587 ft=1 fh=f6d4b88b4fd0a333 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="D:\Software\ArKaos GrandVJ 1.6.5 2012 + Patch-MPT\arkaos.grandvj.1.6.5-MPT\arkaos.grandvj.1.6.5-MPT.exe"
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7fe66d78ee6c474c9fb5d670ff15ef10
# engine=21170
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-19 10:29:18
# local_time=2014-11-19 10:29:18 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 76148 253968930 0 0
# scanned=319094
# found=6
# cleaned=6
# scan_time=6217
sh=0778D1ECC66A2AC24CAD0ACE10C2D25CFB5D51F3 ft=1 fh=c71c0011b4d012d2 vn="Win32/PSW.Papras.DR trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\OodzUsfaq\OodzUsfaq.dat"
sh=2137D12D84C969CB7D884B6BC779BDFF7CF85517 ft=1 fh=1b19bc3628e9368e vn="Win32/PSW.Papras.DR trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\PenoMlul\PenoMlul.dat"
sh=C85641763A1918F6C4011396037435CD91AC297C ft=1 fh=350c0df7b0d24dde vn="a variant of Win32/InstallCore.JW potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\User\Downloads\AcrobatReaderSetup.exe"
sh=23ED1411D08E2CF29AF3B5AF31AFA72A542800DA ft=1 fh=06700698d106e372 vn="Win32/Adware.RK.AP application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\User\Dropbox\Downloads\AllFreeDVDtoAVIConverter.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\User\Dropbox\Downloads\cbsidlm-cbsi118-Free_MP3_Converter-ORG-10380792.exe"
sh=C942037FB2AD6AB7ACDB5472CBB486641A6A4CF9 ft=1 fh=d537beeeee828814 vn="a variant of Win32/OpenInstall potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\User\Dropbox\Downloads\WinZip175.exe"


#15 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,559 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:59 AM

Posted 19 November 2014 - 11:32 PM

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 
 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users