Jump to content

I think I'm Infected


Recommended Posts

So, I downloaded some file, and I got infected. Yesterday, I ran a quick scan with Malwarebytes, it found 2 Trojans and 34 PUPs. Then, I got Malwarebytes Pro Premium and it found 1 PUP. Today, when I use Google Chrome and search for something in the top bar, it redirects to an amazingsearch thingy.

So, Malwarebytes just found PUP.Optional.AmazingSearches.A. I quarantined it. I would like to see if everything is still okay in my computer, and I have no more viruses. Thanks!

------------------------------------------------------------------------------------------------------------------------------

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-04-2014 01

Ran by RAJAN (administrator) on RAJGANGA on 16-04-2014 10:16:28
Running from C:\Documents and Settings\RAJAN\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Barracuda Networks) C:\Program Files\BarracudaAgent\dhcp.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\RAJAN\Local Settings\Temp\RtkBtMnt.exe
(Dropbox, Inc.) C:\Documents and Settings\RAJAN\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [LaunchApp] => Alaunch
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18082304 2008-12-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-05-13] (Dritek System Inc.)
HKLM\...\Run: [iMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PLFSetL] => C:\WINDOWS\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [brStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Winlogon: [uIHost] C:\Documents and Settings\All Users\Application Data\AVG\AWL2012\WinStyler\tu_logonui.exe [x ] ()
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-3284996926-787306573-3978696968-1006\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3284996926-787306573-3978696968-1006\...\MountPoints2: {0fead507-35a0-11de-af8a-000000000000} - D:\AllTool.exe
HKU\S-1-5-21-3284996926-787306573-3978696968-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3284996926-787306573-3978696968-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0fead507-35a0-11de-af8a-000000000000} - D:\AllTool.exe
HKU\S-1-5-21-3284996926-787306573-3978696968-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0fead507-35a0-11de-af8a-000000000000} - D:\AllTool.exe
Startup: C:\Documents and Settings\RAJAN\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Documents and Settings\RAJAN\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\RAJAN\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aoa150
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51
SearchScopes: HKCU - {CD18A9FF-3124-4E14-B8E7-ABA7175D1DCD} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\RAJAN\Application Data\Mozilla\Firefox\Profiles\k0cq6cdw.default
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\RAJAN\Application Data\Mozilla\Firefox\Profiles\k0cq6cdw.default\Extensions\staged [2014-04-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-23]
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51
CHR DefaultNewTabURL: 
CHR Extension: (Adblock Plus) - C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-12]
CHR Extension: (APNG) - C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2014-04-12]
CHR Extension: (Speedy Shopper) - C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2014-04-15]
CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb [2014-04-15]
CHR Extension: (sAvve Net) - C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg [2014-04-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-23]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
 
========================== Services (Whitelisted) =================
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-09-19] ()
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 dhcpe; C:\Program Files\BarracudaAgent\dhcp.exe [293816 2010-02-12] (Barracuda Networks)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1318464 2008-08-20] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [19712 2005-12-21] (Pinnacle Systems, Inc.)
S3 entegraNG; C:\WINDOWS\System32\DRIVERS\entegraNG.sys [26864 2009-11-23] (Phion AG)
S3 FiltUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
R3 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-15] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 ScanUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
S2 adfs; No ImagePath
S4 IntelIde; No ImagePath
S1 MpKsl7f124262; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9DC2881-A44F-4ED2-8E90-7C34B2617E36}\MpKsl7f124262.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-16 10:16 - 2014-04-16 10:17 - 00016250 _____ () C:\Documents and Settings\RAJAN\Desktop\FRST.txt
2014-04-16 10:15 - 2014-04-16 10:16 - 00000000 ___DC () C:\FRST
2014-04-16 10:14 - 2014-04-16 10:12 - 01146368 _____ (Farbar) C:\Documents and Settings\RAJAN\Desktop\FRST.exe
2014-04-15 19:49 - 2014-04-15 21:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 19:48 - 2014-04-15 19:48 - 00000781 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-15 19:48 - 2014-04-15 19:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-15 19:47 - 2014-04-15 19:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-15 19:10 - 2014-04-15 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SNT
2014-04-15 19:08 - 2014-04-15 19:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SuperbApp
2014-04-15 19:06 - 2014-04-15 19:33 - 00000000 ____D () C:\Program Files\save net
2014-04-15 19:06 - 2014-04-15 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\save net
2014-04-15 19:06 - 2014-04-15 19:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\b8c03aa765f7a4f1
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\HelpAssistant
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Guest
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\ASPNET
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
2014-04-15 11:16 - 2014-04-15 11:22 - 00041771 _____ () C:\Documents and Settings\RAJAN\My Documents\fortune500.odt
2014-04-15 11:16 - 2014-04-15 11:22 - 00000119 ____H () C:\Documents and Settings\RAJAN\My Documents\.~lock.fortune500.odt#
2014-04-13 14:22 - 2014-04-13 14:27 - 00711975 _____ () C:\Documents and Settings\RAJAN\My Documents\pianotestpg4.pdn
2014-04-13 14:09 - 2014-04-13 14:09 - 01331147 _____ () C:\Documents and Settings\RAJAN\My Documents\pianotestpg3.pdn
2014-04-13 13:42 - 2014-04-13 13:42 - 00203385 _____ () C:\Documents and Settings\RAJAN\My Documents\pianotestpg2.pdn
2014-04-13 13:07 - 2014-04-13 13:19 - 00126960 _____ () C:\Documents and Settings\RAJAN\My Documents\PIANOTEST.pdn
2014-04-12 15:13 - 2014-04-16 10:02 - 00007059 _____ () C:\WINDOWS\setupapi.log
2014-04-12 13:53 - 2014-04-12 13:53 - 00000074 _____ () C:\Documents and Settings\RAJAN\My Documents\faster.bat
2014-04-12 13:51 - 2014-04-12 13:51 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-04-12 13:51 - 2014-04-12 13:51 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-12 13:48 - 2014-04-12 13:50 - 00000000 ____D () C:\WINDOWS\pss
2014-04-11 21:26 - 2014-04-11 21:26 - 00000159 _____ () C:\Documents and Settings\RAJAN\My Documents\oldpostlayout.txt
2014-03-31 20:45 - 2014-04-04 17:58 - 00001866 _____ () C:\Documents and Settings\RAJAN\.hxcpp_config.xml
2014-03-31 20:45 - 2014-04-04 17:58 - 00000038 _____ () C:\Documents and Settings\RAJAN\.haxelib
2014-03-31 20:45 - 2014-03-31 20:45 - 00000064 _____ () C:\Documents and Settings\RAJAN\mm.cfg
2014-03-31 20:19 - 2014-04-04 18:39 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\Stencyl
2014-03-23 20:08 - 2014-03-23 20:08 - 00000047 _____ () C:\Documents and Settings\RAJAN\.jupload.properties
2014-03-23 17:12 - 2014-03-23 17:15 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\X-Chat 2
2014-03-20 20:06 - 2014-03-20 20:06 - 00000782 _____ () C:\Documents and Settings\RAJAN\Desktop\Scratch.lnk
2014-03-20 20:06 - 2014-03-20 20:06 - 00000000 ____D () C:\Program Files\Scratch
2014-03-20 20:06 - 2014-03-20 20:06 - 00000000 ____D () C:\Documents and Settings\RAJAN\Start Menu\Programs\Scratch
2014-03-19 20:24 - 2014-04-15 12:09 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\FileZilla
2014-03-19 20:24 - 2014-03-19 20:24 - 00001667 _____ () C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
2014-03-19 20:24 - 2014-03-19 20:24 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-03-19 20:24 - 2014-03-19 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
 
==================== One Month Modified Files and Folders =======
 
2014-04-16 10:17 - 2014-04-16 10:16 - 00016250 _____ () C:\Documents and Settings\RAJAN\Desktop\FRST.txt
2014-04-16 10:16 - 2014-04-16 10:15 - 00000000 ___DC () C:\FRST
2014-04-16 10:16 - 2013-07-08 14:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-16 10:12 - 2014-04-16 10:14 - 01146368 _____ (Farbar) C:\Documents and Settings\RAJAN\Desktop\FRST.exe
2014-04-16 10:02 - 2014-04-12 15:13 - 00007059 _____ () C:\WINDOWS\setupapi.log
2014-04-15 21:41 - 2014-03-04 17:30 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-15 21:37 - 2014-04-15 19:49 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 20:42 - 2009-05-23 20:35 - 00000000 ____D () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Deployment
2014-04-15 19:48 - 2014-04-15 19:48 - 00000781 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-15 19:48 - 2014-04-15 19:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-15 19:48 - 2014-04-15 19:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-15 19:48 - 2013-07-28 22:26 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\Malwarebytes
2014-04-15 19:48 - 2013-07-28 22:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-15 19:46 - 2013-07-11 19:48 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-15 19:42 - 2013-07-22 21:23 - 00000000 ___RD () C:\Documents and Settings\RAJAN\My Documents\Dropbox
2014-04-15 19:42 - 2013-07-22 21:17 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\Dropbox
2014-04-15 19:41 - 2009-01-20 15:30 - 00000259 _____ () C:\WINDOWS\wiadebug.log
2014-04-15 19:38 - 2014-03-04 17:30 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 19:36 - 2013-10-08 07:01 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-15 19:36 - 2009-01-20 19:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-15 19:35 - 2009-05-23 19:41 - 00000178 ___SH () C:\Documents and Settings\RAJAN\ntuser.ini
2014-04-15 19:35 - 2009-01-20 19:12 - 00032574 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-15 19:35 - 2009-01-20 14:08 - 00000000 ____D () C:\WINDOWS\addins
2014-04-15 19:33 - 2014-04-15 19:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SNT
2014-04-15 19:33 - 2014-04-15 19:06 - 00000000 ____D () C:\Program Files\save net
2014-04-15 19:33 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\save net
2014-04-15 19:10 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\b8c03aa765f7a4f1
2014-04-15 19:09 - 2014-04-15 19:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SuperbApp
2014-04-15 19:09 - 2013-07-08 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InstallMate
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\HelpAssistant
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Guest
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\ASPNET
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
2014-04-15 19:06 - 2013-09-21 13:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-04-15 19:06 - 2009-05-23 19:41 - 00000000 ____D () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google
2014-04-15 13:39 - 2013-07-18 16:05 - 00000000 ____D () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Paint.NET
2014-04-15 12:09 - 2014-03-19 20:24 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\FileZilla
2014-04-15 11:22 - 2014-04-15 11:16 - 00041771 _____ () C:\Documents and Settings\RAJAN\My Documents\fortune500.odt
2014-04-15 11:22 - 2014-04-15 11:16 - 00000119 ____H () C:\Documents and Settings\RAJAN\My Documents\.~lock.fortune500.odt#
2014-04-15 10:29 - 2013-12-10 22:48 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\Synthesia
2014-04-13 14:27 - 2014-04-13 14:22 - 00711975 _____ () C:\Documents and Settings\RAJAN\My Documents\pianotestpg4.pdn
2014-04-13 14:09 - 2014-04-13 14:09 - 01331147 _____ () C:\Documents and Settings\RAJAN\My Documents\pianotestpg3.pdn
2014-04-13 13:42 - 2014-04-13 13:42 - 00203385 _____ () C:\Documents and Settings\RAJAN\My Documents\pianotestpg2.pdn
2014-04-13 13:19 - 2014-04-13 13:07 - 00126960 _____ () C:\Documents and Settings\RAJAN\My Documents\PIANOTEST.pdn
2014-04-12 14:00 - 2009-01-20 16:20 - 00607546 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-12 13:53 - 2014-04-12 13:53 - 00000074 _____ () C:\Documents and Settings\RAJAN\My Documents\faster.bat
2014-04-12 13:51 - 2014-04-12 13:51 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-04-12 13:51 - 2014-04-12 13:51 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-12 13:50 - 2014-04-12 13:48 - 00000000 ____D () C:\WINDOWS\pss
2014-04-12 13:50 - 2009-01-20 19:12 - 00000389 _RSHC () C:\boot.ini
2014-04-12 13:50 - 2009-01-20 14:11 - 00000477 _____ () C:\WINDOWS\win.ini
2014-04-12 13:50 - 2009-01-20 06:04 - 00000227 _____ () C:\WINDOWS\system.ini
2014-04-12 13:39 - 2009-05-23 19:41 - 00000000 ____D () C:\Documents and Settings\RAJAN
2014-04-12 13:38 - 2013-07-29 15:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-12 12:49 - 2013-07-17 12:02 - 00018944 _____ () C:\Documents and Settings\RAJAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-11 21:26 - 2014-04-11 21:26 - 00000159 _____ () C:\Documents and Settings\RAJAN\My Documents\oldpostlayout.txt
2014-04-11 16:28 - 2013-07-23 10:49 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-10 16:51 - 2014-03-04 17:32 - 00001817 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-07 07:00 - 2013-08-06 20:19 - 00000000 ____D () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Anvil Studio
2014-04-06 15:47 - 2013-12-20 21:13 - 00000000 ____D () C:\Documents and Settings\RAJAN\My Documents\My CamStudio Temp Files
2014-04-06 15:47 - 2013-12-20 21:07 - 00004548 _____ () C:\Documents and Settings\RAJAN\Application Data\CamStudio.cfg
2014-04-06 15:47 - 2013-12-20 21:07 - 00000408 _____ () C:\Documents and Settings\RAJAN\Application Data\CamShapes.ini
2014-04-06 15:47 - 2013-12-20 21:07 - 00000408 _____ () C:\Documents and Settings\RAJAN\Application Data\CamLayout.ini
2014-04-06 15:47 - 2013-12-20 21:07 - 00000145 _____ () C:\Documents and Settings\RAJAN\Application Data\Camdata.ini
2014-04-06 15:45 - 2013-12-20 21:07 - 00000096 _____ () C:\Documents and Settings\RAJAN\Application Data\version2.xml
2014-04-05 17:09 - 2013-07-01 18:05 - 00000000 ____D () C:\Documents and Settings\RAJAN\My Documents\Pranav's Folder
2014-04-04 18:39 - 2014-03-31 20:19 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\Stencyl
2014-04-04 17:58 - 2014-03-31 20:45 - 00001866 _____ () C:\Documents and Settings\RAJAN\.hxcpp_config.xml
2014-04-04 17:58 - 2014-03-31 20:45 - 00000038 _____ () C:\Documents and Settings\RAJAN\.haxelib
2014-04-04 17:12 - 2013-09-05 12:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-03 09:51 - 2013-07-29 15:18 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2013-07-28 22:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-31 20:45 - 2014-03-31 20:45 - 00000064 _____ () C:\Documents and Settings\RAJAN\mm.cfg
2014-03-29 09:00 - 2013-11-08 18:03 - 00002293 _____ () C:\Documents and Settings\All Users\Desktop\Anvil Studio.lnk
2014-03-28 21:36 - 2013-10-08 07:00 - 03732768 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-24 19:59 - 2013-11-09 20:03 - 00000740 _____ () C:\Documents and Settings\RAJAN\Desktop\Notepad++.lnk
2014-03-24 19:59 - 2013-11-09 20:03 - 00000000 ____D () C:\Program Files\Notepad++
2014-03-24 18:14 - 2013-10-07 20:58 - 00095904 _____ () C:\Documents and Settings\RAJAN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-23 20:08 - 2014-03-23 20:08 - 00000047 _____ () C:\Documents and Settings\RAJAN\.jupload.properties
2014-03-23 17:15 - 2014-03-23 17:12 - 00000000 ____D () C:\Documents and Settings\RAJAN\Application Data\X-Chat 2
2014-03-20 21:30 - 2013-11-08 18:03 - 00001904 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Anvil Studio.lnk
2014-03-20 21:30 - 2013-11-08 18:03 - 00000000 ____D () C:\Program Files\Anvil Studio 2013
2014-03-20 20:06 - 2014-03-20 20:06 - 00000782 _____ () C:\Documents and Settings\RAJAN\Desktop\Scratch.lnk
2014-03-20 20:06 - 2014-03-20 20:06 - 00000000 ____D () C:\Program Files\Scratch
2014-03-20 20:06 - 2014-03-20 20:06 - 00000000 ____D () C:\Documents and Settings\RAJAN\Start Menu\Programs\Scratch
2014-03-19 20:24 - 2014-03-19 20:24 - 00001667 _____ () C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
2014-03-19 20:24 - 2014-03-19 20:24 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-03-19 20:24 - 2014-03-19 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
2014-03-17 18:05 - 2009-01-20 19:12 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
 
Files to move or delete:
====================
C:\Documents and Settings\RAJAN\Application Data\CamLayout.ini
C:\Documents and Settings\RAJAN\Application Data\CamShapes.ini
C:\Documents and Settings\RAJAN\Application Data\CamStudio.Producer.Data.ini
 
 
Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1e813596.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-28b7f991.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2b4707eb.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-435cf1ca.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-78c78f31.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a1834141.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-efe2f3cb.exe
C:\Documents and Settings\RAJAN\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\RAJAN\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
-----------------------------------------------------------------------------------------------------------------------------Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-04-2014 01
Ran by RAJAN at 2014-04-16 10:20:01
Running from C:\Documents and Settings\RAJAN\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acer 3G Connection Manager (HKLM\...\{6681A360-D3F1-4A28-90C5-FD7991D7517D}) (Version: 2.14.99 - Acer)
Acer Crystal Eye webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.33.001 - Sonix)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0613 - Acer Incorporated)
Acer System Information (HKLM\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Anvil Studio (HKLM\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.4 (HKLM\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4020.3 - AVG Technologies) Hidden
Barracuda NG SSL VPN Client (HKLM\...\{0000416B-2997-4B6B-AC91-8E9BE6D5CD9D}) (Version: 6.03.051 - Barracuda Networks, Inc)
Brother MFL-Pro Suite MFC-J410W (HKLM\...\{31FD9031-FA28-4F73-9FD1-D7E9997C41CE}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
calibre (HKLM\...\{260CE6D4-9FB5-47CB-8425-BEE666F40FC0}) (Version: 1.7.0 - Kovid Goyal)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CamStudio Lossless Codec v1.5 (HKLM\...\camcodec) (Version: 1.5 - CamStudio)
Camtasia Studio 8 (HKLM\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CTools (HKLM\...\{5FD6386C-99A9-4EBC-A247-5EB6C8A9B147}) (Version: 1.0.8 - Chadsoft)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
FileZilla Client 3.7.4.1 (HKLM\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
Free Video To Audio Converter 2014 4.6.1 (HKLM\...\Free Video To Audio Converter 2014_is1) (Version:  - FAEMedia Co., Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HHD Software Free Hex Editor Neo 5.14 (HKCU\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.14.0.4787 - HHD Software, Ltd.)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Install Creator Pro (HKLM\...\Install Creator Pro) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.16.01 - JMicron Technology Corp.)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Launch Manager (HKLM\...\LManager) (Version:  - )
LibreOffice 4.1 Help Pack (English (United States)) (HKLM\...\{56764D4E-FDC1-4002-8019-4DB0DC975403}) (Version: 4.1.2.3 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Paint.NET Toli Effects (HKLM\...\{DD8CC325-BC7E-4424-8934-3BB451ABFEF3}) (Version: 2.0.0 - Toli Cuturicu)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
Pinnacle Instant DVD Recorder (HKCU\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.127 - Pinnacle Systems)
PyQt GPL v4.10.3 for Python v2.7 (x32) (HKLM\...\PyQt GPL v4.10.3 for Python v2.7 (x32)) (Version: 4.10.3 - )
Python 2.7.6 (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.20.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5772 - Realtek Semiconductor Corp.)
Scratch (HKLM\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Synthesia (HKLM\...\Synthesia) (Version: 9 - Synthesia LLC)
SZS Modifier (HKLM\...\{F6D8F2FE-B9BE-4C7C-98F2-2954B5A26AF2}) (Version: 2.5.2 - ChadSoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.48 - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
 
==================== Restore Points  =========================
 
16-01-2014 23:16:07 System Checkpoint
18-01-2014 01:03:29 System Checkpoint
19-01-2014 01:23:48 System Checkpoint
20-01-2014 13:57:39 System Checkpoint
21-01-2014 21:59:00 System Checkpoint
23-01-2014 00:45:41 System Checkpoint
23-01-2014 23:59:50 Installed Anvil Studio
25-01-2014 00:11:41 System Checkpoint
28-01-2014 22:19:27 System Checkpoint
29-01-2014 23:00:00 System Checkpoint
31-01-2014 00:12:39 System Checkpoint
01-02-2014 01:50:17 System Checkpoint
03-02-2014 15:18:57 System Checkpoint
04-02-2014 22:50:52 System Checkpoint
05-02-2014 23:31:50 System Checkpoint
07-02-2014 00:02:53 System Checkpoint
08-02-2014 00:28:11 System Checkpoint
09-02-2014 15:59:41 System Checkpoint
10-02-2014 21:10:13 System Checkpoint
10-02-2014 23:29:47 Removed LibreOffice 4.1.3.2
10-02-2014 23:36:31 Installed LibreOffice 4.1.4.2
12-02-2014 23:00:10 System Checkpoint
14-02-2014 01:35:57 System Checkpoint
15-02-2014 16:07:34 System Checkpoint
16-02-2014 22:49:28 System Checkpoint
16-02-2014 23:11:56 Installed Java 7 Update 51
17-02-2014 23:42:43 System Checkpoint
18-02-2014 00:37:29 Installed Barracuda NG SSL VPN Client.
19-02-2014 01:07:25 System Checkpoint
20-02-2014 23:35:03 System Checkpoint
23-02-2014 15:10:25 System Checkpoint
24-02-2014 23:05:16 System Checkpoint
26-02-2014 21:39:04 System Checkpoint
27-02-2014 23:43:09 System Checkpoint
01-03-2014 03:22:26 System Checkpoint
02-03-2014 03:40:32 System Checkpoint
03-03-2014 21:55:11 System Checkpoint
04-03-2014 01:01:56 Removed Barracuda NG SSL VPN Client.
04-03-2014 21:10:04 Installed Microsoft Visual C++ 2005 Redistributable
06-03-2014 01:43:15 System Checkpoint
07-03-2014 21:37:26 System Checkpoint
18-03-2014 02:04:50 System Checkpoint
20-03-2014 00:56:02 System Checkpoint
21-03-2014 01:30:12 Installed Anvil Studio
22-03-2014 13:01:12 System Checkpoint
23-03-2014 13:17:20 System Checkpoint
24-03-2014 21:25:38 System Checkpoint
25-03-2014 21:45:08 System Checkpoint
26-03-2014 22:47:10 System Checkpoint
29-03-2014 17:38:43 System Checkpoint
30-03-2014 18:01:39 System Checkpoint
31-03-2014 18:47:43 System Checkpoint
01-04-2014 21:46:26 System Checkpoint
02-04-2014 22:50:14 System Checkpoint
03-04-2014 23:27:11 System Checkpoint
04-04-2014 23:41:19 System Checkpoint
06-04-2014 00:15:33 System Checkpoint
07-04-2014 20:41:47 System Checkpoint
09-04-2014 00:40:19 System Checkpoint
10-04-2014 22:29:42 System Checkpoint
11-04-2014 22:34:36 System Checkpoint
13-04-2014 14:29:49 System Checkpoint
14-04-2014 18:52:56 System Checkpoint
15-04-2014 19:46:14 System Checkpoint
 
==================== Hosts content: ==========================
 
2008-04-14 16:00 - 2008-04-14 16:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\SwitchSevenDays.job => C:\Program Files\NCH Software\Switch\switch.exe
Task: C:\WINDOWS\Tasks\WavePadDowngrade.job => C:\Program Files\NCH Software\WavePad\wavepad.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-05 15:42 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-04-14 16:00 - 2008-04-14 16:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2009-04-30 12:02 - 2007-04-06 04:56 - 00356352 _____ () C:\Acer\Empowering Technology\eRecovery\it41.dll
2009-04-30 12:02 - 2006-01-12 12:33 - 00212992 _____ () C:\Acer\Empowering Technology\eRecovery\imagefile.dll
2014-02-11 15:29 - 2014-02-11 15:29 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Documents and Settings\RAJAN\Application Data\Dropbox\bin\libcef.dll
2014-04-10 16:50 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2008-04-14 16:00 - 2008-04-14 16:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2014-04-10 16:50 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 16:50 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 16:50 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-10 17:01 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 17:01 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-04-10 16:50 - 2014-04-01 21:58 - 13691720 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\DRM:احتضان
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
 
==================== Faulty Device Manager Devices =============
 
Name: phion Virtual Adapter.2 (VPN)
Description: phion Virtual Adapter.2 (VPN)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: phion AG
Service: entegraNG
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/15/2014 09:08:13 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 amazonclouddrive.exe, P2 2.0.0.0, P3 5293b4d5, P4 system.security, P5 2.0.0.0, P6 5110b2a5, P7 c2, P8 e2, P9 clr20r30, P10 clr20r31.
 
 
System errors:
=============
Error: (04/15/2014 08:05:01 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_015B1025&REV_00\4&192ac53f&0&04E0) disappeared from the system without first being prepared for removal.
 
Error: (04/15/2014 08:05:01 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_015B1025&REV_00\4&192ac53f&0&03E0) disappeared from the system without first being prepared for removal.
 
Error: (04/15/2014 08:05:01 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_015B1025&REV_00\4&192ac53f&0&02E0) disappeared from the system without first being prepared for removal.
 
Error: (04/15/2014 08:05:01 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_015B1025&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
 
Error: (04/15/2014 07:36:18 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2
 
Error: (04/15/2014 07:36:12 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error: 
%%126
 
Error: (04/15/2014 07:36:12 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error: 
%%2
 
Error: (04/14/2014 07:20:42 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_015B1025&REV_00\4&192ac53f&0&04E0) disappeared from the system without first being prepared for removal.
 
Error: (04/14/2014 07:20:42 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_015B1025&REV_00\4&192ac53f&0&03E0) disappeared from the system without first being prepared for removal.
 
Error: (04/14/2014 07:20:42 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_015B1025&REV_00\4&192ac53f&0&02E0) disappeared from the system without first being prepared for removal.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 87%
Total physical RAM: 1011.88 MB
Available physical RAM: 121.47 MB
Total Pagefile: 2436.2 MB
Available Pagefile: 1013.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.43 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:143.2 GB) (Free:112.75 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 11A8BA38)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Run malwarebytes as follows...

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Let me see those logs in your next reply...

 

Kevin

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Hi kevinf80, thanks for helping me.

--------------------------------------------------------------------------------

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-04-2014 02
Ran by RAJAN at 2014-04-16 14:30:25 Run:1
Running from C:\Documents and Settings\RAJAN\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.ama...es.info/?l=1&q={searchTerms}&pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.ama...es.info/?l=1&q={searchTerms}&pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: http://websearch.ama...es.info/?l=1&q={searchTerms}&pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51
CHR Extension: (Speedy Shopper) - C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2014-04-15]
S2 adfs; No ImagePath
S4 IntelIde; No ImagePath
S1 MpKsl7f124262; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9DC2881-A44F-4ED2-8E90-7C34B2617E36}\MpKsl7f124262.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
U1 WS2IFSL; 
C:\Documents and Settings\RAJAN\Application Data\CamLayout.ini
C:\Documents and Settings\RAJAN\Application Data\CamShapes.ini
C:\Documents and Settings\RAJAN\Application Data\CamStudio.Producer.Data.ini
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1e813596.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-28b7f991.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2b4707eb.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-435cf1ca.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-78c78f31.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a1834141.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-efe2f3cb.exe
C:\Documents and Settings\RAJAN\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\RAJAN\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll
End
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
CHR DefaultSearchKeyword: websearch ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: WebSearch ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://websearch.ama...es.info/?l=1&q={searchTerms}&pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51 ==> The Chrome "Settings" can be used to fix the entry.
C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp => Moved successfully.
adfs => Service deleted successfully.
IntelIde => Service deleted successfully.
MpKsl7f124262 => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\RAJAN\Application Data\CamLayout.ini => Moved successfully.
C:\Documents and Settings\RAJAN\Application Data\CamShapes.ini => Moved successfully.
C:\Documents and Settings\RAJAN\Application Data\CamStudio.Producer.Data.ini => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1e813596.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-28b7f991.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2b4707eb.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-435cf1ca.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-78c78f31.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a1834141.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-efe2f3cb.exe => Moved successfully.
C:\Documents and Settings\RAJAN\Local Settings\Temp\RtkBtMnt.exe => Moved successfully.
C:\Documents and Settings\RAJAN\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
 
==== End of Fixlog ====
-----------------------------------------------------------------------------------------
AdwCleaner[s2].txt
 
# AdwCleaner v3.023 - Report created 16/04/2014 at 14:35:23
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : RAJAN - RAJGANGA
# Running from : C:\Documents and Settings\RAJAN\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SNT
Folder Deleted : C:\Documents and Settings\RAJAN\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\RAJAN\Application Data\Mozilla\Firefox\Profiles\k0cq6cdw.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [2157 octets] - [05/09/2013 09:58:00]
AdwCleaner[R1].txt - [1086 octets] - [24/09/2013 16:40:41]
AdwCleaner[R2].txt - [2395 octets] - [16/04/2014 14:31:56]
AdwCleaner[s0].txt - [2262 octets] - [05/09/2013 10:01:34]
AdwCleaner[s1].txt - [1148 octets] - [24/09/2013 16:42:28]
AdwCleaner[s2].txt - [2354 octets] - [16/04/2014 14:35:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2414 octets] ##########
Link to post
Share on other sites

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by RAJAN on Wed 04/16/2014 at 14:46:25.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Documents and Settings\RAJAN\Application Data\mozilla\firefox\profiles\k0cq6cdw.default\extensions\staged
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at 14:55:56.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I cannot get the Malwarebytes log. My screen res is too small; I cannot see the Export button, so I can't export it. Anything to do here? It found a PUP.Optional.AmaizingSearches.A.
Link to post
Share on other sites

Why is your resolution small, can you not change that setting on your PC? to correct the resolution..

 

We need to change the settings in Chrome to default, go to this link: https://support.google.com/chrome/answer/3296214?hl=en follow those instructions and reset the browser settings. When complete install the following addons :-

 

Adblock Plus - https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

 

Flash Block   - https://chrome.google.com/webstore/detail/flashblock/gofhjkjmkpinhpoiabjplobcaignabnl?hl=en

 

Let me know if the redirects stop in Chrome...

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

 

  •  

     

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

     

     

  • click on the Run ESET Online Scanner button

     

     

  • Tick the box next to YES, I accept the Terms of Use.

     

    Click Start

     

  • When asked, allow the add/on to be installed

     

    Click Start

     

  • Make sure that the option "Remove found threats"  is ticked

     

     

  • Click on Advanced Settings, ensure the options

     

     

  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

     

     

  • Click Scan

     

  • wait for the virus definitions to be downloaded

     

     

  • Wait for the scan to finish

     

     

 

 

When the scan is complete

 

 

  •  

     

  • If no threats were found

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • close program

     

     

  • report to me that nothing was found

     

     

 

 

If threats were found

 

 

  •  

     

  • click on "list of threats found"

     

     

  • click on "export to text file" and save it as ESET SCAN and save to the desktop

     

     

  • Click on back

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • click on finish

     

     

 

 

close program

 

Copy and paste the report in next reply.

 

Kevin...

Link to post
Share on other sites

Thanks. There were 14 threats.

--------------------------------

ESET SCAN.txt

 

C:\AdwCleaner\Quarantine\C\Program Files\SafeSaver\uninstall.exe.vir Win32/SProtector.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\All Users\Application Data\InstallMate\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined
C:\Documents and Settings\RAJAN\Local Settings\Temp\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\Addons\newtab_setup.exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Documents and Settings\RAJAN\Local Settings\Temp\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\Addons\ytab_setup.exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\Program Files\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\Switch\switchsetup_v4.47.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\WavePad\wavepad.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\WavePad\wavepadsetup_v5.48.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files\save net\CNbQGOQ.x64.dll a variant of Win64/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{67C4541F-D3F2-450D-8BA3-DE79D55388CD}\RP296\A0123700.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\System Volume Information\_restore{67C4541F-D3F2-450D-8BA3-DE79D55388CD}\RP296\A0123723.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\System Volume Information\_restore{67C4541F-D3F2-450D-8BA3-DE79D55388CD}\RP296\A0123731.exe a variant of Win32/InstallCore.ES potentially unwanted application deleted - quarantined
C:\System Volume Information\_restore{67C4541F-D3F2-450D-8BA3-DE79D55388CD}\RP296\A0123736.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
Link to post
Share on other sites

Excellent, run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed.

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care,

 

Kevin..

Link to post
Share on other sites

open MBAM once more.


Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

 

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

 

Run the tool, the main GUI will populate with installed programs list,

 

Left click on Program name to highlight that entry.

 

Select Action from the Menu bar, then Uninstall from there follow the prompts.

 

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

 

Any good?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.