Inactive FRST.txt

Status
Not open for further replies.
jamjam

jamjam

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
Ran by John (administrator) on MY_PC on 27-05-2015 16:40:52
Running from C:\Users\John\Documents\Desktop
Loaded Profiles: John (Available Profiles: John & Joe Nuve & abby's faith & Administrator & Guest)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\RevelSoftware.PianoTime_1.0.0.14_neutral__rm1v733ay04k0\Piano.exe
(Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-10] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [2841088 2013-11-26] (Informer Technologies, Inc.)
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [ ] => F:\ .exe /Q
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [Snapshot_20140730_42.JPG] => F:\Snapshot_20140730_42.JPG.exe /a
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [Porn] => F:\ \Porn.exe /X
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [Viber] => "C:\Users\John\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\CurrentVersion\Windows: [Load] C:\Users\John\LOCALS~1\Temp\cctihovof.pif <===== ATTENTION
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Policies\Explorer: [TaskbarNoThumbnail] 0
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {01f4b4cd-76bd-11e3-be95-083e8e7ff86b} - "H:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {1283bfee-7976-11e3-be97-806e6f6e6963} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {17ae5a2a-8d2b-11e2-be72-083e8e7ff86b} - "G:\AutoRun.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {17ae5a3a-8d2b-11e2-be72-083e8e7ff86b} - "F:\AutoRun.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {288f6584-7972-11e3-be96-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {2a52bd62-b6e9-11e3-beac-083e8e7ff86b} - "F:\Autorun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {341aeb9a-ab75-11e3-beaa-10604b493d09} - "F:\LGAutoRun.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {5bfde5a0-0887-11e4-befa-083e8e7ff86b} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\autorun.bat
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {620a99ed-0b17-11e4-bf04-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {66146bca-1bf3-11e3-bfa7-10604b493d09} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {667351a6-0af8-11e4-bf03-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {667352e0-0af8-11e4-bf03-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {667352eb-0af8-11e4-bf03-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {724876f9-5e33-11e3-be82-10604b493d09} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {a9d70b93-16cb-11e3-bf8e-10604b493d09} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {b105a847-0b1a-11e4-bf05-806e6f6e6963} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {b4e1a47a-e372-11e2-beef-083e8e7ff86b} - "F:\AutoRun.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {be36a913-9799-11e4-8005-10604b493d09} - "F:\LGAutoRun.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {c7785790-0ab2-11e4-bf02-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {de769fff-023c-11e3-bf43-10604b493d09} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {f07381e3-2219-11e3-bfb0-10604b493d09} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {f07381e7-2219-11e3-bfb0-10604b493d09} - "G:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {f227088a-e64f-11e2-befe-10604b493d09} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {f2271bbe-e64f-11e2-befe-10604b493d09} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [330240 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Joe Nuve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-04-16]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk [2014-09-14]
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2349919157-339670822-1832927227-1001] => proxy.usp.ac.fj:3128
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?pc=MSERT1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?pc=MSERT1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://go.microsoft.com/fwlink/?linkid=42826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://go.microsoft.com/fwlink/?linkid=42826
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...e/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40&OSP=
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...e/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40&OSP=
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...e/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40&OSP=
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL13/13
HKU\S-1-5-21-2349919157-339670822-1832927227-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL13/13
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ie...D101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ie...D101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 -> {5F5651A3-7378-421F-9E36-3005C19D36E9} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ie...D101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {5CCA34E3-1520-4B0A-8D32-863BD1E21349} URL = http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {5F5651A3-7378-421F-9E36-3005C19D36E9} URL = http://www.dogpile.com/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {983E9E6E-1AA2-4B5A-B91D-A5CFF9C72854} URL = http://search.softonic.com/INF00176...59ea4000000000000083e8e7ff86d&toi=16041&r=281
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 144.120.29.3 8.8.8.8 144.120.28.3 144.120.8.57 144.120.8.32 144.120.28.41

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=8597AF9D-FECC-43F7-A188-17172946565B&n=781b3b6b&p2=^Z1^xdm040^YYA^fj&si=CILcpLWQrMUCFYmSvQodQxIATw
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=8597AF9D-FECC-43F7-A188-17172946565B&n=781b3b6b&ind=2015050603&p2=^Z1^xdm040^YYA^fj&si=CILcpLWQrMUCFYmSvQodQxIATw&searchfor=
FF NetworkProxy: "backup.ftp", "proxy.usp.ac.fj"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "proxy.usp.ac.fj"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "proxy.usp.ac.fj"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "proxy.usp.ac.fj"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxy.usp.ac.fj"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, .usp.ac.fj, 144.120.0.0/16"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.usp.ac.fj"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "proxy.usp.ac.fj"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-02-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-02-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-08] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2015-04-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2015-04-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\user.js [2015-03-31]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npffividiplg.dll [2012-11-06] (iVIDI.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\searchplugins\ask-web-search.xml [2015-03-13]
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\searchplugins\Ask.xml [2015-02-01]
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\searchplugins\softonic.xml [2013-12-02]
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\searchplugins\VideRest.xml [2013-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2015-02-01]
FF Extension: DailyBibleGuide - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\Extensions\2vffxtbr@www.dailybibleguide.com [2015-05-05]
FF Extension: Allin1Convert - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\Extensions\8hffxtbr@download.allin1convert.com [2015-05-09]
FF Extension: Internet Speed Tracker - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\Extensions\9tffxtbr@free.internetspeedtracker.com [2015-05-09]
FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\Extensions\artur.dubovoy@gmail.com [2015-05-27]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-103&v=a12627-162&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-103&v=a12627-162&t=4", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=&mi=58459ea4000000000000083e8e7ff86d&toi=16041"
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchURL: Default -> http://dts.search.ask.com/sr?src=cr...D101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\John\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (iVIDI.org plugin) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol [2013-11-19]
CHR Extension: (Notificatoin) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-11-19]
CHR Extension: (FVD Downloader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-11-15]
CHR Extension: (Minibar) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo [2013-11-11]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-10]
CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg [2013-11-20]
CHR HKU\S-1-5-21-2349919157-339670822-1832927227-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-11] (Hewlett-Packard Company) []
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) []
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-19] (Intel Corporation)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-26] () []
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone) []
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-02-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-26] (CyberLink)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-11] (Synaptics Incorporated)
S3 vodafone_zte_cdc_acm; C:\Windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys [79872 2011-05-20] (Vodafone)
S3 vodafone_zte_cpo; C:\Windows\system32\DRIVERS\vodafone_zte_cpo.sys [14336 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum; C:\Windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys [56320 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum_filter; C:\Windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [56320 2011-05-20] (Vodafone)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-04] (Hewlett-Packard Development Company, L.P.)
S1 apajelel; \??\C:\Windows\system32\drivers\apajelel.sys [X]
S1 gtdfocyb; \??\C:\Windows\system32\drivers\gtdfocyb.sys [X]
S1 zaxittys; \??\C:\Windows\system32\drivers\zaxittys.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 16:33 - 2015-05-27 16:41 - 00000000 ____D () C:\FRST
2015-05-27 16:02 - 2015-05-27 16:05 - 05628291 _____ (Swearware) C:\Users\John\Downloads\ComboFix.exe
2015-05-27 15:18 - 2015-05-27 15:18 - 03670080 _____ () C:\Users\John\Downloads\Bradford Dissolvable Agent(1).exe
2015-05-23 23:13 - 2015-05-23 23:13 - 00000000 __SHD () C:\found.006
2015-05-22 00:57 - 2015-05-22 00:57 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2015-05-18 21:53 - 2015-05-18 21:53 - 00451584 _____ () C:\Users\John\Downloads\MA111 Week 14 Lectures.ppt
2015-05-15 11:51 - 2015-05-15 12:03 - 26807941 _____ () C:\Users\John\Downloads\Zendaya Replay - RDMA 2014 Performance (Low).webm
2015-05-15 10:24 - 2015-05-15 10:35 - 26749288 _____ () C:\Users\John\Downloads\The Voice 2015 - Meghan, India and Koryn Faithfully (Low).webm
2015-05-14 11:00 - 2015-05-01 01:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 11:00 - 2015-05-01 01:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:14 - 2015-05-13 22:20 - 15934971 _____ () C:\Users\John\Downloads\The Voice 2015 Koryn Hawthorne - Live Playoffs How Great Thou Art (Low).webm
2015-05-13 18:38 - 2015-04-22 02:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 18:38 - 2015-04-22 02:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 18:38 - 2015-04-22 02:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 18:38 - 2015-04-22 02:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 18:38 - 2015-04-22 02:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 18:38 - 2015-04-22 02:33 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 18:38 - 2015-04-22 02:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 18:38 - 2015-04-22 02:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 18:38 - 2015-04-22 02:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 18:38 - 2015-04-22 02:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 18:38 - 2015-04-22 01:53 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 18:38 - 2015-04-22 01:53 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 18:38 - 2015-04-22 01:53 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 18:38 - 2015-04-22 01:52 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 18:38 - 2015-04-22 01:52 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 18:38 - 2015-04-22 01:52 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 18:38 - 2015-04-22 01:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 18:38 - 2015-04-22 01:52 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 18:38 - 2015-04-22 01:52 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 18:38 - 2015-04-22 01:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 18:38 - 2015-04-22 01:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 18:37 - 2015-04-22 02:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 18:37 - 2015-04-22 02:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 18:37 - 2015-04-22 02:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 18:37 - 2015-04-22 02:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 18:37 - 2015-04-22 02:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 18:37 - 2015-04-22 01:52 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 18:37 - 2015-04-22 01:52 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 18:37 - 2015-04-22 01:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 18:37 - 2015-04-18 14:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 18:37 - 2015-04-18 14:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 17:54 - 2015-03-14 12:55 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 17:54 - 2015-03-12 17:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 17:54 - 2015-03-12 17:31 - 01688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 17:54 - 2015-03-12 17:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-05-13 17:54 - 2015-03-12 15:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 17:53 - 2015-03-04 18:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 17:53 - 2015-03-04 18:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 17:53 - 2015-03-04 18:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 17:53 - 2015-03-04 16:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 17:53 - 2015-03-04 16:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 17:49 - 2015-04-13 17:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 17:48 - 2015-04-13 17:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 17:48 - 2015-04-13 17:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 17:48 - 2015-04-13 16:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 17:48 - 2015-04-13 15:25 - 04063744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 16:51 - 2015-02-18 19:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 16:51 - 2015-02-18 19:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2015-05-13 16:49 - 2015-05-02 18:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 16:49 - 2015-05-02 15:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 16:49 - 2015-05-02 15:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 16:49 - 2015-04-14 10:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-11 20:04 - 2015-05-11 20:21 - 28483198 _____ () C:\Users\John\Downloads\Ed Sheeran - Thinking out Loud (Cover by Matereti ft TheRelatiV) (Low).webm
2015-05-11 12:10 - 2015-05-11 15:05 - 398038044 _____ () C:\Users\John\Downloads\Comedy movies full movie english hollywood - Best action movies - Funny movies full length (Low).mp4
2015-05-06 00:43 - 2015-05-06 00:44 - 02747335 _____ () C:\Users\John\Downloads\Beyonce Feat Chris Brown - Jealous (Remix) (NEW RNB SONG APRIL 2015) (Low).webm
2015-05-04 13:23 - 2015-05-04 13:23 - 00704512 _____ () C:\Users\Guest.My_Pc.002\Documents\Palav Gounder.accdb
2015-05-03 11:02 - 2015-05-03 11:02 - 00002255 _____ () C:\Users\Guest.My_Pc.002\Desktop\Google Chrome.lnk
2015-05-01 08:12 - 2015-05-01 08:12 - 00000000 ____D () C:\Users\John\AppData\Local\{308C108A-1122-4949-9F4E-8CA73570F96A}
2015-04-30 15:00 - 2015-05-25 08:21 - 00002536 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2015-04-27 09:31 - 2015-04-27 09:31 - 00000000 ____D () C:\Users\John\AppData\Local\{959E8BBF-8266-444C-9575-4FD63E71784E}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 16:35 - 2013-11-10 12:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2015-05-27 16:13 - 2013-11-16 04:40 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2015-05-27 16:11 - 2014-04-03 15:37 - 00000000 ____D () C:\Users\John\AppData\Roaming\ClassicShell
2015-05-27 16:11 - 2013-11-11 01:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 16:02 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\system32\sru
2015-05-27 16:00 - 2015-04-16 10:54 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 15:35 - 2014-11-06 23:06 - 01097262 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 15:22 - 2012-07-26 19:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-27 13:58 - 2013-11-09 16:13 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2349919157-339670822-1832927227-1001
2015-05-27 10:59 - 2015-04-16 10:54 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 10:57 - 2015-02-07 12:15 - 00537810 _____ () C:\Windows\PFRO.log
2015-05-27 10:57 - 2012-07-26 19:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 10:45 - 2013-11-25 16:41 - 00000000 ____D () C:\Users\John\AppData\Roaming\Audacity
2015-05-27 10:35 - 2013-11-09 16:11 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2015-05-27 10:34 - 2013-11-29 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2015-05-27 10:34 - 2013-11-29 11:10 - 00000000 ____D () C:\Program Files (x86)\Vodafone
2015-05-27 10:31 - 2014-06-29 11:36 - 00000000 ____D () C:\Users\John\AppData\Roaming\Systweak
2015-05-27 10:23 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-27 10:23 - 2012-07-26 19:28 - 00006428 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 15:10 - 2013-03-15 17:08 - 00000000 ____D () C:\Users\John\Documents\Youcam
2015-05-26 07:56 - 2013-03-16 08:54 - 00000000 ____D () C:\Users\John\Documents\CyberLink
2015-05-26 01:34 - 2014-11-07 20:12 - 02923891 _____ () C:\Windows\setupact.log
2015-05-25 16:38 - 2015-03-23 00:35 - 00000000 ____D () C:\Users\John\Documents\abby's file
2015-05-25 08:21 - 2013-12-21 20:20 - 00002552 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2015-05-25 08:21 - 2012-08-18 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-25 00:25 - 2013-11-24 02:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\dvdcss
2015-05-24 00:03 - 2012-07-26 17:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2015-05-23 11:50 - 2013-11-09 13:03 - 00000000 ____D () C:\Users\John
2015-05-23 11:04 - 2013-12-18 14:16 - 00000000 ____D () C:\Users\Guest.My_Pc.002\AppData\Roaming\vlc
2015-05-23 11:02 - 2013-12-18 14:16 - 00000000 ____D () C:\Users\Guest.My_Pc.002\AppData\Local\CrashDumps
2015-05-23 10:47 - 2013-05-06 10:30 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Desktop\Part 1
2015-05-23 10:42 - 2013-03-31 18:01 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Documents\Youcam
2015-05-23 03:37 - 2015-03-28 20:16 - 00000000 ____D () C:\Windows\rescache
2015-05-23 03:10 - 2015-03-27 16:35 - 00148508 ____N () C:\Windows\Minidump\052315-34468-01.dmp
2015-05-23 03:10 - 2014-01-28 22:17 - 00000000 ____D () C:\Windows\Minidump
2015-05-19 16:28 - 2013-03-15 17:02 - 00000000 ____D () C:\Users\John\AppData\Local\Packages
2015-05-19 16:28 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-05-17 13:24 - 2014-12-03 13:14 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Desktop\JRachel
2015-05-16 13:19 - 2013-11-20 04:00 - 00000000 ____D () C:\Users\John\Documents\iStonsoft
2015-05-16 12:35 - 2013-03-15 17:08 - 00000000 ____D () C:\Users\John\Documents\JOE'S FILES
2015-05-14 15:07 - 2012-07-26 19:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 14:54 - 2015-03-15 16:30 - 00438720 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 14:50 - 2012-07-26 17:38 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 11:23 - 2013-11-09 13:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 11:18 - 2013-11-11 02:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 11:02 - 2013-11-11 02:41 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 10:57 - 2013-12-10 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 10:55 - 2013-12-10 20:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 10:55 - 2013-12-10 20:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-10 15:37 - 2014-07-09 15:39 - 00001350 _____ () C:\Users\Guest.My_Pc.002\Desktop\Clean Registry for Free!.lnk
2015-05-10 15:24 - 2015-02-05 07:54 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Desktop\Vilimaina
2015-05-08 00:15 - 2013-11-09 13:47 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Help
2015-05-06 05:49 - 2014-12-21 13:00 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-06 05:49 - 2014-12-21 13:00 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-06 02:54 - 2013-12-02 10:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\Software Informer
2015-04-30 14:52 - 2014-04-27 15:25 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Desktop\camera

==================== Files in the root of some directories =======

2014-09-08 22:03 - 2014-09-08 22:03 - 2423808 _____ () C:\Users\John\AppData\Roaming\asfsgwasrga.exe
2014-01-19 01:09 - 2014-10-30 22:12 - 0013312 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Guest.My_Pc.002\AppData\Local\Temp\5i46xx00.dll
C:\Users\Guest.My_Pc.002\AppData\Local\Temp\COMAP.EXE
C:\Users\Joe Nuve\AppData\Local\Temp\engine.exe
C:\Users\John\AppData\Local\Temp\c_gji-bh.dll
C:\Users\John\AppData\Local\Temp\engine.exe
C:\Users\John\AppData\Local\Temp\nnuzw9u8.dll
C:\Users\John\AppData\Local\Temp\ose00001.exe
C:\Users\John\AppData\Local\Temp\rzgy2hik.dll
C:\Users\John\AppData\Local\Temp\{61CC0B6B-0C17-49A9-87C5-F227E781DF9E}-39.0.2171.95_38.0.2125.111_chrome_updater.exe
C:\Users\John\AppData\Local\Temp\{907D24E7-5ECE-48A3-B8F4-5ED7883D0C1F}-39.0.2171.71_38.0.2125.111_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 15:29

==================== End of log ============================
 
Error appears when I want to install a Bradford program for wi-fi configurations..and probem such as system32/... something like that I cant remmber and I can't check now coz I just run the scan and instruction says to wait and not to install any program..please reply!!
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

I still need Addition.txt log from FRST.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle

Latest posts

Back