TechSpot

FRST.txt

By jamjam
May 27, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
    Ran by John (administrator) on MY_PC on 27-05-2015 16:40:52
    Running from C:\Users\John\Documents\Desktop
    Loaded Profiles: John (Available Profiles: John & Joe Nuve & abby's faith & Administrator & Guest)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    () C:\Program Files\WindowsApps\RevelSoftware.PianoTime_1.0.0.14_neutral__rm1v733ay04k0\Piano.exe
    (Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
    (Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
    (Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-10] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
    HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [2841088 2013-11-26] (Informer Technologies, Inc.)
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [ ] => F:\ .exe /Q
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [Snapshot_20140730_42.JPG] => F:\Snapshot_20140730_42.JPG.exe /a
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [Porn] => F:\ \Porn.exe /X
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Run: [Viber] => "C:\Users\John\AppData\Local\Viber\Viber.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\CurrentVersion\Windows: [Load] C:\Users\John\LOCALS~1\Temp\cctihovof.pif <===== ATTENTION
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Policies\Explorer: [TaskbarNoThumbnail] 0
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {01f4b4cd-76bd-11e3-be95-083e8e7ff86b} - "H:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {1283bfee-7976-11e3-be97-806e6f6e6963} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {17ae5a2a-8d2b-11e2-be72-083e8e7ff86b} - "G:\AutoRun.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {17ae5a3a-8d2b-11e2-be72-083e8e7ff86b} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {288f6584-7972-11e3-be96-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {2a52bd62-b6e9-11e3-beac-083e8e7ff86b} - "F:\Autorun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {341aeb9a-ab75-11e3-beaa-10604b493d09} - "F:\LGAutoRun.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {5bfde5a0-0887-11e4-befa-083e8e7ff86b} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\autorun.bat
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {620a99ed-0b17-11e4-bf04-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {66146bca-1bf3-11e3-bfa7-10604b493d09} - "F:\SetupWi-Fi.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {667351a6-0af8-11e4-bf03-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {667352e0-0af8-11e4-bf03-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {667352eb-0af8-11e4-bf03-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {724876f9-5e33-11e3-be82-10604b493d09} - "F:\LaunchU3.exe" -a
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {a9d70b93-16cb-11e3-bf8e-10604b493d09} - "F:\SetupWi-Fi.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {b105a847-0b1a-11e4-bf05-806e6f6e6963} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {b4e1a47a-e372-11e2-beef-083e8e7ff86b} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {be36a913-9799-11e4-8005-10604b493d09} - "F:\LGAutoRun.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {c7785790-0ab2-11e4-bf02-083e8e7ff86b} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {de769fff-023c-11e3-bf43-10604b493d09} - "F:\SetupWi-Fi.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {f07381e3-2219-11e3-bfb0-10604b493d09} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {f07381e7-2219-11e3-bfb0-10604b493d09} - "G:\setup_vmb_lite.exe" /checkApplicationPresence
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {f227088a-e64f-11e2-befe-10604b493d09} - "F:\SetupWi-Fi.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\MountPoints2: {f2271bbe-e64f-11e2-befe-10604b493d09} - "F:\SetupWi-Fi.exe"
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [330240 2012-07-26] (Microsoft Corporation)
    HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    Startup: C:\Users\Joe Nuve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-04-16]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk [2014-09-14]
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-2349919157-339670822-1832927227-1001] => proxy.usp.ac.fj:3128
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?pc=MSERT1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?pc=MSERT1
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://go.microsoft.com/fwlink/?linkid=42826
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://go.microsoft.com/fwlink/?linkid=42826
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...e/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40&OSP=
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...e/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40&OSP=
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...e/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40&OSP=
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL13/13
    HKU\S-1-5-21-2349919157-339670822-1832927227-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL13/13
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ie...D101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM-x32 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ie...D101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKLM-x32 -> {5F5651A3-7378-421F-9E36-3005C19D36E9} URL = ${SEARCH_URL}{searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ie...D101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {5CCA34E3-1520-4B0A-8D32-863BD1E21349} URL = http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {5F5651A3-7378-421F-9E36-3005C19D36E9} URL = http://www.dogpile.com/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {983E9E6E-1AA2-4B5A-B91D-A5CFF9C72854} URL = http://search.softonic.com/INF00176...59ea4000000000000083e8e7ff86d&toi=16041&r=281
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
    Toolbar: HKLM-x32 - No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - No File
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
    Toolbar: HKU\S-1-5-21-2349919157-339670822-1832927227-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Tcpip\Parameters: [DhcpNameServer] 144.120.29.3 8.8.8.8 144.120.28.3 144.120.8.57 144.120.8.32 144.120.28.41

    FireFox:
    ========
    FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default
    FF DefaultSearchEngine: Ask Web Search
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=8597AF9D-FECC-43F7-A188-17172946565B&n=781b3b6b&p2=^Z1^xdm040^YYA^fj&si=CILcpLWQrMUCFYmSvQodQxIATw
    FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=8597AF9D-FECC-43F7-A188-17172946565B&n=781b3b6b&ind=2015050603&p2=^Z1^xdm040^YYA^fj&si=CILcpLWQrMUCFYmSvQodQxIATw&searchfor=
    FF NetworkProxy: "backup.ftp", "proxy.usp.ac.fj"
    FF NetworkProxy: "backup.ftp_port", 3128
    FF NetworkProxy: "backup.socks", "proxy.usp.ac.fj"
    FF NetworkProxy: "backup.socks_port", 3128
    FF NetworkProxy: "backup.ssl", "proxy.usp.ac.fj"
    FF NetworkProxy: "backup.ssl_port", 3128
    FF NetworkProxy: "ftp", "proxy.usp.ac.fj"
    FF NetworkProxy: "ftp_port", 3128
    FF NetworkProxy: "http", "proxy.usp.ac.fj"
    FF NetworkProxy: "http_port", 3128
    FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, .usp.ac.fj, 144.120.0.0/16"
    FF NetworkProxy: "share_proxy_settings", true
    FF NetworkProxy: "socks", "proxy.usp.ac.fj"
    FF NetworkProxy: "socks_port", 3128
    FF NetworkProxy: "socks_version", 4
    FF NetworkProxy: "ssl", "proxy.usp.ac.fj"
    FF NetworkProxy: "ssl_port", 3128
    FF NetworkProxy: "type", 1
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-02-01] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-02-01] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-08] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-08] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2015-04-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2015-04-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\user.js [2015-03-31]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npffividiplg.dll [2012-11-06] (iVIDI.org)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\searchplugins\ask-web-search.xml [2015-03-13]
    FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\searchplugins\Ask.xml [2015-02-01]
    FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\searchplugins\softonic.xml [2013-12-02]
    FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\searchplugins\VideRest.xml [2013-11-19]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2015-02-01]
    FF Extension: DailyBibleGuide - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\Extensions\2vffxtbr@www.dailybibleguide.com [2015-05-05]
    FF Extension: Allin1Convert - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\Extensions\8hffxtbr@download.allin1convert.com [2015-05-09]
    FF Extension: Internet Speed Tracker - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\Extensions\9tffxtbr@free.internetspeedtracker.com [2015-05-09]
    FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pcq228et.default\Extensions\artur.dubovoy@gmail.com [2015-05-27]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-103&v=a12627-162&t=4
    CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-103&v=a12627-162&t=4", "hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=&mi=58459ea4000000000000083e8e7ff86d&toi=16041"
    CHR DefaultSearchKeyword: Default -> ask.com
    CHR DefaultSearchURL: Default -> http://dts.search.ask.com/sr?src=cr...D101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
    CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
    CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Users\John\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (iVIDI.org plugin) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\giacfgjdclhnmkacnfbaljbmpnelflol [2013-11-19]
    CHR Extension: (Notificatoin) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-11-19]
    CHR Extension: (FVD Downloader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-11-15]
    CHR Extension: (Minibar) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo [2013-11-11]
    CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-10]
    CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg [2013-11-20]
    CHR HKU\S-1-5-21-2349919157-339670822-1832927227-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-29]
    CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-29]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-11] (Hewlett-Packard Company) []
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) []
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-19] (Intel Corporation)
    R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-26] () []
    R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone) []
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-02-01] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
    S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-26] (CyberLink)
    S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-11] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-11] (Synaptics Incorporated)
    S3 vodafone_zte_cdc_acm; C:\Windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys [79872 2011-05-20] (Vodafone)
    S3 vodafone_zte_cpo; C:\Windows\system32\DRIVERS\vodafone_zte_cpo.sys [14336 2011-05-20] (Vodafone)
    S3 vodafone_zte_ecm_enum; C:\Windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys [56320 2011-05-20] (Vodafone)
    S3 vodafone_zte_ecm_enum_filter; C:\Windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [56320 2011-05-20] (Vodafone)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-04] (Hewlett-Packard Development Company, L.P.)
    S1 apajelel; \??\C:\Windows\system32\drivers\apajelel.sys [X]
    S1 gtdfocyb; \??\C:\Windows\system32\drivers\gtdfocyb.sys [X]
    S1 zaxittys; \??\C:\Windows\system32\drivers\zaxittys.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-27 16:33 - 2015-05-27 16:41 - 00000000 ____D () C:\FRST
    2015-05-27 16:02 - 2015-05-27 16:05 - 05628291 _____ (Swearware) C:\Users\John\Downloads\ComboFix.exe
    2015-05-27 15:18 - 2015-05-27 15:18 - 03670080 _____ () C:\Users\John\Downloads\Bradford Dissolvable Agent(1).exe
    2015-05-23 23:13 - 2015-05-23 23:13 - 00000000 __SHD () C:\found.006
    2015-05-22 00:57 - 2015-05-22 00:57 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
    2015-05-18 21:53 - 2015-05-18 21:53 - 00451584 _____ () C:\Users\John\Downloads\MA111 Week 14 Lectures.ppt
    2015-05-15 11:51 - 2015-05-15 12:03 - 26807941 _____ () C:\Users\John\Downloads\Zendaya Replay - RDMA 2014 Performance (Low).webm
    2015-05-15 10:24 - 2015-05-15 10:35 - 26749288 _____ () C:\Users\John\Downloads\The Voice 2015 - Meghan, India and Koryn Faithfully (Low).webm
    2015-05-14 11:00 - 2015-05-01 01:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-14 11:00 - 2015-05-01 01:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 22:14 - 2015-05-13 22:20 - 15934971 _____ () C:\Users\John\Downloads\The Voice 2015 Koryn Hawthorne - Live Playoffs How Great Thou Art (Low).webm
    2015-05-13 18:38 - 2015-04-22 02:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-13 18:38 - 2015-04-22 02:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-13 18:38 - 2015-04-22 02:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-13 18:38 - 2015-04-22 02:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-13 18:38 - 2015-04-22 02:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-13 18:38 - 2015-04-22 02:33 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-05-13 18:38 - 2015-04-22 02:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-13 18:38 - 2015-04-22 02:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-13 18:38 - 2015-04-22 02:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-13 18:38 - 2015-04-22 02:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-13 18:38 - 2015-04-22 01:53 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-13 18:38 - 2015-04-22 01:53 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-13 18:38 - 2015-04-22 01:53 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-13 18:38 - 2015-04-22 01:52 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-13 18:38 - 2015-04-22 01:52 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-13 18:38 - 2015-04-22 01:52 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-13 18:38 - 2015-04-22 01:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-13 18:38 - 2015-04-22 01:52 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-05-13 18:38 - 2015-04-22 01:52 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-13 18:38 - 2015-04-22 01:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-13 18:38 - 2015-04-22 01:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-13 18:37 - 2015-04-22 02:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-13 18:37 - 2015-04-22 02:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-13 18:37 - 2015-04-22 02:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-13 18:37 - 2015-04-22 02:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-13 18:37 - 2015-04-22 02:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-13 18:37 - 2015-04-22 01:52 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-13 18:37 - 2015-04-22 01:52 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-13 18:37 - 2015-04-22 01:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-13 18:37 - 2015-04-18 14:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-13 18:37 - 2015-04-18 14:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-13 17:54 - 2015-03-14 12:55 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-05-13 17:54 - 2015-03-12 17:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-13 17:54 - 2015-03-12 17:31 - 01688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
    2015-05-13 17:54 - 2015-03-12 17:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
    2015-05-13 17:54 - 2015-03-12 15:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-13 17:53 - 2015-03-04 18:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-13 17:53 - 2015-03-04 18:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-13 17:53 - 2015-03-04 18:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-13 17:53 - 2015-03-04 16:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-13 17:53 - 2015-03-04 16:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-13 17:49 - 2015-04-13 17:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-13 17:48 - 2015-04-13 17:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-13 17:48 - 2015-04-13 17:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-13 17:48 - 2015-04-13 16:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-13 17:48 - 2015-04-13 15:25 - 04063744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-13 16:51 - 2015-02-18 19:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-05-13 16:51 - 2015-02-18 19:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
    2015-05-13 16:49 - 2015-05-02 18:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-05-13 16:49 - 2015-05-02 15:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-13 16:49 - 2015-05-02 15:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-13 16:49 - 2015-04-14 10:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-05-11 20:04 - 2015-05-11 20:21 - 28483198 _____ () C:\Users\John\Downloads\Ed Sheeran - Thinking out Loud (Cover by Matereti ft TheRelatiV) (Low).webm
    2015-05-11 12:10 - 2015-05-11 15:05 - 398038044 _____ () C:\Users\John\Downloads\Comedy movies full movie english hollywood - Best action movies - Funny movies full length (Low).mp4
    2015-05-06 00:43 - 2015-05-06 00:44 - 02747335 _____ () C:\Users\John\Downloads\Beyonce Feat Chris Brown - Jealous (Remix) (NEW RNB SONG APRIL 2015) (Low).webm
    2015-05-04 13:23 - 2015-05-04 13:23 - 00704512 _____ () C:\Users\Guest.My_Pc.002\Documents\Palav Gounder.accdb
    2015-05-03 11:02 - 2015-05-03 11:02 - 00002255 _____ () C:\Users\Guest.My_Pc.002\Desktop\Google Chrome.lnk
    2015-05-01 08:12 - 2015-05-01 08:12 - 00000000 ____D () C:\Users\John\AppData\Local\{308C108A-1122-4949-9F4E-8CA73570F96A}
    2015-04-30 15:00 - 2015-05-25 08:21 - 00002536 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
    2015-04-27 09:31 - 2015-04-27 09:31 - 00000000 ____D () C:\Users\John\AppData\Local\{959E8BBF-8266-444C-9575-4FD63E71784E}

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-27 16:35 - 2013-11-10 12:44 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
    2015-05-27 16:13 - 2013-11-16 04:40 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
    2015-05-27 16:11 - 2014-04-03 15:37 - 00000000 ____D () C:\Users\John\AppData\Roaming\ClassicShell
    2015-05-27 16:11 - 2013-11-11 01:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-27 16:02 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\system32\sru
    2015-05-27 16:00 - 2015-04-16 10:54 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-27 15:35 - 2014-11-06 23:06 - 01097262 _____ () C:\Windows\WindowsUpdate.log
    2015-05-27 15:22 - 2012-07-26 19:59 - 00000000 ____D () C:\Windows\CbsTemp
    2015-05-27 13:58 - 2013-11-09 16:13 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2349919157-339670822-1832927227-1001
    2015-05-27 10:59 - 2015-04-16 10:54 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-27 10:57 - 2015-02-07 12:15 - 00537810 _____ () C:\Windows\PFRO.log
    2015-05-27 10:57 - 2012-07-26 19:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-27 10:45 - 2013-11-25 16:41 - 00000000 ____D () C:\Users\John\AppData\Roaming\Audacity
    2015-05-27 10:35 - 2013-11-09 16:11 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
    2015-05-27 10:34 - 2013-11-29 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
    2015-05-27 10:34 - 2013-11-29 11:10 - 00000000 ____D () C:\Program Files (x86)\Vodafone
    2015-05-27 10:31 - 2014-06-29 11:36 - 00000000 ____D () C:\Users\John\AppData\Roaming\Systweak
    2015-05-27 10:23 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\system32\NDF
    2015-05-27 10:23 - 2012-07-26 19:28 - 00006428 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-26 15:10 - 2013-03-15 17:08 - 00000000 ____D () C:\Users\John\Documents\Youcam
    2015-05-26 07:56 - 2013-03-16 08:54 - 00000000 ____D () C:\Users\John\Documents\CyberLink
    2015-05-26 01:34 - 2014-11-07 20:12 - 02923891 _____ () C:\Windows\setupact.log
    2015-05-25 16:38 - 2015-03-23 00:35 - 00000000 ____D () C:\Users\John\Documents\abby's file
    2015-05-25 08:21 - 2013-12-21 20:20 - 00002552 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
    2015-05-25 08:21 - 2012-08-18 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-05-25 00:25 - 2013-11-24 02:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\dvdcss
    2015-05-24 00:03 - 2012-07-26 17:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
    2015-05-23 11:50 - 2013-11-09 13:03 - 00000000 ____D () C:\Users\John
    2015-05-23 11:04 - 2013-12-18 14:16 - 00000000 ____D () C:\Users\Guest.My_Pc.002\AppData\Roaming\vlc
    2015-05-23 11:02 - 2013-12-18 14:16 - 00000000 ____D () C:\Users\Guest.My_Pc.002\AppData\Local\CrashDumps
    2015-05-23 10:47 - 2013-05-06 10:30 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Desktop\Part 1
    2015-05-23 10:42 - 2013-03-31 18:01 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Documents\Youcam
    2015-05-23 03:37 - 2015-03-28 20:16 - 00000000 ____D () C:\Windows\rescache
    2015-05-23 03:10 - 2015-03-27 16:35 - 00148508 ____N () C:\Windows\Minidump\052315-34468-01.dmp
    2015-05-23 03:10 - 2014-01-28 22:17 - 00000000 ____D () C:\Windows\Minidump
    2015-05-19 16:28 - 2013-03-15 17:02 - 00000000 ____D () C:\Users\John\AppData\Local\Packages
    2015-05-19 16:28 - 2012-07-26 20:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2015-05-17 13:24 - 2014-12-03 13:14 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Desktop\JRachel
    2015-05-16 13:19 - 2013-11-20 04:00 - 00000000 ____D () C:\Users\John\Documents\iStonsoft
    2015-05-16 12:35 - 2013-03-15 17:08 - 00000000 ____D () C:\Users\John\Documents\JOE'S FILES
    2015-05-14 15:07 - 2012-07-26 19:52 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-14 14:54 - 2015-03-15 16:30 - 00438720 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-14 14:50 - 2012-07-26 17:38 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2015-05-14 11:23 - 2013-11-09 13:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-14 11:18 - 2013-11-11 02:41 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-14 11:02 - 2013-11-11 02:41 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-05-14 10:57 - 2013-12-10 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-14 10:55 - 2013-12-10 20:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-05-14 10:55 - 2013-12-10 20:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-10 15:37 - 2014-07-09 15:39 - 00001350 _____ () C:\Users\Guest.My_Pc.002\Desktop\Clean Registry for Free!.lnk
    2015-05-10 15:24 - 2015-02-05 07:54 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Desktop\Vilimaina
    2015-05-08 00:15 - 2013-11-09 13:47 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Help
    2015-05-06 05:49 - 2014-12-21 13:00 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-05-06 05:49 - 2014-12-21 13:00 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-05-06 02:54 - 2013-12-02 10:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\Software Informer
    2015-04-30 14:52 - 2014-04-27 15:25 - 00000000 ____D () C:\Users\Guest.My_Pc.002\Desktop\camera

    ==================== Files in the root of some directories =======

    2014-09-08 22:03 - 2014-09-08 22:03 - 2423808 _____ () C:\Users\John\AppData\Roaming\asfsgwasrga.exe
    2014-01-19 01:09 - 2014-10-30 22:12 - 0013312 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    Some files in TEMP:
    ====================
    C:\Users\Guest.My_Pc.002\AppData\Local\Temp\5i46xx00.dll
    C:\Users\Guest.My_Pc.002\AppData\Local\Temp\COMAP.EXE
    C:\Users\Joe Nuve\AppData\Local\Temp\engine.exe
    C:\Users\John\AppData\Local\Temp\c_gji-bh.dll
    C:\Users\John\AppData\Local\Temp\engine.exe
    C:\Users\John\AppData\Local\Temp\nnuzw9u8.dll
    C:\Users\John\AppData\Local\Temp\ose00001.exe
    C:\Users\John\AppData\Local\Temp\rzgy2hik.dll
    C:\Users\John\AppData\Local\Temp\{61CC0B6B-0C17-49A9-87C5-F227E781DF9E}-39.0.2171.95_38.0.2125.111_chrome_updater.exe
    C:\Users\John\AppData\Local\Temp\{907D24E7-5ECE-48A3-B8F4-5ED7883D0C1F}-39.0.2171.71_38.0.2125.111_chrome_updater.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-25 15:29

    ==================== End of log ============================
     
  2. jamjam

    jamjam TS Rookie Topic Starter

    Ok the Error is Bad Image error.. engine.exe Bad Image...Please check if it is fixed!!!
     
  3. jamjam

    jamjam TS Rookie Topic Starter

    Error appears when I want to install a Bradford program for wi-fi configurations..and probem such as system32/... something like that I cant remmber and I can't check now coz I just run the scan and instruction says to wait and not to install any program..please reply!!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    I still need Addition.txt log from FRST.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...