Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro detects "Proxy server on this computer (User)"


  • This topic is locked This topic is locked
15 replies to this topic

#1 djsunny

djsunny

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 16 November 2014 - 02:17 PM

Everytime computer boots up, Hitman Pro detects the ff:

Proxy server on this computer (User)

Internet Explorer is using a proxy server on this computer to connect to the Internet.

After Hitman Pro repairs them, I can browse the internet with no issues, but after a while the computer hangs. I can move the mouse but everything else is frozen. Ctrl-Alt-Del doesn't work and I am forced to do a hard shut down. 

The computer got infected before with a rogue antivirus program, something like AV Security Suite or one of its variants, wherein fake Windows security alerts pops up and browsers are redirected to suspicious sites. 

Programs/applications used to remove malware include Rkill, Ccleaner, Mbam, Hitman Pro SuperAntiSpyware, Trojan Remover. They were run in both normal and safe modes, in quick and full scans.

The browser redirects only stopped when Hitman Pro was first run and repaired what it detected. But the proxy server issue remains.

The computer is in a networked environment. All other computers connected to the network is, thank God, not experiencing this issue.
Computer has Windows 7. Main browser used is Google Chrome

IE's Internet Options is disabled, so I had to go to Control Panel -> Internet Options -> Connections -> LAN settings. All checkboxes are unchecked. 

I tried to see what will happen when Automatically Detect Settings is checked. The computer was restarted and I tried to browse the internet. The computer so far hasn't frozen up. 
But when I tried to run Hitman Pro, it is still detecting the proxy server issue.
Also, I compared the LAN Settings of the other computers, they don't need the Automatically Detect Settings checked to properly connect.
Also, when I run Hitman Pro on an uninfected computer, it is not detecting the proxy server issue.

Thank you very much for your help!! 


BC AdBot (Login to Remove)

 


#2 djsunny

djsunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 18 November 2014 - 06:18 PM

can someone help????



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 PM

Posted 21 November 2014 - 02:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556430 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 djsunny

djsunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 21 November 2014 - 07:47 PM

Hello,

 

Thank you foe getting back to me, So far i have run adw cleaner, hitmanpro, roguekiller and when it does find the maleware it cleans it but afterwards it comes back again specially the proxy every time i change it then it goes back to Manuel automatically.

 

Also i have malwarebytes but every time i run this program i get an error message and it close automatically, I believe  malware on my laptop is stopping this software to run.

 

 

DDS log pasted below & Attach.txt is attached

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 10.45.2
Run by Amandeep at 0:43:55 on 2014-11-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8140.2128 [GMT 0:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {EDBB5818-2352-E06B-028A-4E6873B92CC5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BullGuard Antispyware *Enabled/Updated* {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall *Disabled* {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_Backup
c:\program files\bullguard ltd\bullguard\BullGuardBhvScanner.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_Cache
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy
c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Opgaziness\Opgaziness.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Opgaziness\HttpsProxy.exe
C:\Program Files (x86)\Opgaziness\OpgazinessHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\dinotify.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:9880;https=127.0.0.1:9880
uProxyOverride = <local>
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [uTorrent] "C:\Users\Amandeep\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7CB3FBAF-6AD9-48E6-9A88-8F1FF9C8C390} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7CB3FBAF-6AD9-48E6-9A88-8F1FF9C8C390}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{7CB3FBAF-6AD9-48E6-9A88-8F1FF9C8C390}\2456C6B696E6F5E413 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
TCP: Interfaces\{7CB3FBAF-6AD9-48E6-9A88-8F1FF9C8C390}\3516474797723702348627F6D65636163747 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{7CB3FBAF-6AD9-48E6-9A88-8F1FF9C8C390}\E454457454142502071667 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [BullGuardUpdate2] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe
x64-IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Amandeep\AppData\Roaming\Mozilla\Firefox\Profiles\qvvmkqvq.default-1392755061865\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll
FF - plugin: C:\Program Files (x86)\TradeManager\nptrademanager.dll
FF - plugin: C:\Program Files (x86)\TradeManager\npwangwang.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Amandeep\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\NPRobloxProxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R1 0068177drv;0068177drv;C:\Windows\System32\drivers\0068177drv.sys [2014-11-12 615728]
R1 AFW;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [2014-9-4 41680]
R1 BdAgent;BullGuard Security Agent;C:\Windows\System32\drivers\BdAgent.sys [2014-5-15 117184]
R1 BdSpy;BdSpy;C:\Windows\System32\drivers\BdSpy.sys [2014-2-26 67680]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;C:\Windows\System32\drivers\NSKernel.sys [2014-10-13 321112]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;C:\Windows\System32\drivers\NSNetmon.sys [2014-10-13 27544]
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235};Power Control [2014/06/05 21:49:41];C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [2014-3-17 32456]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-27 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-27 203776]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 BsBackup;BullGuard backup service;C:\Windows\System32\SvcHost.exe -k BullGuard_Backup [2009-7-13 27136]
R2 BsBhvScan;BullGuard Behavioural Detection;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2014-10-29 591184]
R2 BsCache;BullGuard cache service;C:\Windows\System32\SvcHost.exe -k BullGuard_Cache [2009-7-13 27136]
R2 BsFileScan;BullGuard on-access service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 27136]
R2 BsFire;BullGuard firewall service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 27136]
R2 BsMailProxy;BullGuard e-mail monitoring service;C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy [2009-7-13 27136]
R2 BsMain;BullGuard main service;C:\Windows\System32\SvcHost.exe -k BullGuard_Main [2009-7-13 27136]
R2 BsScanner;BullGuard scanning service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2014-10-29 280912]
R2 BsUpdate;BullGuard update service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2014-11-17 384848]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-11-9 127752]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2014-5-9 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2014-2-7 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2014-6-4 72216]
R2 Opgaziness;Opgaziness;C:\Program Files (x86)\Opgaziness\Opgaziness.exe [2014-10-7 4383192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-27 2656280]
R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [2014-9-4 469712]
R3 BdNet;BdNet;C:\Windows\System32\drivers\BdNet.sys [2014-3-19 34896]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-27 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-10-27 12228128]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-10-27 333928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-27 428136]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-27 13336]
S2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-10-6 103448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-2-4 340240]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-10-6 203672]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-1-14 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: SmartPhotoEditor.exe: open="C:\Program Files (x86)\Smart Photo Editor Trial\SmartPhotoEditorTrial.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-18 21:59:39 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-17 12:06:10 153712 ----a-w- C:\Windows\System32\BgGamingMonitor.dll.PendingBullGuardUpdate
2014-11-17 12:06:10 140280 ----a-w- C:\Windows\SysWow64\BgGamingMonitor.dll.PendingBullGuardUpdate
2014-11-17 12:06:04 76624 ----a-w- C:\Windows\System32\BGLsp.dll.PendingBullGuardUpdate
2014-11-17 12:06:04 64336 ----a-w- C:\Windows\SysWow64\BGLsp.dll.PendingBullGuardUpdate
2014-11-16 18:54:48 -------- d-----w- C:\ProgramData\F-Secure
2014-11-12 23:28:54 615728 ----a-w- C:\Windows\System32\drivers\0068177drv.sys
2014-11-09 13:40:30 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-11-09 13:29:40 -------- d-----w- C:\Program Files\HitmanPro
2014-11-09 13:29:23 -------- d-----w- C:\ProgramData\HitmanPro
2014-11-06 23:16:57 -------- d-----w- C:\Windows\ERUNT
2014-10-29 22:58:20 153712 ----a-w- C:\Windows\System32\BgGamingMonitor.dll
2014-10-29 22:58:20 140280 ----a-w- C:\Windows\SysWow64\BgGamingMonitor.dll
2014-10-29 22:58:15 76624 ----a-w- C:\Windows\System32\BGLsp.dll
2014-10-29 22:58:15 64336 ----a-w- C:\Windows\SysWow64\BGLsp.dll
.
==================== Find3M  ====================
.
2014-11-13 22:43:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 22:43:24 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 23:28:14 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-29 22:58:01 27544 ----a-w- C:\Windows\System32\drivers\NSNetmon.sys
2014-10-29 22:57:32 321112 ----a-w- C:\Windows\System32\drivers\NSKernel.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:10:43 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-05 02:05:42 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-04 10:09:50 469712 ----a-w- C:\Windows\System32\drivers\afwcore.sys
2014-09-04 10:09:50 41680 ----a-w- C:\Windows\System32\drivers\afw.sys
2014-02-14 09:21:25 49940480 ----a-w- C:\Program Files (x86)\GUT305E.tmp
.
============= FINISH:  0:44:49.34 ===============
 
 
 
 
 
 
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 06/09/2013 20:00:46
System Uptime: 12/11/2014 23:33:10 (217 hours ago)
.
Motherboard: Hewlett-Packard |  | 1800
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz | CPU1 | 2201/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 682 GiB total, 159.932 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 1.839 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP194: 16/11/2014 18:57:04 - Checkpoint by HitmanPro
.
==== Installed Programs ======================
.
AC3Filter 2.5b
ActiveCheck component for HP Active Support Library
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Advanced Uninstaller PRO - Version 11
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
µTorrent
Audacity 2.0.4
AuthenTec TrueAPI
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Build-a-lot 2
BullGuard Internet Security
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
Chuzzle Deluxe
Corel PaintShop Pro X6
CyberLink PowerDVD 14
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
Final Drive Nitro
Flvto Youtube Downloader
Free MP3 Cutter 1.01
GOM Player
Google Chrome
Google Update Helper
Google+ Auto Backup
HitmanPro 3.7
HP 3D DriveGuard
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
ICA
IDT Audio
Intel PROSet Wireless
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® WiDi
Intel® Wireless Display
IPM_PSP_COM
IPM_PSP_COM64
Java 7 Update 45
Java 7 Update 55 (64-bit)
Java Auto Updater
Java™ 6 Update 24 (64-bit)
Junk Mail filter update
LogMeIn
Magic Desktop
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Expression Web 4
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.42 False
Microsoft Visual C++ 2005 Redistributable - x64 8.0.51011 False
Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False
Microsoft Visual C++ 2005 Redistributable - x64 8.0.58298 False
Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192 False
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.0 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.5570 False
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 Redistributable - x64 10.0.30319 False
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 False
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 False
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 False
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Need for Speed Rivals
Penguins!
Picasa 3
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
PSPPContent
PSPPHelp
PSPPro64
PX Profile Update
QQ International
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
ROBLOX Player for Amandeep
Samsung AllShare
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Setup
Skype™ 6.11
Slingo Supreme
Smart Photo Editor Trial
Steam
Synaptics Pointing Device Driver
Terraria
TradeManager 2013 Beta2
Tweaking.com - Registry Backup
Tweaking.com - Windows Repair (All in One)
Update Installer for WildTangent Games App
Vegas Pro 13.0 (64-bit)
Virtual Villagers 4 - The Tree of Life
VirtualDJ Home FREE
VLC media player 2.0.8
Vuze Remote Toolbar v9.8
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 (32-bit)
Wondershare Video Editor(Build 3.6.0)
Youtube Downloader HD v. 2.9.9.13
Youtube to MP3 Converter v. 1.4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
18/11/2014 19:34:40, Error: Service Control Manager [7000]  - The HP Health Check Service service failed to start due to the following error:  A device attached to the system is not functioning.
18/11/2014 19:34:38, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  A device attached to the system is not functioning.
16/11/2014 19:48:17, Error: Service Control Manager [7034]  - The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).
16/11/2014 19:48:17, Error: Service Control Manager [7034]  - The Bluetooth Media Service service terminated unexpectedly.  It has done this 1 time(s).
16/11/2014 19:48:17, Error: Service Control Manager [7034]  - The Bluetooth Device Monitor service terminated unexpectedly.  It has done this 1 time(s).
15/11/2014 10:50:35, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
.
==== End Of File ===========================
 

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:09 PM

Posted 23 November 2014 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
--RogueKiller--
  •  
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
 
=======
 
Please download AdwCleaner by Xplode onto your Desktop.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
 
IMPORTANT
  •  
  • If you click the Clean button all items listed in the report will be removed.
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
 
===
 
 
Download the version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
 
Wait for further instructions.


#6 djsunny

djsunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 November 2014 - 06:19 PM

Hello Nasdaq,

 

Please see the 2 logs from roguekiller and adw but the last software i downloaded onto my desktop and when it opens i click on scan then it automatically close and if i open again it is same thing.

 

 

 

 

 

 

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Amandeep [Administrator]
Mode : Delete -- Date : 11/25/2014  22:58:40
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 18 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:9880;https=127.0.0.1:9880  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:9880;https=127.0.0.1:9880  -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4097084883-1507480385-1203561815-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4097084883-1507480385-1203561815-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7CB3FBAF-6AD9-48E6-9A88-8F1FF9C8C390} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7CB3FBAF-6AD9-48E6-9A88-8F1FF9C8C390} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7CB3FBAF-6AD9-48E6-9A88-8F1FF9C8C390} | DhcpNameServer : 194.168.4.100 194.168.8.100 [UNITED KINGDOM (GB)][UNITED KINGDOM (GB)]  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-60HXZT3 +++++
--- User ---
[MBR] 3f11798e50925fbd4b4c1708ae341bcf
[BSP] b5ba6dc79a4274cdc9b015ed27618247 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 697924 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1429757952 | Size: 17177 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_10082014_210659.log - RKreport_DEL_10082014_225335.log - RKreport_DEL_10262014_012450.log - RKreport_SCN_10082014_210257.log
RKreport_SCN_10082014_225234.log - RKreport_SCN_10252014_172404.log - RKreport_SCN_11252014_225731.log - RKreport_DEL_11252014_225817.log
RKreport_DEL_11252014_225834.log
 
 
 
 
 
 
 
 
# AdwCleaner v4.102 - Report created 25/11/2014 at 23:04:38
# Updated 23/11/2014 by Xplode
# Database : 2014-11-25.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Amandeep - AMANDEEP-HP
# Running from : C:\Users\Amandeep\Downloads\adwcleaner_4.102.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\danshpreet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\danshpreet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v37.0.2062.124
 
[C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
-\\ Comodo Dragon v
 
[C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [23255 octets] - [07/10/2014 22:33:15]
AdwCleaner[R1].txt - [1439 octets] - [08/10/2014 23:54:16]
AdwCleaner[R2].txt - [2125 octets] - [27/10/2014 15:11:17]
AdwCleaner[R3].txt - [2054 octets] - [06/11/2014 22:48:44]
AdwCleaner[R4].txt - [2114 octets] - [06/11/2014 22:50:22]
AdwCleaner[R5].txt - [1969 octets] - [12/11/2014 23:29:41]
AdwCleaner[R6].txt - [2594 octets] - [25/11/2014 23:02:33]
AdwCleaner[S0].txt - [21936 octets] - [07/10/2014 22:34:19]
AdwCleaner[S1].txt - [1504 octets] - [08/10/2014 23:57:28]
AdwCleaner[S2].txt - [2155 octets] - [27/10/2014 15:22:05]
AdwCleaner[S3].txt - [2185 octets] - [06/11/2014 22:52:30]
AdwCleaner[S4].txt - [2040 octets] - [12/11/2014 23:32:08]
AdwCleaner[S5].txt - [2534 octets] - [25/11/2014 23:04:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2594 octets] ##########
 
 
 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:09 PM

Posted 26 November 2014 - 08:34 AM

Was the download of the Farbar tool blocked by your BullGuard Antivirus

 

Disable it for a few minutes and run the tool. 

 

Post the log if you can.



#8 djsunny

djsunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 26 November 2014 - 04:51 PM

I checked my bullguard and i can see it is always been disable because once i turn the bullguard on my laptop goes very very slow, So i am not sure what is stopping the third software from running :-(



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:09 PM

Posted 27 November 2014 - 09:54 AM

Install the Microsoft Security essentials - free security software.
 
Remove BullGuard Internet Security using the Add/Remove programs.
 
Restart the computer normally.
 
Run the Farbar tool.
 
You can reinstall Bulguard if you wish later when all is well.


#10 djsunny

djsunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 27 November 2014 - 05:33 PM

Hi

 

i Removed the bullguard and the tool is working please see the log below.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Amandeep (administrator) on AMANDEEP-HP on 27-11-2014 22:30:43
Running from C:\Users\Amandeep\Downloads
Loaded Profile: Amandeep (Available profiles: Amandeep & danshpreet & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\Opgaziness\Opgaziness.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Opgaziness\HttpsProxy.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Opgaziness\OpgazinessHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-02-07] (LogMeIn, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\Run: [uTorrent] => C:\Users\Amandeep\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-23] (BitTorrent Inc.)
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-4097084883-1507480385-1203561815-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4097084883-1507480385-1203561815-1000] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4097084883-1507480385-1203561815-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-09-03] (EasyBits Software Corp.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Amandeep\AppData\Roaming\Mozilla\Firefox\Profiles\qvvmkqvq.default-1392755061865
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll ( )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-4097084883-1507480385-1203561815-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-4097084883-1507480385-1203561815-1000: @nsroblox.roblox.com/launcher -> C:\Users\Amandeep\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\Firefox\Extensions: [{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2}] - C:\Program Files (x86)\DealsCompare\150.xpi
FF Extension: No Name - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [Not Found]
FF Extension: No Name - antiphishing@bullguard [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_keyd_14_24&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0D0BtCyDtDyC0BzzyD0EtN0D0Tzu0StCtDtDzytN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1Q1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyByE0EyE0C0A0CzytG0C0E0A0FtG0E0FyB0AtGtDyD0FtAtGyCtDtD0FyCtAyByByDyC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzztByEtCtB0B0CtG0FyB0A0EtGyEtDyCyBtGzytC0A0EtGtByDtByBzytDyB0A0AtC0B0E2Q&cr=1894481732&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-01-11]
CHR Extension: (Website Logon) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2013-09-06]
CHR Extension: (HD for YouTube™) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-01-11]
CHR Extension: (Google Docs) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (Turn Off the Lights) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-09-08]
CHR Extension: (YouTube) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Adblock for Youtube™) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2013-09-08]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2013-10-30]
CHR Extension: (Google Search) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2014-09-12]
CHR Extension: (Dailymotion downloader) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbeholgeggnndklobjgccindfdgbnld [2014-02-05]
CHR Extension: (AdBlock) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-08]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-09-08]
CHR Extension: (YouTube to MP3) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbenaklilkohbdclpapiacaihpplflmd [2013-09-13]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2013-09-08]
CHR Extension: (Mixcloud Downloader - Technowise) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpegpbkoopngdajnepdppcbnahimaaf [2014-05-17]
CHR Extension: (Download Youtube as mp3) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\mepapnoaejebkkpkpacihjlfekoggahp [2013-09-13]
CHR Extension: (YouTube To MP3) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjjpcapcaijnbknmbklfjfajjopafpck [2013-09-13]
CHR Extension: (Google Wallet) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Better Pop Up Blocker) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-11-10]
CHR Extension: (Gmail) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ebmnknjbkjpocngafnmdlgndlmlifeio] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944\ch\WebexpEnhancedV1alpha9944.crx [2011-02-11]
CHR StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-09] (SurfRight B.V.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-25] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-25] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-02-07] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
R2 Opgaziness; C:\Program Files (x86)\Opgaziness\Opgaziness.exe [4383192 2014-10-27] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 0068177drv; C:\Windows\System32\DRIVERS\0068177drv.sys [615728 2014-10-09] (Kaspersky Lab)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-02-07] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-14] (Anchorfree Inc.)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLink Corp.)
R4 AFW; system32\DRIVERS\afw.sys [X]
R4 afwcore; system32\DRIVERS\afwcore.sys [X]
R4 BdSpy; system32\drivers\BdSpy.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-27 22:29 - 2014-11-27 22:30 - 00040246 _____ () C:\Users\Amandeep\Downloads\Addition.txt
2014-11-27 22:28 - 2014-11-27 22:30 - 00021929 _____ () C:\Users\Amandeep\Downloads\FRST.txt
2014-11-27 22:28 - 2014-11-27 22:28 - 02117632 _____ (Farbar) C:\Users\Amandeep\Downloads\FRST64.exe
2014-11-27 22:26 - 2014-11-27 22:26 - 00000608 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-11-26 23:28 - 2014-11-26 23:28 - 00020534 _____ () C:\Users\Amandeep\Downloads\Bra Busters 6  2014 WEB-DL  SPLIT SCENES-[rarbg.com].torrent
2014-11-26 23:24 - 2014-11-26 23:24 - 00122368 _____ () C:\Users\Amandeep\Downloads\economycourier.xls
2014-11-26 23:05 - 2014-11-26 23:05 - 00000000 ____D () C:\Users\Amandeep\Downloads\The.Flash.2014.S01E07.HDTV.x264-LOL[ettv]
2014-11-26 23:04 - 2014-11-26 23:04 - 00019135 _____ () C:\Users\Amandeep\Downloads\EC01FDADD162A26550318475B1B8296447FBA19F.torrent
2014-11-25 23:19 - 2014-11-25 23:19 - 00000000 ____D () C:\Users\Amandeep\Downloads\The.Maze.Runner.2014.DVDRip.XviD.MP3-RARBG
2014-11-25 23:19 - 2014-11-25 23:19 - 00000000 ____D () C:\Users\Amandeep\Downloads\Teenage.Mutant.Ninja.Turtles.2014.1080p.BRRip.x264.AC3-RARBG
2014-11-25 23:19 - 2014-11-25 23:19 - 00000000 ____D () C:\Users\Amandeep\Downloads\Freezer (2014)  m-HD  720p  Hindi  Eng  BHATTI87
2014-11-25 23:12 - 2014-11-27 22:30 - 00000000 ____D () C:\FRST
2014-11-25 23:01 - 2014-11-25 23:01 - 02148864 _____ () C:\Users\Amandeep\Downloads\adwcleaner_4.102.exe
2014-11-25 23:00 - 2014-11-25 23:07 - 00000000 ____D () C:\Users\Amandeep\Desktop\reports
2014-11-25 21:59 - 2014-11-25 21:59 - 00015253 _____ () C:\Users\Amandeep\Downloads\The.Maze.Runner.2014.DVDRip.XviD.MP3-RARBG-[rarbg.com].torrent
2014-11-25 21:58 - 2014-11-25 21:58 - 00016719 _____ () C:\Users\Amandeep\Downloads\Teenage.Mutant.Ninja.Turtles.2014.1080p.BRRip.x264.AC3-RARBG-[rarbg.com].torrent
2014-11-24 23:12 - 2014-11-24 23:12 - 00014979 _____ () C:\Users\Amandeep\Downloads\58B6A5D135B4100C2CF2FA01E13BA15FAD7DF5C8.torrent
2014-11-24 22:15 - 2014-11-24 22:15 - 18310232 _____ () C:\Users\Amandeep\Downloads\RogueKillerX64.exe
2014-11-23 11:01 - 2014-11-23 11:01 - 00000000 ____D () C:\Users\Amandeep\Downloads\The.Boxtrolls.2014.1080p.WEB-DL.AAC2.0.H264-RARBG
2014-11-23 11:01 - 2014-11-23 11:01 - 00000000 ____D () C:\Users\Amandeep\Downloads\The Maze Runner (2014) HDCAM READNFO x264 AAC-CPG
2014-11-23 11:01 - 2014-11-23 11:01 - 00000000 ____D () C:\Users\Amandeep\Downloads\Predestination.2014.DVDRip.XviD.AC3-RARBG
2014-11-23 11:01 - 2014-11-23 11:01 - 00000000 ____D () C:\Users\Amandeep\Downloads\Hardcore MILFs - 2014 Evil Angel Split Scenes
2014-11-23 11:01 - 2014-11-23 11:01 - 00000000 ____D () C:\Users\Amandeep\Downloads\At.the.Devils.Door.2014.1080p.BluRay.H264.AAC-RARBG
2014-11-23 11:00 - 2014-11-23 11:00 - 00206376 _____ () C:\Users\Amandeep\Downloads\Hardcore MILFs  2014 WEB-DL  540p SPLIT SCENES-[rarbg.com].torrent
2014-11-23 10:56 - 2014-11-23 10:56 - 00094592 _____ () C:\Users\Amandeep\Downloads\EFB968EA175915C2B122C1518F63CDB40BC0CA06.torrent
2014-11-23 10:54 - 2014-11-23 10:54 - 00037239 _____ () C:\Users\Amandeep\Downloads\At.the.Devils.Door.2014.1080p.BluRay.H264.AAC-RARBG-[rarbg.com].torrent
2014-11-23 10:54 - 2014-11-23 10:54 - 00019376 _____ () C:\Users\Amandeep\Downloads\The.Boxtrolls.2014.1080p.WEB-DL.AAC2.0.H264-RARBG-[rarbg.com].torrent
2014-11-23 10:54 - 2014-11-23 10:54 - 00016210 _____ () C:\Users\Amandeep\Downloads\Predestination.2014.DVDRip.XviD.AC3-RARBG-[rarbg.com].torrent
2014-11-22 00:43 - 2014-11-22 00:43 - 00688992 ____R (Swearware) C:\Users\Amandeep\Downloads\dds.com
2014-11-20 23:10 - 2014-11-23 22:33 - 00000000 ____D () C:\Users\Amandeep\Downloads\BustyBuffy.E50.Nasty.Secretary.XXX.720p.MP4-KTR[rarbg]
2014-11-20 23:03 - 2014-11-20 23:03 - 00061007 _____ () C:\Users\Amandeep\Downloads\BustyBuffy.E50.Nasty.Secretary.XXX.720p.MP4-KTR-[rarbg.com].torrent
2014-11-19 21:21 - 2014-11-19 21:21 - 00014192 _____ () C:\Users\Amandeep\Downloads\37C75FFE3CC8F580BC68C62B2F975AF34837B094.torrent
2014-11-19 21:21 - 2014-11-19 21:21 - 00000000 ____D () C:\Users\Amandeep\Downloads\The Flash S01E06 720p HDTV x264 AAC - Ozlem
2014-11-19 20:52 - 2014-11-19 20:52 - 07432976 _____ (Gretech Corporation) C:\Users\Amandeep\Downloads\GOMPLAYERENSETUP.EXE
2014-11-19 20:52 - 2014-11-19 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-16 19:46 - 2014-11-16 19:46 - 00103360 _____ () C:\Users\Amandeep\Downloads\Extras.Txt
2014-11-16 19:45 - 2014-11-16 19:45 - 00097888 _____ () C:\Users\Amandeep\Desktop\OTL.Txt
2014-11-16 19:41 - 2014-11-16 19:41 - 00013423 _____ () C:\Users\Amandeep\Desktop\ComboFix - Shortcut.lnk
2014-11-16 19:30 - 2014-11-16 19:31 - 00602112 _____ (OldTimer Tools) C:\Users\Amandeep\Downloads\OTL.exe
2014-11-16 19:30 - 2014-11-16 19:30 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-16 19:29 - 2014-11-16 19:30 - 04215584 _____ () C:\Users\Amandeep\Downloads\tweaking.com_registry_backup_setup.exe
2014-11-16 19:04 - 2014-11-22 00:44 - 00022516 _____ () C:\Users\Amandeep\Desktop\dds.txt
2014-11-16 19:04 - 2014-11-22 00:44 - 00011439 _____ () C:\Users\Amandeep\Desktop\attach.txt
2014-11-16 19:02 - 2014-11-16 19:02 - 00688992 ____R (Swearware) C:\Users\Amandeep\Downloads\dds.scr
2014-11-16 19:02 - 2014-11-16 19:02 - 00688992 _____ (Swearware) C:\Users\Amandeep\Downloads\dds (1).scr
2014-11-16 18:54 - 2014-11-16 18:54 - 05176232 _____ (F-Secure Corporation) C:\Users\Amandeep\Downloads\F-SecureOnlineScanner.exe
2014-11-16 18:54 - 2014-11-16 18:54 - 00000000 ____D () C:\ProgramData\F-Secure
2014-11-16 13:11 - 2014-11-16 13:11 - 00038473 _____ () C:\Users\Amandeep\Downloads\FO42B2729F04.html
2014-11-16 13:09 - 2014-11-16 13:09 - 00021882 _____ () C:\Users\Amandeep\Downloads\E8E8C43390AB58272AC4EA7D5F6792341BC6B173.torrent
2014-11-16 13:00 - 2014-11-16 13:00 - 00000000 ____D () C:\Users\Amandeep\Downloads\Guardians.of.the.Galaxy.2014.1080p.WEB-DL.x264.AC3-EVO
2014-11-16 12:59 - 2014-11-23 22:33 - 00000000 ____D () C:\Users\Amandeep\Downloads\The.Expendables.3.2014.EXTENDED.BRRip.XViD.AC3-juggs[ETRG]
2014-11-16 12:59 - 2014-11-23 21:30 - 00000000 ____D () C:\Users\Amandeep\Downloads\BAAZ (2014) 1 CD DvDSCR Rip x264 [DDR]
2014-11-16 12:59 - 2014-11-16 12:59 - 00296027 _____ () C:\Users\Amandeep\Downloads\C66D5AF5860D5B3E04A368D93061D656DC80C2AA.torrent
2014-11-16 12:58 - 2014-11-16 12:58 - 00114740 _____ () C:\Users\Amandeep\Downloads\8DCAFEE930F1F681082B5E15B62D062EFD075D84.torrent
2014-11-16 12:55 - 2014-11-16 12:55 - 00015445 _____ () C:\Users\Amandeep\Downloads\9368341100DF413B64477B891FA3E3FD7DF4D866.torrent
2014-11-15 11:05 - 2014-11-15 13:19 - 00000000 ____D () C:\Users\Amandeep\Downloads\Before.I.Go.to.Sleep.2014.KORSUB.720p.HDRip.XviD.MP3-RARBG
2014-11-15 11:05 - 2014-11-15 11:05 - 00000000 ____D () C:\Users\Amandeep\Downloads\The.Guest.2014.HDRip.XviD.MP3-RARBG
2014-11-15 11:05 - 2014-11-15 11:05 - 00000000 ____D () C:\Users\Amandeep\Downloads\St.Vincent.2014.WEBRip.XviD.MP3-RARBG
2014-11-15 11:05 - 2014-11-15 11:05 - 00000000 ____D () C:\Users\Amandeep\Downloads\Invisible Target (2007) 720p BrRip Dual Audio(Hindi-Cantonese)~StroMSiD
2014-11-15 11:04 - 2014-11-15 11:04 - 00014118 _____ () C:\Users\Amandeep\Downloads\St.Vincent.2014.WEBRip.XviD.MP3-RARBG-[rarbg.com].torrent
2014-11-15 11:03 - 2014-11-15 11:03 - 00014832 _____ () C:\Users\Amandeep\Downloads\The.Guest.2014.HDRip.XviD.MP3-RARBG-[rarbg.com].torrent
2014-11-15 11:00 - 2014-11-15 11:00 - 00013402 _____ () C:\Users\Amandeep\Downloads\Before.I.Go.to.Sleep.2014.KORSUB.720p.HDRip.XviD.MP3-RARBG-[rarbg.com].torrent
2014-11-15 02:26 - 2014-11-15 02:26 - 00017551 _____ () C:\Users\Amandeep\Downloads\6AEDBA03A55500FB424FB9A95FB3BE48AFF7A333.torrent
2014-11-15 02:25 - 2014-11-15 02:25 - 00019542 _____ () C:\Users\Amandeep\Downloads\DirtyWivesClub.Diamond.Kitty.mp4s.14.november.2014-[rarbg.com].torrent
2014-11-13 23:12 - 2014-11-13 23:12 - 02766040 _____ () C:\Users\Amandeep\Downloads\tem-1.zip
2014-11-13 22:51 - 2014-11-13 22:51 - 00000000 ____D () C:\Users\Amandeep\Downloads\Tamanchey (2014) 1CD DVDSCR Rip Xvid Mp3 TeamTNT
2014-11-13 22:51 - 2014-11-13 22:51 - 00000000 ____D () C:\Users\Amandeep\Downloads\Jessabelle.2014.720p.WEB-DL.DD5.1.H264-RARBG
2014-11-13 22:51 - 2014-11-13 22:51 - 00000000 ____D () C:\Users\Amandeep\Downloads\Guardians Of The Galaxy 2014 R6 720p HDCAM x264-JYK
2014-11-13 22:51 - 2014-11-13 22:51 - 00000000 ____D () C:\Users\Amandeep\Downloads\Ekkees Toppon Ki Salaami (2014) 1CD Hindi DVDSCR Rip x264 Team DDH~RG
2014-11-13 22:51 - 2014-11-13 22:51 - 00000000 ____D () C:\Users\Amandeep\Downloads\Dracula Untold 2014 720p HDRip x264 AC3-JYK
2014-11-13 22:51 - 2014-11-13 22:51 - 00000000 ____D () C:\Users\Amandeep\Downloads\Amit Sahni Ki List (2014) 1CD Hindi DTH Rip x264 Team DDH~RG
2014-11-13 22:50 - 2014-11-15 13:19 - 00000000 ____D () C:\Users\Amandeep\Downloads\Avenged.2013.720p.BluRay.H264.AAC-RARBG
2014-11-13 22:50 - 2014-11-13 22:50 - 00026329 _____ () C:\Users\Amandeep\Downloads\Avenged.2013.720p.BluRay.H264.AAC-RARBG-[rarbg.com].torrent
2014-11-13 22:50 - 2014-11-13 22:50 - 00000000 ____D () C:\Users\Amandeep\Downloads\The Hundred Foot Journey (2014)
2014-11-13 22:50 - 2014-11-13 22:50 - 00000000 ____D () C:\Users\Amandeep\Downloads\The Fluffy Movie Unity Through Laughter (2014)
2014-11-13 22:50 - 2014-11-13 22:50 - 00000000 ____D () C:\Users\Amandeep\Downloads\Terror At The Mall 2014
2014-11-13 22:50 - 2014-11-13 22:50 - 00000000 ____D () C:\Users\Amandeep\Downloads\Ouija.2014.1080p.HC.WEBRip.x264.AAC2.0-RARBG
2014-11-13 22:50 - 2014-11-13 22:50 - 00000000 ____D () C:\Users\Amandeep\Downloads\Guardians.of.the.Galaxy.2014.DVDRip.XviD.AC3-EVO
2014-11-13 22:36 - 2014-11-13 22:36 - 00009346 _____ () C:\Users\Amandeep\Downloads\The.Hundred.Foot.Journey.2014.720p.BRRip.x264-YIFY-[rarbg.com].torrent
2014-11-13 22:33 - 2014-11-13 22:33 - 00008816 _____ () C:\Users\Amandeep\Downloads\The.Fluffy.Movie.Unity.Through.Laughter.2014.720p.BRRip.x264-YIFY-[rarbg.com].torrent
2014-11-12 23:28 - 2014-10-09 22:26 - 00615728 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\0068177drv.sys
2014-11-12 23:27 - 2014-11-15 13:19 - 00000000 ____D () C:\Users\Amandeep\Downloads\ROMEO RANJHA (2014) 1CD DvDRip 700MB x264 [AC3 5.1CH]  [SumoMan]
2014-11-12 23:27 - 2014-11-15 13:19 - 00000000 ____D () C:\Users\Amandeep\Downloads\Punjab 1984 (2014) DVDRip - XviD - 1CD Esub [DDR-ExclusivE]
2014-11-12 23:27 - 2014-11-13 22:51 - 00000000 ____D () C:\Users\Amandeep\Downloads\The Flash 2014 S01E05 HDTV x264-LOL[ettv]
2014-11-12 23:27 - 2014-11-12 23:27 - 00000000 ____D () C:\Users\Amandeep\Downloads\Into the Storm (2014) 720p BluRay Hindi DD 5.1Ch - Eng DD 5.1Ch ~ PyZ
2014-11-12 23:26 - 2014-11-12 23:27 - 00014856 _____ () C:\Users\Amandeep\Downloads\70ACE5C85BEE0C16AF88E9DE252EE86F29C78DB5.torrent
2014-11-12 22:51 - 2014-11-12 22:51 - 00018568 _____ () C:\Users\Amandeep\Downloads\8DE4DB3A8C7438AE1C60EDA24EDC6F286CE76C45.torrent
2014-11-12 22:50 - 2014-11-12 22:50 - 00015378 _____ () C:\Users\Amandeep\Downloads\207D0CE919F0725BA9AFA55E5E8FE45E2B8D20E9.torrent
2014-11-12 22:50 - 2014-11-12 22:50 - 00012460 _____ () C:\Users\Amandeep\Downloads\CBD35D8A78A05FF4530AB709F4C4C197AF3C5A51.torrent
2014-11-11 20:48 - 2014-11-11 20:48 - 00013114 _____ () C:\Users\Amandeep\Downloads\5E2491804EA35EC6868F2FD8713C82B80B8AF59B.torrent
2014-11-10 21:05 - 2014-11-10 21:05 - 00013945 _____ () C:\Users\Amandeep\Downloads\Ouija.2014.1080p.HC.WEBRip.x264.AAC2.0-RARBG-[rarbg.com] (2).torrent
2014-11-10 21:00 - 2014-11-10 21:00 - 00016568 _____ () C:\Users\Amandeep\Downloads\Guardians of the Galaxy 2014 DVDRip XviD AC3-EVO-[rarbg.com].torrent
2014-11-10 13:15 - 2014-11-10 13:15 - 00013945 _____ () C:\Users\Amandeep\Downloads\Ouija.2014.1080p.HC.WEBRip.x264.AAC2.0-RARBG-[rarbg.com] (1).torrent
2014-11-10 13:14 - 2014-11-10 13:15 - 00013945 _____ () C:\Users\Amandeep\Downloads\Ouija.2014.1080p.HC.WEBRip.x264.AAC2.0-RARBG-[rarbg.com].torrent
2014-11-09 13:40 - 2014-11-09 13:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-11-09 13:29 - 2014-11-09 13:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-09 13:29 - 2014-11-09 13:29 - 11222744 _____ (SurfRight B.V.) C:\Users\Amandeep\Downloads\HitmanPro_x64.exe
2014-11-09 13:29 - 2014-11-09 13:29 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-09 13:29 - 2014-11-09 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-09 13:29 - 2014-11-09 13:29 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-08 00:31 - 2014-11-08 00:31 - 00014826 _____ () C:\Users\Amandeep\Downloads\Jessabelle.2014.720p.WEB-DL.DD5.1.H264-RARBG-[rarbg.com].torrent
2014-11-08 00:29 - 2014-11-08 00:29 - 00013357 _____ () C:\Users\Amandeep\Downloads\Dracula Untold 2014 720p HDRip x264 AC3-JYK-[rarbg.com].torrent
2014-11-06 23:25 - 2014-11-25 23:05 - 00088148 _____ () C:\Windows\PFRO.log
2014-11-06 23:22 - 2014-11-06 23:21 - 00002884 _____ () C:\Users\Amandeep\Desktop\JRT.txt
2014-11-06 23:16 - 2014-11-06 23:16 - 01706939 _____ (Thisisu) C:\Users\Amandeep\Downloads\JRT.exe
2014-11-06 23:16 - 2014-11-06 23:16 - 00000000 ____D () C:\Windows\ERUNT
2014-11-06 23:13 - 2014-11-06 23:14 - 00003158 _____ () C:\Users\Amandeep\Desktop\Rkill.txt
2014-11-06 23:13 - 2014-11-06 23:13 - 00000000 ____D () C:\Users\Amandeep\Desktop\rkill
2014-11-06 22:51 - 2014-11-06 22:51 - 00059042 _____ () C:\Users\Amandeep\Downloads\A762B82CBC96780308D05B637633EC3047FAC01A.torrent
2014-11-06 22:51 - 2014-11-06 22:51 - 00058993 _____ () C:\Users\Amandeep\Downloads\9C5784FBBE2014D9E5A89C2C5F1A30F086A64692.torrent
2014-11-06 22:51 - 2014-11-06 22:51 - 00017004 _____ () C:\Users\Amandeep\Downloads\D5B52AAECD36D07AA5F919845A09B6EC8D691B07.torrent
2014-11-06 22:51 - 2014-11-06 22:51 - 00015056 _____ () C:\Users\Amandeep\Downloads\Guardians Of The Galaxy 2014 R6 720p HDCAM x264-JYK-[rarbg.com].torrent
2014-11-06 22:47 - 2014-11-06 22:47 - 05591672 ____R (Swearware) C:\Users\Amandeep\Downloads\ComboFix.exe
2014-11-06 22:47 - 2014-11-06 22:47 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Amandeep\Downloads\rkill.exe
2014-11-06 22:10 - 2014-11-06 22:10 - 00000000 ____D () C:\Users\Amandeep\Downloads\Samrat & Co. (2014) DVDRip XviD 1xCD [DDR-ExclusivE]
2014-11-06 22:09 - 2014-11-06 22:09 - 00014982 _____ () C:\Users\Amandeep\Downloads\58BB3A7D9951D87344D042914AEEDC9C144CC949.torrent
2014-10-31 00:25 - 2014-11-10 13:14 - 00000000 ____D () C:\Users\Amandeep\Downloads\The Purge Anarchy (2014) 720p BluRay x264 [Dual-Audio][English BD 5.1 + Hindi BD 5.1] - Mafiaking - Team TellyTNT
2014-10-31 00:25 - 2014-11-10 13:14 - 00000000 ____D () C:\Users\Amandeep\Downloads\Automata.2014.1080p.BluRay.H264.AAC-RARBG
2014-10-31 00:25 - 2014-11-09 01:27 - 00000000 ____D () C:\Users\Amandeep\Downloads\The.Flash.2014.S01E04.Going.Rogue.1080p.WEB-DL.DD5.1.H.264-NTb[rarbg]
2014-10-31 00:24 - 2014-10-31 00:24 - 00012048 _____ () C:\Users\Amandeep\Downloads\2A9A1C649D601C4901B8D91515B9C55B6765BD4A.torrent
2014-10-30 19:57 - 2014-11-27 22:00 - 00006984 _____ () C:\Windows\setupact.log
2014-10-30 19:57 - 2014-10-30 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-29 23:41 - 2014-10-29 23:41 - 00135937 _____ () C:\Users\Amandeep\Downloads\The.Flash.2014.S01E04.Going.Rogue.1080p.WEB-DL.DD5.1.H.264-NTb[rartv]-[rarbg.com].torrent
2014-10-29 23:40 - 2014-10-29 23:40 - 00043895 _____ () C:\Users\Amandeep\Downloads\Automata.2014.1080p.BluRay.H264.AAC-RARBG-[rarbg.com].torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-27 22:29 - 2013-09-06 19:06 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E109544E-B36E-4B0C-B3A5-9BEBDB2A778D}
2014-11-27 22:27 - 2014-10-07 20:42 - 00000000 ____D () C:\Users\Amandeep\AppData\Roaming\BullGuard
2014-11-27 22:27 - 2014-10-07 20:38 - 00000000 ____D () C:\ProgramData\BullGuard
2014-11-27 22:26 - 2014-10-07 20:51 - 00000268 _____ () C:\Windows\system32\config\afw_hm.conf
2014-11-27 22:26 - 2014-10-07 20:51 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-11-27 22:22 - 2013-09-06 19:22 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 22:09 - 2011-10-27 10:49 - 01476288 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 22:05 - 2013-09-06 19:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 21:58 - 2014-06-04 08:44 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-27 21:58 - 2013-12-31 02:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 23:05 - 2014-02-06 23:47 - 00000000 ____D () C:\Users\Amandeep\AppData\Roaming\uTorrent
2014-11-26 21:25 - 2009-07-14 04:45 - 00032064 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 21:25 - 2009-07-14 04:45 - 00032064 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 23:10 - 2014-06-04 08:45 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-25 23:10 - 2014-06-04 08:44 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-25 23:10 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 23:09 - 2014-06-04 08:44 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-11-25 23:07 - 2014-06-04 08:44 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-11-25 23:07 - 2014-06-04 08:44 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-11-25 23:07 - 2014-06-04 08:44 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-11-25 23:06 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 23:05 - 2013-10-15 22:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-25 23:04 - 2014-10-07 22:33 - 00000000 ____D () C:\AdwCleaner
2014-11-25 22:52 - 2014-10-08 19:58 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-23 21:32 - 2013-09-06 22:06 - 00000000 ____D () C:\Users\Amandeep\AppData\Roaming\vlc
2014-11-16 19:51 - 2014-10-08 20:27 - 00000000 ____D () C:\Qoobox
2014-11-16 19:42 - 2013-12-31 00:49 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-16 19:30 - 2014-10-08 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-16 19:30 - 2014-10-08 22:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-16 01:17 - 2013-09-06 19:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 01:17 - 2013-09-06 19:22 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 22:43 - 2013-12-31 02:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 22:43 - 2013-12-31 02:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 22:43 - 2013-12-31 02:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-09 13:40 - 2014-09-08 21:58 - 00000000 ____D () C:\Users\Amandeep\Downloads\Sony Vegas Pro 13.0 build 290 (64 bit) Multilingual [ChingLiu]
2014-11-09 13:40 - 2014-02-13 22:11 - 00000000 ____D () C:\Users\Amandeep\Downloads\Corel.VideoStudio.Ultimate.X6.v16.0.0.106.Multilingual.Incl.Keymaker-CORE
2014-11-06 23:09 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-06 22:55 - 2009-07-14 05:08 - 00028158 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-29 23:45 - 2013-10-12 19:29 - 00000000 ____D () C:\Users\Amandeep\AppData\Local\CrashDumps
 
Some content of TEMP:
====================
C:\Users\Amandeep\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Amandeep\AppData\Local\Temp\Quarantine.exe
C:\Users\Amandeep\AppData\Local\Temp\SHSetup.exe
C:\Users\Amandeep\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-26 21:28
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Amandeep at 2014-11-27 22:31:07
Running from C:\Users\Amandeep\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11 - Innovative Solutions)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{9A11B072-9CE7-ABB9-2F65-EC971A7B839D}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.3.5 - Hotger)
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version:  - PolySoft Solutions)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{0128D231-B23B-409C-A531-39D8D8774BA1}) (Version: 4.1.5.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0511 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{794E5C90-96E5-4413-B3F5-C803205AE30C}) (Version: 14.0.3000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn (HKLM-x32\...\{7FEA5E41-0106-451E-BC88-71B9CD3B0F41}) (Version: 4.1.4380 - LogMeIn, Inc.)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Need for Speed Rivals (HKLM-x32\...\Need for Speed Rivals_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.0.0.113 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1310.0 - Tencent Technology(Shenzhen) Company Limited)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
ROBLOX Player for Amandeep (HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Smart Photo Editor Trial (HKLM-x32\...\SmartPhotoEditor1Trial_is1) (Version: 1.19 - Anthropics Technology Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TradeManager 2013 Beta2 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.2 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Vuze Remote Toolbar v9.8 (HKLM-x32\...\{D41A0173-FFD4-4422-9E52-467EA116C14B}) (Version: 9.8 - Spigot, Inc.) <==== ATTENTION
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Video Editor(Build 3.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Youtube Downloader HD v. 2.9.9.13 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
Youtube to MP3 Converter v. 1.4 (HKLM-x32\...\Youtube to MP3 Converter_is1) (Version:  - YoutubeDownloaderHD.com)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4097084883-1507480385-1203561815-1000_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Co., Ltd.)
CustomCLSID: HKU\S-1-5-21-4097084883-1507480385-1203561815-1000_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Co., Ltd.)
 
==================== Restore Points  =========================
 
23-11-2014 17:04:32 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2014-11-25 22:58 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AC67420-15B0-4CF7-B760-39192EAF67C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {0E6C6F25-683E-493F-8B8E-11B6290DBBAF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15641A26-F2FD-44B0-AE05-15A474AC00BC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {17FB9238-722D-4C22-B0F4-9E1DA4AFA804} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {1854DFDA-F26B-4811-807F-54697D849C76} - System32\Tasks\Health-Check-auto => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2013-12-20] (Innovative Solutions)
Task: {64EC3301-134B-454B-B8B0-49C471CC8F64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {6FDC1BF4-4563-4FA4-BF8A-CF5FE3DF8ACD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)
Task: {88A027FB-682F-46FF-B358-A0893CDD4E1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {B5A37ABC-F08A-4998-8257-E63AE5D54EC8} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2013-12-20] (Innovative Solutions)
Task: {BC5A63F0-0F7A-43B6-A52A-9E1874C1F79A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Health-Check-auto.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-04 22:42 - 2011-02-04 22:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-10-07 22:00 - 2014-10-27 08:56 - 04383192 _____ () C:\Program Files (x86)\Opgaziness\Opgaziness.exe
2014-10-27 08:56 - 2014-10-27 08:56 - 00417752 ___SH () C:\Program Files (x86)\Opgaziness\HttpsProxy.exe
2014-10-07 22:00 - 2014-10-27 11:10 - 00160728 _____ () C:\Program Files (x86)\Opgaziness\OpgazinessHelper.exe
2011-10-27 10:46 - 2011-04-15 03:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-02-04 22:42 - 2011-02-04 22:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-06-24 09:21 - 2010-06-24 09:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-03-07 18:56 - 2014-03-07 18:56 - 00117262 _____ () C:\Program Files (x86)\Opgaziness\libgcc_s_dw2-1.dll
2014-03-07 18:56 - 2014-03-07 18:56 - 00970766 _____ () C:\Program Files (x86)\Opgaziness\libstdc++-6.dll
2014-09-25 19:42 - 2014-09-23 04:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 19:42 - 2014-09-23 04:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 19:42 - 2014-09-23 04:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-10-10 08:11 - 2014-10-10 08:11 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\be754592ee4282fcdeb02951902b6017\IsdiInterop.ni.dll
2011-10-27 10:46 - 2011-01-13 01:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 09:19 - 2010-06-24 09:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-09-25 19:42 - 2014-09-23 04:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
2014-04-15 19:10 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-15 19:10 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Amandeep^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JustCloud.lnk => C:\Windows\pss\JustCloud.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Amandeep^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Amandeep^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatchApp.lnk => C:\Windows\pss\StormWatchApp.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: aliim => "C:\Program Files (x86)\TradeManager\AliIM.exe" /autorun
MSCONFIG\startupreg: AllShareAgent => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BRS => C:\Program Files (x86)\Groovorio\BRS\brs.exe -runBRS
MSCONFIG\startupreg: BullGuard => "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
MSCONFIG\startupreg: BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_818626F5A7A4A163F31EEB7E69474599 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Obrona Block Ads => "C:\Users\Amandeep\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" --hidden
MSCONFIG\startupreg: PowerDVD14Agent => "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Amandeep\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4097084883-1507480385-1203561815-500 - Administrator - Disabled)
Amandeep (S-1-5-21-4097084883-1507480385-1203561815-1000 - Administrator - Enabled) => C:\Users\Amandeep
danshpreet (S-1-5-21-4097084883-1507480385-1203561815-1003 - Administrator - Enabled) => C:\Users\danshpreet
Guest (S-1-5-21-4097084883-1507480385-1203561815-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4097084883-1507480385-1203561815-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/25/2014 11:10:14 PM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager()
   at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
   at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
   at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
   at AllShareDMS.AllShareDMS.DoStart()
   at AllShareDMS.AllShareDMS.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (11/25/2014 11:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.1.0.495, time stamp: 0x4d5dea79
Faulting module name: TrueSuiteService.exe, version: 5.1.0.495, time stamp: 0x4d5dea79
Exception code: 0xc0000417
Fault offset: 0x0001263a
Faulting process id: 0x3f8
Faulting application start time: 0xTrueSuiteService.exe0
Faulting application path: TrueSuiteService.exe1
Faulting module path: TrueSuiteService.exe2
Report Id: TrueSuiteService.exe3
 
Error: (11/19/2014 08:52:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16575 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a38
 
Start Time: 01d0043a980fb554
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (11/13/2014 09:08:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x1790
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (11/13/2014 09:02:59 AM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager()
   at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
   at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
   at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
   at AllShareDMS.AllShareDMS.DoStart()
   at AllShareDMS.AllShareDMS.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (11/13/2014 09:01:25 AM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (11/12/2014 11:33:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.1.0.495, time stamp: 0x4d5dea79
Faulting module name: TrueSuiteService.exe, version: 5.1.0.495, time stamp: 0x4d5dea79
Exception code: 0xc0000417
Fault offset: 0x0001263a
Faulting process id: 0x3ec
Faulting application start time: 0xTrueSuiteService.exe0
Faulting application path: TrueSuiteService.exe1
Faulting module path: TrueSuiteService.exe2
Report Id: TrueSuiteService.exe3
 
Error: (11/12/2014 11:31:30 PM) (Source: MsiInstaller) (EventID: 11359) (User: Amandeep-HP)
Description: Product: SpyHunter -- Error 1359. An internal error occurred.
(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/09/2014 01:47:16 PM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager()
   at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
   at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
   at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
   at AllShareDMS.AllShareDMS.DoStart()
   at AllShareDMS.AllShareDMS.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (11/09/2014 01:43:22 PM) (Source: LogMeIn) (EventID: 111) (User: NT AUTHORITY)
Description: Exiting: The service control dispatcher has failed unexpectedly.
 
 
System errors:
=============
Error: (11/25/2014 11:07:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/25/2014 11:06:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:04:29 on ‎25/‎11/‎2014 was unexpected.
 
Error: (11/25/2014 09:26:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%31
 
Error: (11/25/2014 09:26:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%31
 
Error: (11/23/2014 02:17:46 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (11/18/2014 07:34:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%31
 
Error: (11/18/2014 07:34:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%31
 
Error: (11/16/2014 07:48:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Media Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/16/2014 07:48:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/16/2014 07:48:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Device Monitor service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (11/25/2014 11:10:14 PM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager()
   at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
   at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
   at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
   at AllShareDMS.AllShareDMS.DoStart()
   at AllShareDMS.AllShareDMS.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (11/25/2014 11:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrueSuiteService.exe5.1.0.4954d5dea79TrueSuiteService.exe5.1.0.4954d5dea79c00004170001263a3f801d0090460d3cbdfC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exeC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exea7a291b5-74f7-11e4-bb94-2c413860c3f7
 
Error: (11/19/2014 08:52:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.165751a3801d0043a980fb55411C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Error: (11/13/2014 09:08:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e0179001cfff2056fcaa0bC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlla0d189f9-6b14-11e4-9839-2c413860c3f7
 
Error: (11/13/2014 09:02:59 AM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager()
   at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
   at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
   at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
   at AllShareDMS.AllShareDMS.DoStart()
   at AllShareDMS.AllShareDMS.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (11/13/2014 09:01:25 AM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (11/12/2014 11:33:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrueSuiteService.exe5.1.0.4954d5dea79TrueSuiteService.exe5.1.0.4954d5dea79c00004170001263a3ec01cffed110ad7302C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exeC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe5ecee3bc-6ac4-11e4-9839-ac7289db1505
 
Error: (11/12/2014 11:31:30 PM) (Source: MsiInstaller) (EventID: 11359) (User: Amandeep-HP)
Description: Product: SpyHunter -- Error 1359. An internal error occurred.
(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/09/2014 01:47:16 PM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList()
   at AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager()
   at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize()
   at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()
   at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance()
   at AllShareDMS.AllShareDMS.DoStart()
   at AllShareDMS.AllShareDMS.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (11/09/2014 01:43:22 PM) (Source: LogMeIn) (EventID: 111) (User: NT AUTHORITY)
Description: 
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-08 21:40:44.578
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-08 21:40:44.547
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 46%
Total physical RAM: 8139.86 MB
Available physical RAM: 4389.58 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 12096.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:681.57 GB) (Free:146.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.77 GB) (Free:1.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: C21C133D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=681.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
 
 

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:09 PM

Posted 28 November 2014 - 08:43 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

() C:\Program Files (x86)\Opgaziness\Opgaziness.exe
() C:\Program Files (x86)\Opgaziness\HttpsProxy.exe
() C:\Program Files (x86)\Opgaziness\OpgazinessHelper.exe
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-4097084883-1507480385-1203561815-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4097084883-1507480385-1203561815-1000] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-4097084883-1507480385-1203561815-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\Firefox\Extensions: [{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2}] - C:\Program Files (x86)\DealsCompare\150.xpi
FF Extension: No Name - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [Not Found]
FF Extension: No Name - antiphishing@bullguard [Not Found]
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_keyd_14_24&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0D0BtCyDtDyC0BzzyD0EtN0D0Tzu0StCtDtDzytN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1Q1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyByE0EyE0C0A0CzytG0C0E0A0FtG0E0FyB0AtGtDyD0FtAtGyCtDtD0FyCtAyByByDyC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzztByEtCtB0B0CtG0FyB0A0EtGyEtDyCyBtGzytC0A0EtGtByDtByBzytDyB0A0AtC0B0E2Q&cr=1894481732&ir="
CHR Extension: (Google Wallet) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [ebmnknjbkjpocngafnmdlgndlmlifeio] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944\ch\WebexpEnhancedV1alpha9944.crx [2011-02-11]
R2 Opgaziness; C:\Program Files (x86)\Opgaziness\Opgaziness.exe [4383192 2014-10-27] ()
S4 LMIRfsClientNP; No ImagePath
R4 AFW; system32\DRIVERS\afw.sys [X]
R4 afwcore; system32\DRIVERS\afwcore.sys [X]
R4 BdSpy; system32\drivers\BdSpy.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\DealsCompare
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944
C:\Program Files (x86)\Opgaziness

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#12 djsunny

djsunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 28 November 2014 - 08:23 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Amandeep at 2014-11-29 01:13:06 Run:1
Running from C:\Users\Amandeep\Downloads
Loaded Profile: Amandeep (Available profiles: Amandeep & danshpreet & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
() C:\Program Files (x86)\Opgaziness\Opgaziness.exe
() C:\Program Files (x86)\Opgaziness\HttpsProxy.exe
() C:\Program Files (x86)\Opgaziness\OpgazinessHelper.exe
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-4097084883-1507480385-1203561815-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4097084883-1507480385-1203561815-1000] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-4097084883-1507480385-1203561815-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\...\Firefox\Extensions: [{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2}] - C:\Program Files (x86)\DealsCompare\150.xpi
FF Extension: No Name - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [Not Found]
FF Extension: No Name - antiphishing@bullguard [Not Found]
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_keyd_14_24&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0D0BtCyDtDyC0BzzyD0EtN0D0Tzu0StCtDtDzytN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1Q1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyByE0EyE0C0A0CzytG0C0E0A0FtG0E0FyB0AtGtDyD0FtAtGyCtDtD0FyCtAyByByDyC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzztByEtCtB0B0CtG0FyB0A0EtGyEtDyCyBtGzytC0A0EtGtByDtByBzytDyB0A0AtC0B0E2Q&cr=1894481732&ir="
CHR Extension: (Google Wallet) - C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [ebmnknjbkjpocngafnmdlgndlmlifeio] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944\ch\WebexpEnhancedV1alpha9944.crx [2011-02-11]
R2 Opgaziness; C:\Program Files (x86)\Opgaziness\Opgaziness.exe [4383192 2014-10-27] ()
S4 LMIRfsClientNP; No ImagePath
R4 AFW; system32\DRIVERS\afw.sys [X]
R4 afwcore; system32\DRIVERS\afwcore.sys [X]
R4 BdSpy; system32\drivers\BdSpy.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\DealsCompare
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944
C:\Program Files (x86)\Opgaziness
 
End
*****************
 
[2712] C:\Program Files (x86)\Opgaziness\Opgaziness.exe => Process closed successfully.
[2812] C:\Program Files (x86)\Opgaziness\HttpsProxy.exe => Process closed successfully.
C:\Program Files (x86)\Opgaziness\OpgazinessHelper.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall" => Key deleted successfully.
HKU\S-1-5-21-4097084883-1507480385-1203561815-1000\Software\Mozilla\Firefox\Extensions\\{0011ebb6-4390-4e21-a2e3-8dd2a85e92d2} => value deleted successfully.
C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard not found.
FF Extension: No Name - antiphishing@bullguard [Not Found] not found.
Chrome StartupUrls deleted successfully.
C:\Users\Amandeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ebmnknjbkjpocngafnmdlgndlmlifeio" => Key deleted successfully.
"C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944\ch\WebexpEnhancedV1alpha9944.crx" => File/Directory not found.
Opgaziness => Unable to stop service
Opgaziness => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
AFW => Unable to stop service
AFW => Service deleted successfully.
afwcore => Unable to stop service
afwcore => Service deleted successfully.
BdSpy => Unable to stop service
BdSpy => Service deleted successfully.
catchme => Service deleted successfully.
"C:\Program Files (x86)\DealsCompare" => File/Directory not found.
"C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9944" => File/Directory not found.
 
"C:\Program Files (x86)\Opgaziness" directory move:
 
C:\Program Files (x86)\Opgaziness\cacert.crt => Moved successfully.
C:\Program Files (x86)\Opgaziness\CertMgr.Exe => Moved successfully.
C:\Program Files (x86)\Opgaziness\HttpsProxy.exe => Moved successfully.
C:\Program Files (x86)\Opgaziness\libeay32.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\libgcc_s_dw2-1.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\libstdc++-6.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\libwinpthread-1.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\LoopbackForWin8.exe => Moved successfully.
C:\Program Files (x86)\Opgaziness\msvcp100.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\msvcr100.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\Opgaziness.exe => Moved successfully.
C:\Program Files (x86)\Opgaziness\OpgazinessHelper.exe => Moved successfully.
C:\Program Files (x86)\Opgaziness\Qt5Core.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\Qt5Network.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\ssleay32.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\certutil.exe => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\freebl3.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\libnspr4.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\libplc4.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\libplds4.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\msvcp100.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\msvcr100.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\nss3.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\nssdbm3.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\nssutil3.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\smime3.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\softokn3.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\temp\sqlite3.dll => Moved successfully.
C:\Program Files (x86)\Opgaziness\platforms\qwindows.dll => Moved successfully.
Could not move "C:\Program Files (x86)\Opgaziness" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-29 01:17:08)<=
 
C:\Program Files (x86)\Opgaziness => Is moved successfully.
 
==== End of Fixlog ====


#13 djsunny

djsunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 28 November 2014 - 08:26 PM

After the restart i went back to internet explorer settings and changed the proxy server settings to automatically detect settings.

 

after using the laptop for 5 minute it hasn't changed the setting back to proxy server which is good response so far.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:09 PM

Posted 29 November 2014 - 08:23 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 djsunny

djsunny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 02 December 2014 - 05:39 PM

Yes it is all working now  :thumbup2:

 

Thank you so much for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users