1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

download impossible

Discussion in 'Virus & Other Malware Removal' started by king_02891, Oct 7, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    download problems


    can't download anything red message comes up (whatever I was downloading) contains a virus and was deleted (EVERYTIME) ran and updated zone alarm and spybot but no effect any thoughts? cannot download anything so can't post any of the reqired logs
     
  2. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    I was able to do a hijack this log but it's an old copy because I can't download an update

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:32:55 PM, on 10/7/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16686)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe
    C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\kingsa1\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: BrowserPlus2 Toolbar - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll
    O2 - BHO: LinkSwift - {323420b6-65e5-4657-8106-a27392d4d4aa} - C:\Program Files (x86)\LinkSwift\LinkSwiftbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: BrowserPlus2 - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
    O2 - BHO: ZoneAlarm Do Not Track Me - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPAddon.dll
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: BrowserPlus2 Toolbar - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
    O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Unknown owner - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

    --
    End of file - 14215 bytes
     
  3. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi, sounds like you have some rogue application on your system, please run these scans below.

    If you have a problem downloading these programs there are two things you can try, first boot the system into Safe Mode with Networking and see if that helps, if not you can download the programs on another PC and transfer them to this one using a USB Flash Drive or any other portable storage device.

    SCAN 1
    Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.



    SCAN 2
    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

    [​IMG]


    SCAN 3
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  4. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    I have managed to download the specified programs and am posting results here

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
    Ran by kingsa1 (administrator) on KINGSA1-HP on 08-10-2013 08:45:29
    Running from C:\Users\kingsa1\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\system32\atiesrxx.exe
    (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (BitTorrent Inc.) C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    () C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
    (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2012-11-07] (Siber Systems)
    HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKCU\...\Run: [uTorrent] - C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe [983896 2013-05-17] (BitTorrent Inc.) <===== ATTENTION
    HKCU\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
    HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
    HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
    URLSearchHook: (No Name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No File
    SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
    SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
    SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 - DefaultScope {85C66D65-E31E-4F04-BA9E-08B23FAE21C0} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
    SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
    SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKCU - DefaultScope {85C66D65-E31E-4F04-BA9E-08B23FAE21C0} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN12979744053057072&UM=2
    SearchScopes: HKCU - {0E63AEF6-51F6-4910-9CCA-F2044EC4F1BD} URL = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=b4e18c59c0e34d6a9d6e0552177666ac&tu=10GXz008z2B0CO0&sku=&tstsId=&ver=&&r=708
    SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
    SearchScopes: HKCU - {85C66D65-E31E-4F04-BA9E-08B23FAE21C0} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN12979744053057072&UM=2
    SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
    SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD)
    BHO-x32: LinkSwift - {323420b6-65e5-4657-8106-a27392d4d4aa} - C:\Program Files (x86)\LinkSwift\LinkSwiftbho.dll (LinkSwift)
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: BrowserPlus2 Toolbar - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
    BHO-x32: ZoneAlarm Do Not Track Me - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPAddon.dll (Abine Inc)
    BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - BrowserPlus2 Toolbar - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    Toolbar: HKCU - No Name - {650598E1-B35A-45D3-B607-896D7ACB64C3} - No File
    DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: HKLM-x32 {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.17 68.105.29.17 192.168.1.1

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.4.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    CHR Extension: (Google Docs) - C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
    CHR Extension: (Google Drive) - C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
    CHR Extension: (YouTube) - C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
    CHR Extension: (Google Search) - C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
    CHR Extension: (BrowserPlus2) - C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.20.1.508_0
    CHR Extension: (Chrome In-App Payments service) - C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
    CHR Extension: (LinkSwift) - C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpccdgkmiicgocepijnaeihjnjnomca\1.0.0_1
    CHR Extension: (Gmail) - C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
    CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\kingsa1\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx
    CHR HKLM-x32\...\Chrome\Extension: [odpccdgkmiicgocepijnaeihjnjnomca] - C:\Program Files (x86)\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx

    ==================== Services (Whitelisted) =================

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
    R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
    S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
    S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [x]

    ==================== Drivers (Whitelisted) ====================

    S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
    R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-10-08 08:45 - 2013-10-08 08:45 - 00000000 ____D C:\FRST
    2013-10-08 08:44 - 2013-10-08 08:44 - 03980800 _____ C:\Users\kingsa1\Downloads\RogueKillerX64.exe
    2013-10-08 08:43 - 2013-10-08 08:43 - 01954124 _____ (Farbar) C:\Users\kingsa1\Downloads\FRST64.exe
    2013-10-08 08:40 - 2013-10-08 08:40 - 00950272 _____ C:\Users\kingsa1\Downloads\RogueKiller.exe
    2013-10-08 08:39 - 2013-10-08 08:39 - 01045226 _____ C:\Users\kingsa1\Downloads\AdwCleaner.exe
    2013-10-07 17:35 - 2013-10-07 17:35 - 00014217 _____ C:\Users\kingsa1\Desktop\hjt10713.txt
    2013-10-05 09:53 - 2013-10-05 09:53 - 00262144 _____ C:\Windows\system32\config\elam
    2013-10-01 19:03 - 2013-10-01 20:11 - 574847220 _____ C:\Users\kingsa1\Downloads\Law.and.Order.SVU.S15E01E02.HDTV.x264-LOL.mp4
    2013-09-30 09:50 - 2013-09-30 09:53 - 00000000 ____D C:\Users\kingsa1\Downloads\A Good Day to Die Hard[2013]EXTENDED BRRip XviD-ETRG
    2013-09-30 09:38 - 2013-09-30 09:39 - 00000000 ____D C:\Users\kingsa1\Downloads\Olympus.Has.Fallen.2013.BRRip.XviD-S4A
    2013-09-30 09:23 - 2013-09-30 09:25 - 00000000 ____D C:\Users\kingsa1\Downloads\Apartment.1303.2012.DVDRiP.XViD-SML[rarbg]
    2013-09-28 14:09 - 2013-09-28 15:06 - 734887936 ____R C:\Users\kingsa1\Downloads\Final.Destination.2.2003.DvDrip-aXXo.(UsaBit.com).avi
    2013-09-27 17:50 - 2013-09-28 21:38 - 00000000 ____D C:\Users\kingsa1\Downloads\Insidious.Chapter.2.2013.CAM.x264.AAC-Tr0uNcE
    2013-09-25 18:16 - 2013-09-25 18:58 - 350012293 ____R C:\Users\kingsa1\Downloads\NCIS.Los.Angeles.S05E01.HDTV.x264-LOL.mp4
    2013-09-25 07:15 - 2013-09-25 08:26 - 233934225 _____ C:\Users\kingsa1\Downloads\NCIS.S11E01.HDTV.x264-LOL.mp4
    2013-09-24 19:34 - 2013-09-28 17:29 - 00000000 _____ C:\ProgramData\rjzjq3jwl.ctrl
    2013-09-24 19:34 - 2013-09-28 17:25 - 95025368 ____T C:\ProgramData\rjzjq3jwl.pff
    2013-09-24 19:34 - 2013-09-24 19:34 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\rjzjq3jwl.pzz
    2013-09-18 11:17 - 2013-09-18 11:44 - 00000000 ____D C:\Users\kingsa1\Downloads\Riddick.2013.CAM.x264-PLAYNOW
    2013-09-18 11:14 - 2013-09-28 21:48 - 00000000 ____D C:\Users\kingsa1\Downloads\World War Z 2013 Unrated Cut BluRay 720p DTS x264-MgB
    2013-09-12 03:28 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-09-12 03:28 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-09-12 03:28 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-09-12 03:28 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-09-12 03:28 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-09-12 03:28 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-09-12 03:28 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-09-12 03:28 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-09-12 03:28 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-09-12 03:28 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-09-12 03:28 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-09-12 03:28 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-09-12 03:28 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-09-12 03:28 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-09-12 03:28 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-09-12 03:28 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-09-12 03:28 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-09-12 03:28 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-09-12 03:28 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-09-12 03:28 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-09-12 03:28 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-09-12 01:28 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2013-09-12 01:28 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
    2013-09-12 01:28 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2013-09-12 01:28 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2013-09-12 01:28 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2013-09-12 01:28 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2013-09-12 01:28 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2013-09-12 01:28 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2013-09-12 01:28 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2013-09-12 01:28 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2013-09-12 01:28 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-09-12 01:28 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-09-12 01:28 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-09-12 01:28 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-09-12 01:28 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-09-12 01:28 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2013-09-12 01:28 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2013-09-12 01:28 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-09-12 01:28 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-09-12 01:28 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-09-12 01:28 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-09-12 01:28 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-09-12 01:28 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-09-12 01:27 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2013-09-12 01:27 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
    2013-09-12 01:27 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-09-12 01:27 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

    ==================== One Month Modified Files and Folders =======

    2013-10-08 08:49 - 2012-11-08 03:08 - 00000000 ____D C:\Users\kingsa1\AppData\Roaming\uTorrent
    2013-10-08 08:45 - 2013-10-08 08:45 - 00000000 ____D C:\FRST
    2013-10-08 08:44 - 2013-10-08 08:44 - 03980800 _____ C:\Users\kingsa1\Downloads\RogueKillerX64.exe
    2013-10-08 08:43 - 2013-10-08 08:43 - 01954124 _____ (Farbar) C:\Users\kingsa1\Downloads\FRST64.exe
    2013-10-08 08:40 - 2013-10-08 08:40 - 00950272 _____ C:\Users\kingsa1\Downloads\RogueKiller.exe
    2013-10-08 08:39 - 2013-10-08 08:39 - 01045226 _____ C:\Users\kingsa1\Downloads\AdwCleaner.exe
    2013-10-08 08:00 - 2013-02-10 18:22 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-10-08 07:58 - 2012-11-13 20:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-10-08 07:44 - 2010-10-26 21:30 - 02075827 _____ C:\Windows\WindowsUpdate.log
    2013-10-08 06:43 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-10-08 06:43 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-10-08 06:35 - 2013-02-10 18:22 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-10-08 06:35 - 2012-12-27 10:11 - 00022310 _____ C:\Windows\setupact.log
    2013-10-08 06:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-10-07 17:35 - 2013-10-07 17:35 - 00014217 _____ C:\Users\kingsa1\Desktop\hjt10713.txt
    2013-10-07 17:13 - 2012-11-19 20:15 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2013-10-07 17:11 - 2012-12-17 18:21 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2013-10-07 17:06 - 2012-11-08 15:39 - 00000000 ____D C:\Users\kingsa1\AppData\Roaming\HpUpdate
    2013-10-07 17:05 - 2012-11-19 20:12 - 00000000 ____D C:\Users\kingsa1\AppData\Roaming\HP Support Assistant
    2013-10-07 12:32 - 2012-11-08 01:10 - 00014217 _____ C:\Users\kingsa1\Downloads\hijackthis.log
    2013-10-06 23:08 - 2013-06-24 18:09 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForkingsa1
    2013-10-06 23:08 - 2013-06-24 18:09 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForkingsa1.job
    2013-10-06 18:46 - 2013-02-08 19:42 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKINGSA1-HP$
    2013-10-06 18:46 - 2013-02-08 19:42 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForKINGSA1-HP$.job
    2013-10-06 15:15 - 2013-02-10 18:25 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-10-06 11:04 - 2010-10-26 21:45 - 00000000 ____D C:\ProgramData\PDFC
    2013-10-06 03:01 - 2013-08-09 03:00 - 00004489 ____H C:\Windows\SysWOW64\BTImages.dat
    2013-10-05 13:04 - 2009-07-14 01:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-10-05 10:03 - 2012-11-07 06:12 - 00079194 _____ C:\Windows\PFRO.log
    2013-10-05 09:53 - 2013-10-05 09:53 - 00262144 _____ C:\Windows\system32\config\elam
    2013-10-05 09:51 - 2012-11-10 19:15 - 00000000 ____D C:\Users\kingsa1\AppData\Local\CrashDumps
    2013-10-04 09:54 - 2012-11-09 20:26 - 00000000 ____D C:\Users\kingsa1\AppData\Roaming\vlc
    2013-10-01 20:11 - 2013-10-01 19:03 - 574847220 _____ C:\Users\kingsa1\Downloads\Law.and.Order.SVU.S15E01E02.HDTV.x264-LOL.mp4
    2013-09-30 12:45 - 2012-12-29 18:27 - 00000000 ____D C:\Users\kingsa1\AppData\Local\WeatherBug
    2013-09-30 09:53 - 2013-09-30 09:50 - 00000000 ____D C:\Users\kingsa1\Downloads\A Good Day to Die Hard[2013]EXTENDED BRRip XviD-ETRG
    2013-09-30 09:39 - 2013-09-30 09:38 - 00000000 ____D C:\Users\kingsa1\Downloads\Olympus.Has.Fallen.2013.BRRip.XviD-S4A
    2013-09-30 09:25 - 2013-09-30 09:23 - 00000000 ____D C:\Users\kingsa1\Downloads\Apartment.1303.2012.DVDRiP.XViD-SML[rarbg]
    2013-09-28 21:48 - 2013-09-18 11:14 - 00000000 ____D C:\Users\kingsa1\Downloads\World War Z 2013 Unrated Cut BluRay 720p DTS x264-MgB
    2013-09-28 21:48 - 2013-05-28 09:41 - 00000000 ____D C:\Users\kingsa1\AppData\Roaming\Arcsoft
    2013-09-28 21:48 - 2012-11-09 22:37 - 00000000 ____D C:\Users\kingsa1\AppData\Roaming\IrfanView
    2013-09-28 21:48 - 2012-11-08 00:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2013-09-28 21:48 - 2012-11-07 14:36 - 00000000 ____D C:\Users\kingsa1\AppData\Local\Hewlett-Packard
    2013-09-28 21:48 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-09-28 21:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
    2013-09-28 21:45 - 2013-01-27 00:12 - 00000000 ____D C:\Program Files (x86)\Google
    2013-09-28 21:45 - 2013-01-27 00:11 - 00000000 ____D C:\Users\kingsa1\AppData\Local\Google
    2013-09-28 21:38 - 2013-09-27 17:50 - 00000000 ____D C:\Users\kingsa1\Downloads\Insidious.Chapter.2.2013.CAM.x264.AAC-Tr0uNcE
    2013-09-28 17:49 - 2012-11-07 14:35 - 00000000 ____D C:\Users\kingsa1
    2013-09-28 17:29 - 2013-09-24 19:34 - 00000000 _____ C:\ProgramData\rjzjq3jwl.ctrl
    2013-09-28 17:25 - 2013-09-24 19:34 - 95025368 ____T C:\ProgramData\rjzjq3jwl.pff
    2013-09-28 15:06 - 2013-09-28 14:09 - 734887936 ____R C:\Users\kingsa1\Downloads\Final.Destination.2.2003.DvDrip-aXXo.(UsaBit.com).avi
    2013-09-25 18:58 - 2013-09-25 18:16 - 350012293 ____R C:\Users\kingsa1\Downloads\NCIS.Los.Angeles.S05E01.HDTV.x264-LOL.mp4
    2013-09-25 08:26 - 2013-09-25 07:15 - 233934225 _____ C:\Users\kingsa1\Downloads\NCIS.S11E01.HDTV.x264-LOL.mp4
    2013-09-24 19:34 - 2013-09-24 19:34 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\rjzjq3jwl.pzz
    2013-09-18 11:44 - 2013-09-18 11:17 - 00000000 ____D C:\Users\kingsa1\Downloads\Riddick.2013.CAM.x264-PLAYNOW
    2013-09-18 11:42 - 2009-07-14 01:38 - 00067584 ____S C:\Windows\bootstat(27).dat
    2013-09-12 04:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2013-09-12 04:02 - 2012-11-07 14:40 - 00000000 ___RD C:\Users\kingsa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-09-12 04:02 - 2012-11-07 14:40 - 00000000 ___RD C:\Users\kingsa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2013-09-12 04:01 - 2009-07-14 00:45 - 00278704 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-09-12 03:27 - 2012-11-08 01:20 - 00795928 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-09-12 03:27 - 2012-11-08 01:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
    2013-09-12 03:26 - 2013-07-13 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2013-09-12 03:16 - 2012-11-09 08:04 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    Files to move or delete:
    ====================
    C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe
    ZeroAccess:
    C:\Users\kingsa1\AppData\Local\Google\Desktop\Install
    ZeroAccess:
    C:\Program Files (x86)\Google\Desktop\Install
    C:\ProgramData\rjzjq3jwl.ctrl
    C:\ProgramData\rjzjq3jwl.pff


    Some content of TEMP:
    ====================
    C:\Users\kingsa1\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
    C:\Users\kingsa1\AppData\Local\Temp\RecoveryMgr.exe
    C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


    LastRegBack: 2013-10-01 00:15

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
    Ran by kingsa1 at 2013-10-08 08:50:38
    Running from C:\Users\kingsa1\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

    ==================== Installed Programs ======================

    µTorrent (HKCU Version: 3.3.1.29698)
    µTorrent (x32 Version: 3.2.2.28595)
    21 Buddy 3.2 (x32)
    Aces Up Buddy - Pogo Version 2.3 (x32)
    Addiction Buddy 2.5 - Pogo Version (x32)
    Adobe AIR (x32 Version: 1.5.3.9130)
    Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202)
    Adventure Buddy - Pogo Version 1.3 (x32)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
    Ali Baba Buddy 2.2 - Pogo Version (x32)
    ArcSoft Print Creations - Album Page (x32)
    ArcSoft Print Creations - Funhouse (x32)
    ArcSoft Print Creations - Greeting Card (x32)
    ArcSoft Print Creations - Photo Book (x32)
    ArcSoft Print Creations - Photo Calendar (x32)
    ArcSoft Print Creations - Scrapbook (x32)
    ArcSoft Print Creations - Slimline Card (x32)
    ArcSoft Print Creations (x32 Version: 2.8.255.384)
    ATI Catalyst Install Manager (Version: 3.0.774.0)
    AvaCam v3.2.0 (x32)
    Backgammon Buddy - Pogo Version 2.3 (x32)
    Beaker Buddy - Pogo Version 2.2 (x32)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
    Bejeweled Twist Buddy - Pogo Version 1.2 (x32)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95)
    Blasterball 3 (x32 Version: 2.2.0.95)
    Bloon Buddy 1.1 - Pogo Version (x32)
    Bloop Buddy - Pogo Version 1.3 (x32)
    Boardwalk Buddy - Pogo Version 2.3 (x32)
    Boggle Buddy - Pogo Version 2.2 (x32)
    Bounce Symphony (x32 Version: 2.2.0.95)
    Bowling Buddy - Pogo Version 3.4 (x32)
    BrowserPlus2 Toolbar (x32 Version: 6.15.0.27)
    Build-a-lot 2 (x32 Version: 2.2.0.95)
    Cake Mania (x32 Version: 2.2.0.95)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000)
    Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435)
    CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435)
    CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435)
    CCC Help Czech (x32 Version: 2010.0511.2152.37435)
    CCC Help Danish (x32 Version: 2010.0511.2152.37435)
    CCC Help Dutch (x32 Version: 2010.0511.2152.37435)
    CCC Help English (x32 Version: 2010.0511.2152.37435)
    CCC Help Finnish (x32 Version: 2010.0511.2152.37435)
    CCC Help French (x32 Version: 2010.0511.2152.37435)
    CCC Help German (x32 Version: 2010.0511.2152.37435)
    CCC Help Greek (x32 Version: 2010.0511.2152.37435)
    CCC Help Hungarian (x32 Version: 2010.0511.2152.37435)
    CCC Help Italian (x32 Version: 2010.0511.2152.37435)
    CCC Help Japanese (x32 Version: 2010.0511.2152.37435)
    CCC Help Korean (x32 Version: 2010.0511.2152.37435)
    CCC Help Norwegian (x32 Version: 2010.0511.2152.37435)
    CCC Help Polish (x32 Version: 2010.0511.2152.37435)
    CCC Help Portuguese (x32 Version: 2010.0511.2152.37435)
    CCC Help Russian (x32 Version: 2010.0511.2152.37435)
    CCC Help Spanish (x32 Version: 2010.0511.2152.37435)
    CCC Help Swedish (x32 Version: 2010.0511.2152.37435)
    CCC Help Thai (x32 Version: 2010.0511.2152.37435)
    CCC Help Turkish (x32 Version: 2010.0511.2152.37435)
    ccc-core-static (x32 Version: 2010.0511.2153.37435)
    ccc-utility64 (Version: 2010.0511.2153.37435)
    CCScore (x32 Version: 8.02.0000.0001)
    Chess Buddy - Pogo Version 2.4 (x32)
    Chuzzle Deluxe (x32 Version: 2.2.0.95)
    Class First Buddy - Pogo Version 5.0 (x32)
    Class World Buddy - Pogo Version 5.0 (x32)
    Clue Buddy - Pogo Version 2.6 (x32)
    Compaq Setup Manager (x32 Version: 1.0.12844.3519)
    Crazy Cake Buddy - Pogo Version 1.4 (x32)
    CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210)
    D3DX10 (x32 Version: 15.4.2368.0902)
    Dice City Buddy - Pogo Version 2.2 (x32)
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
    Domino Buddy 3.4 - Pogo Version (x32)
    Dora's World Adventure (x32 Version: 2.2.0.95)
    Escape Rosecliff Island (x32 Version: 2.2.0.95)
    ESSBrwr (x32 Version: 8.02.0000.0001)
    ESSCDBK (x32 Version: 8.03.0000.0001)
    ESScore (x32 Version: 8.03.0000.0001)
    ESSgui (x32 Version: 8.03.0000.0001)
    ESSini (x32 Version: 8.02.0000.0001)
    ESSPCD (x32 Version: 8.02.0000.0001)
    ESSPDock (x32 Version: 6.03.0001.0004)
    ESSTOOLS (x32 Version: 5.00.0000.0004)
    essvatgt (x32 Version: 8.00.0000.0001)
    Euchre Buddy - Pogo Version 3.5 (x32)
    EW Bingo Buddy 2.0 - Pogo Version (x32)
    Farm Frenzy (x32 Version: 2.2.0.95)
    FATE (x32 Version: 2.2.0.95)
    fflink (x32 Version: 6.02.1001.0001)
    Final Drive Nitro (x32 Version: 2.2.0.95)
    Fortune Buddy - Pogo Version 2.2 (x32)
    Google Chrome (x32 Version: 30.0.1599.69)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
    Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
    Google Update Helper (x32 Version: 1.3.21.153)
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
    HP Auto (Version: 1.0.12494.3472)
    HP Client Services (Version: 1.0.12656.3472)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
    HP Game Console (x32)
    HP Games (x32 Version: 1.0.1.5)
    HP MovieStore (x32 Version: 1.0.027)
    HP MovieStore (x32 Version: 2.0.2)
    HP Odometer (x32 Version: 2.10.0000)
    HP Setup (x32 Version: 8.4.4400.3525)
    HP Support Assistant (x32 Version: 7.0.39.15)
    HP Support Information (x32 Version: 10.1.1000)
    HP Update (x32 Version: 5.003.001.001)
    HP Vision Hardware Diagnostics (Version: 2.1.6.0)
    IrfanView (remove only) (x32 Version: 4.32)
    Java 7 Update 15 (64-bit) (Version: 7.0.150)
    Java 7 Update 21 (x32 Version: 7.0.210)
    Java Auto Updater (x32 Version: 2.1.9.5)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
    Jigsaw Hunter Buddy - Pogo Version 2.6 (x32)
    Junk Mail filter update (x32 Version: 15.4.3502.0922)
    kgcbaby (x32 Version: 5.03.0000.0002)
    kgchday (x32 Version: 5.03.0000.0002)
    kgchlwn (x32 Version: 5.03.0000.0002)
    kgcinvt (x32 Version: 5.03.0000.0003)
    kgckids (x32 Version: 6.03.0001.0001)
    kgcmove (x32 Version: 6.03.0001.0001)
    kgcvday (x32 Version: 5.03.0000.0002)
    Kobo (x32 Version: 1.6)
    Kodak EasyShare software (x32)
    LabelPrint (x32 Version: 2.5.3130)
    LightScribe System Software (x32 Version: 1.18.15.1)
    LinkSwift 3.0.0 (Version: 3.0.0)
    MahJGar Buddy - Pogo Version 3.3 (x32)
    MahjSaf Buddy 3.8 - Pogo Version (x32)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Default Manager (x32 Version: 2.2.114.0)
    Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
    Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
    Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
    Microsoft Silverlight (Version: 5.1.20513.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
    Mini Golf Buddy - Pogo Version 2.4 (x32)
    MSVCRT (x32 Version: 15.4.2862.0708)
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
    MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
    netbrdg (x32 Version: 7.01.0000.0001)
    NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10)
    NETGEAR WNA3100 wireless USB 2.0 adapter (x32 Version: 1.01.206)
    NLTexas Holdem Buddy - Pogo Version 1.2 (x32)
    OfotoXMI (x32 Version: 8.03.0000.0001)
    PDF Complete Special Edition (x32 Version: 4.0.9)
    Penguins! (x32 Version: 2.2.0.95)
    PhotoNow! (x32 Version: 1.1.7717)
    PictureMover (x32 Version: 3.5.0.33)
    Plants vs. Zombies (x32 Version: 2.2.0.95)
    PlayReady PC Runtime amd64 (Version: 1.3.0)
    PlayReady PC Runtime x86 (x32 Version: 1.3.0)
    Poker Superstars III (x32 Version: 2.2.0.95)
    Polar Bowler (x32 Version: 2.2.0.95)
    Polar Golfer (x32 Version: 2.2.0.95)
    Pop Buddy 6.1 (x32)
    Power2Go (x32 Version: 6.1.4329)
    PowerDirector (x32 Version: 8.0.3129)
    PressReader (x32 Version: 5.10.621.0)
    QuickTime (x32 Version: 7.4.1.14)
    Quirty Buddy 2.3 - Pogo Version (x32)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
    Recovery Manager (x32 Version: 5.5.3219)
    RoboForm 7-8-4-4 (All Users) (x32 Version: 7-8-4-4)
    RoxioNow Player (x32 Version: 1.9.5.101)
    Sci Fi Buddy 2.2 - Pogo Version (x32)
    Search Protect by conduit (x32 Version: 1.5.0.71)
    SFR (x32 Version: 8.01.0000.0001)
    SHASTA (x32 Version: 7.01.0000.0001)
    skin0001 (x32 Version: 8.02.0000.0001)
    SKINXSDK (x32 Version: 8.02.0000.0001)
    Sock Hop Buddy 2.2 - Pogo Version (x32)
    SpiderSol Buddy - Pogo Version 3.3 (x32)
    Spybot - Search & Destroy (x32 Version: 1.6.2)
    Stackem Buddy - Pogo Version 3.7 (x32)
    staticcr (x32 Version: 8.02.0000.0001)
    Sudoku Blast Buddy 2.3 - Pogo Version (x32)
    The Weather Channel App (x32)
    TootSweet Buddy 4.5 - Pogo Version (x32)
    Tumblee Buddy 3.4 - Pogo Version (x32)
    TweakNow SecureDelete (x32 Version: 1.0 (beta 3))
    U3Launcher (x32 Version: 1.0.0)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
    Virtual Families (x32 Version: 2.2.0.95)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
    VLC media player 2.0.0 (x32 Version: 2.0.0)
    VPRINTOL (x32 Version: 8.02.0000.0001)
    WeatherBug (x32 Version: 7.0.0.10)
    WhackDown Buddy 4.2 - Pogo Version (x32)
    Wheel of Fortune 2 (x32 Version: 2.2.0.95)
    Whomp Buddy - Pogo Version 7.0 (x32)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
    Windows Live Essentials (x32 Version: 15.4.3502.0922)
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
    Windows Live Installer (x32 Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3502.0922)
    Windows Live Mail (x32 Version: 15.4.3502.0922)
    Windows Live Messenger (x32 Version: 15.4.3502.0922)
    Windows Live MIME IFilter (Version: 15.4.3502.0922)
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
    Windows Live Photo Common (x32 Version: 15.4.3502.0922)
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
    Windows Live SOXE (x32 Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
    Windows Live Writer (x32 Version: 15.4.3502.0922)
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
    WIRELESS (x32 Version: 8.02.0000.0001)
    Wonderland Buddy - Pogo Version 3.0 (x32)
    Word Jhong Buddy - Pogo Version 1.1 (x32)
    Zinio Reader 4 (x32 Version: 4.0.3184)
    ZoneAlarm Antivirus (x32 Version: 11.0.768.000)
    ZoneAlarm Do Not Track Add-on 2.2.5.1213 (x32 Version: 2.2.5.1213)
    ZoneAlarm Firewall (x32 Version: 11.0.768.000)
    ZoneAlarm Free Antivirus + Firewall (x32 Version: 11.0.768.000)
    ZoneAlarm LTD Toolbar
    ZoneAlarm Security (x32 Version: 11.0.768.000)
    ZoneAlarm Security Toolbar (x32 Version: 1.8.21.15)
    Zuma Deluxe (x32 Version: 2.2.0.95)

    ==================== Restore Points =========================

    06-10-2013 07:00:20 Windows Backup
    08-10-2013 07:00:07 Windows Backup

    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0682F512-23C4-40F6-9EE5-74B2937207FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {0C234E53-BB75-42D4-81AD-267F524205A0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2012-11-07] (Siber Systems)
    Task: {14DA25E1-6E4C-4809-81E9-6CD3973F4144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
    Task: {38D4C7CC-6C6D-4838-87F3-CFD9F13FCCFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-09-17] (Microsoft)
    Task: {4DEB3018-57C7-49C2-8C11-ED9580B86A2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
    Task: {60BF3982-95DF-4A2B-9955-AC71E579DD7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-29] (Hewlett-Packard)
    Task: {725457C6-AE1E-474F-B078-0067443F8294} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {751486B1-D2CD-4577-A63D-DFF141E17A0A} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-05-23] (Microsoft Corporation)
    Task: {8E9E1E35-A577-4E4B-804F-429735B531DA} - System32\Tasks\HPCeeScheduleForkingsa1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {9ADCF8F5-1A7E-44AD-8092-F7F71FAD7D1B} - System32\Tasks\HPCeeScheduleForKINGSA1-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {9E3EF52B-6126-4FAC-8463-B6938518BFEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
    Task: {9FDC5608-199E-4CBD-9820-A10D8ED382C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {A9EE0BAA-6E09-4568-9490-129D8BB0903E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink)
    Task: {C772C46B-D405-4B16-8AEB-E6E48253AD06} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] ()
    Task: {E37EC0DE-3659-4997-86B9-B2A8FA9D62BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-21] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForKINGSA1-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForkingsa1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-10-26 21:36 - 2010-10-26 21:36 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-02-23 17:24 - 2013-05-28 09:42 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
    2011-02-23 17:23 - 2013-05-28 09:42 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
    2011-02-23 17:21 - 2013-05-28 09:42 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
    2011-02-23 17:19 - 2013-05-28 09:42 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
    2011-02-23 17:38 - 2013-05-28 09:42 - 00234496 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
    2011-02-23 17:15 - 2013-05-28 09:42 - 00090112 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
    2011-02-23 17:39 - 2013-05-28 09:42 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
    2011-02-23 17:11 - 2013-05-28 09:42 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
    2006-03-07 10:05 - 2013-05-28 09:42 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
    2011-02-23 17:37 - 2013-05-28 09:42 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
    2011-02-23 17:17 - 2013-05-28 09:42 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
    2011-02-23 18:00 - 2013-05-28 09:42 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
    2011-02-23 17:24 - 2013-05-28 09:42 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
    2011-02-23 17:15 - 2013-05-28 09:42 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
    2011-02-23 18:55 - 2013-05-28 09:42 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
    2009-09-28 21:19 - 2013-05-28 09:42 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
    2009-09-28 21:19 - 2013-05-28 09:42 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
    2009-09-28 21:20 - 2013-05-28 09:42 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
    2009-09-28 21:19 - 2013-05-28 09:42 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
    2009-09-28 21:21 - 2013-05-28 09:42 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
    2009-09-28 21:20 - 2013-05-28 09:42 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
    2009-09-28 21:21 - 2013-05-28 09:42 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
    2009-09-28 21:21 - 2013-05-28 09:42 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
    2011-02-23 18:04 - 2013-05-28 09:42 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
    2011-02-23 17:38 - 2013-05-28 09:42 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
    2011-02-23 17:36 - 2013-05-28 09:42 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
    2011-02-23 17:15 - 2013-05-28 09:42 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
    2011-02-23 15:25 - 2013-05-28 09:42 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
    2011-02-23 19:02 - 2013-05-28 09:42 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
    2011-02-23 18:01 - 2013-05-28 09:42 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
    2011-02-23 18:05 - 2013-05-28 09:42 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
    2011-02-23 17:55 - 2013-05-28 09:42 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
    2011-02-23 19:00 - 2013-05-28 09:42 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
    2011-02-23 17:16 - 2013-05-28 09:42 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
    2012-11-07 19:25 - 2010-07-09 20:38 - 00331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
    2013-10-06 15:15 - 2013-10-03 02:02 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
    2013-10-06 15:15 - 2013-10-03 02:02 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
    2013-10-06 15:15 - 2013-10-03 02:03 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
    2013-10-06 15:15 - 2013-10-03 02:03 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
    2013-10-06 15:15 - 2013-10-03 02:02 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
    2013-10-06 15:15 - 2013-10-03 02:03 - 13611984 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\Temp:07C3237F
    AlternateDataStreams: C:\ProgramData\Temp:10025173
    AlternateDataStreams: C:\ProgramData\Temp:1AF365A0
    AlternateDataStreams: C:\ProgramData\Temp:28534A3F
    AlternateDataStreams: C:\ProgramData\Temp:2F3A020A
    AlternateDataStreams: C:\ProgramData\Temp:32FA3B00
    AlternateDataStreams: C:\ProgramData\Temp:3712CD64
    AlternateDataStreams: C:\ProgramData\Temp:386E5B1C
    AlternateDataStreams: C:\ProgramData\Temp:3D639181
    AlternateDataStreams: C:\ProgramData\Temp:3ED1AF68
    AlternateDataStreams: C:\ProgramData\Temp:40751495
    AlternateDataStreams: C:\ProgramData\Temp:508E13F4
    AlternateDataStreams: C:\ProgramData\Temp:5D76F4B2
    AlternateDataStreams: C:\ProgramData\Temp:65B701A9
    AlternateDataStreams: C:\ProgramData\Temp:701A9961
    AlternateDataStreams: C:\ProgramData\Temp:72DE5382
    AlternateDataStreams: C:\ProgramData\Temp:78881DAD
    AlternateDataStreams: C:\ProgramData\Temp:84ABACE9
    AlternateDataStreams: C:\ProgramData\Temp:8868D339
    AlternateDataStreams: C:\ProgramData\Temp:88B49E67
    AlternateDataStreams: C:\ProgramData\Temp:9BBE9EE8
    AlternateDataStreams: C:\ProgramData\Temp:ABC8A859
    AlternateDataStreams: C:\ProgramData\Temp:B1109A4B
    AlternateDataStreams: C:\ProgramData\Temp:C1B7F164
    AlternateDataStreams: C:\ProgramData\Temp:C382CA7D
    AlternateDataStreams: C:\ProgramData\Temp:D90BDEBC
    AlternateDataStreams: C:\ProgramData\Temp:ED838F2C
    AlternateDataStreams: C:\ProgramData\Temp:F8DFFF5E
    AlternateDataStreams: C:\ProgramData\Temp:FAF1F444

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/07/2013 11:39:37 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (10/06/2013 07:08:12 PM) (Source: Application Hang) (User: )
    Description: The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 5cc

    Start Time: 01cec1ecf5280140

    Termination Time: 6048

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id:

    Error: (10/05/2013 10:14:14 AM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (10/05/2013 09:50:37 AM) (Source: Application Error) (User: )
    Description: Faulting application name: FlashUtil64_11_7_700_202_ActiveX.exe, version: 11.7.700.202, time stamp: 0x5180202b
    Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
    Exception code: 0xc0000005
    Fault offset: 0x0000000000053290
    Faulting process id: 0xbf0
    Faulting application start time: 0xFlashUtil64_11_7_700_202_ActiveX.exe0
    Faulting application path: FlashUtil64_11_7_700_202_ActiveX.exe1
    Faulting module path: FlashUtil64_11_7_700_202_ActiveX.exe2
    Report Id: FlashUtil64_11_7_700_202_ActiveX.exe3

    Error: (10/02/2013 03:44:16 PM) (Source: Application Hang) (User: )
    Description: The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: a1c

    Start Time: 01cebe2ebb06dfbb

    Termination Time: 3262

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id:

    Error: (09/29/2013 09:25:20 AM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (09/28/2013 06:00:31 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (09/28/2013 04:41:58 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x753fc9f5
    Faulting process id: 0x3538
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (09/28/2013 04:36:05 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x753fc9f5
    Faulting process id: 0x4498
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (09/28/2013 04:31:43 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x753fc9f5
    Faulting process id: 0x723c
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3


    System errors:
    =============
    Error: (10/08/2013 06:55:40 AM) (Source: BROWSER) (User: )
    Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{22707168-7DB0-4F38-AA93-A5DD5893D670}.
    The backup browser is stopping.

    Error: (10/08/2013 06:36:15 AM) (Source: Service Control Manager) (User: )
    Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
    %%1053

    Error: (10/08/2013 06:36:15 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.

    Error: (10/08/2013 06:35:40 AM) (Source: Service Control Manager) (User: )
    Description: The Search Protect by Conduit Updater service failed to start due to the following error:
    %%2

    Error: (10/08/2013 06:35:26 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 6:21:51 AM on &#8206;10/&#8206;8/&#8206;2013 was unexpected.

    Error: (10/07/2013 11:28:55 PM) (Source: Service Control Manager) (User: )
    Description: The Search Protect by Conduit Updater service failed to start due to the following error:
    %%2

    Error: (10/07/2013 11:27:17 PM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

    Error: (10/07/2013 11:27:16 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
    Description: The BITS service failed to start. Error 2147943515.

    Error: (10/07/2013 11:27:16 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Service Host service failed to start due to the following error:
    %%1069

    Error: (10/07/2013 11:27:16 PM) (Source: Service Control Manager) (User: )
    Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%1352

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


    Microsoft Office Sessions:
    =========================
    Error: (10/07/2013 11:39:37 PM) (Source: CVHSVC)(User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (10/06/2013 07:08:12 PM) (Source: Application Hang)(User: )
    Description: IEXPLORE.EXE10.0.9200.166865cc01cec1ecf52801406048C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Error: (10/05/2013 10:14:14 AM) (Source: CVHSVC)(User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (10/05/2013 09:50:37 AM) (Source: Application Error)(User: )
    Description: FlashUtil64_11_7_700_202_ActiveX.exe11.7.700.2025180202bntdll.dll6.1.7601.1822951fb164ac00000050000000000053290bf001cec1d1d200bd8bC:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exeC:\Windows\SYSTEM32\ntdll.dll1ca700ea-2dc5-11e3-8e86-64315025b7f6

    Error: (10/02/2013 03:44:16 PM) (Source: Application Hang)(User: )
    Description: IEXPLORE.EXE10.0.9200.16686a1c01cebe2ebb06dfbb3262C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Error: (09/29/2013 09:25:20 AM) (Source: CVHSVC)(User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (09/28/2013 06:00:31 PM) (Source: CVHSVC)(User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (09/28/2013 04:41:58 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005753fc9f5353801cebc8b21c098d1C:\Windows\SysWOW64\svchost.exeunknown6a42f308-287e-11e3-bffc-64315025b7f6

    Error: (09/28/2013 04:36:05 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005753fc9f5449801cebc8a4f3c33a5C:\Windows\SysWOW64\svchost.exeunknown973c3c92-287d-11e3-bffc-64315025b7f6

    Error: (09/28/2013 04:31:43 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005753fc9f5723c01cebc89b05266a7C:\Windows\SysWOW64\svchost.exeunknownfbb41dd2-287c-11e3-bffc-64315025b7f6


    CodeIntegrity Errors:
    ===================================
    Date: 2013-07-10 09:11:21.265
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 08:51:00.666
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 08:21:02.129
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 07:21:01.057
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 06:51:00.939
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 06:21:00.694
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 05:47:52.143
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 05:40:58.695
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 05:10:58.841
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-07-10 04:41:01.962
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 93%
    Total physical RAM: 1791.29 MB
    Available physical RAM: 120.93 MB
    Total Pagefile: 3582.57 MB
    Available Pagefile: 491.71 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:453.81 GB) (Free:167.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.85 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 3286E2FD)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  5. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    # AdwCleaner v3.006 - Report created 08/10/2013 at 09:01:55
    # Updated 01/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : kingsa1 - KINGSA1-HP
    # Running from : C:\Users\kingsa1\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : CltMngSvc

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Searchprotect
    Folder Deleted : C:\Program Files (x86)\BrowserPlus2
    Folder Deleted : C:\Users\kingsa1\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\kingsa1\AppData\LocalLow\BrowserPlus2
    Folder Deleted : C:\Users\kingsa1\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Deleted : C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{650598E1-B35A-45D3-B607-896D7ACB64C3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A83013E6-BF8A-410F-B343-E9D1E597A36E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{650598E1-B35A-45D3-B607-896D7ACB64C3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{650598E1-B35A-45D3-B607-896D7ACB64C3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{650598E1-B35A-45D3-B607-896D7ACB64C3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A83013E6-BF8A-410F-B343-E9D1E597A36E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83A1EE44-6E82-49C0-8F3D-B1BCE5FB9F2E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEFA8E29-DF6E-402C-8881-43E98D211147}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{650598E1-B35A-45D3-B607-896D7ACB64C3}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{650598E1-B35A-45D3-B607-896D7ACB64C3}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{650598E1-B35A-45D3-B607-896D7ACB64C3}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{650598E1-B35A-45D3-B607-896D7ACB64C3}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKCU\Software\AppDataLow\Software\BrowserPlus2
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\BrowserPlus2
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserPlus2 Toolbar
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16686


    -\\ Google Chrome v30.0.1599.69

    [ File : C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [10048 octets] - [08/10/2013 09:00:41]
    AdwCleaner[S0].txt - [9623 octets] - [08/10/2013 09:01:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9683 octets] ##########
     
  6. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    I believe this is all that you required me to do awaiting your next instructions (Thank you very much for your time)

    RogueKiller V8.7.1 _x64_ [Oct 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : kingsa1 [Admin rights]
    Mode : Scan -- Date : 10/08/2013 09:12:47
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] utt347B.tmp.exe -- C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe" /MINIMIZED [7]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1895111836-1248595627-1161135978-1000\[...]\Run : uTorrent ("C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe" /MINIMIZED [7]) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Folder] Install : C:\Users\kingsa1\AppData\Local\Google\Desktop\Install [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDS721050CLA362 SATA Disk Device +++++
    --- User ---
    [MBR] f896fd631248aee4dcc883af928db460
    [BSP] 6921928446cdcaf84db4cca9d3f3e044 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464702 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951916544 | Size: 12136 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 2178ce8bd41052526ee7d10340327936
    [BSP] eed74580584a91e14e0c5d2f5f964904 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

    Finished : << RKreport[0]_S_10082013_091247.txt >>
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The logs clearly show you have a Zero Access Rootkit infection. There are also one or two other things that need cleaning up including remnants of Kaspersky Anti Virus.

    We need to start by removing the infection, as follows:

    Open Notepad and Copy & Paste the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select Copy then right click in the Notepad window and select Paste. Save it to the same location that FRST is saved in as fixlist.txt <--- it is very important to spell this name exactly as written here.

    Code:
    DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


    • Launch FRST by double clicking on it.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log in the same location the program is run from (Fixlog.txt) please Copy & Paste it into your next reply.


    ===========================================================

    When that has been done post the log. Next, run RogueKiller again and post the new log from that.

    ADWCleaner found quite a lot of Adware, please run it again in just the same way and post the new log.

    Please also download and run this: Kaspersky Uninstall Tool

    And also run these scans in the order listed:

    SCAN 1
    Download Temporary file cleaner and save it to the desktop.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically. There is no need to post the log.

    SCAN 2

    Please download RKill
    There are three buttons to choose from with different names on, select the first one and save it to your desktop.


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7, right-click on it and select Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.

    SCAN 3
    DO NOT reboot, download Malwarebytes from here if you do not already have it: Malwarebytes. Install the program, run it and let it update. If you already have Malwarebytes launch the program.

    • Select Perform full scan and click on the Scan button. When the scan completes click on Show Results.
    • If the scan does not find any infections the log will appear as soon as it completes, please Copy & Paste it into your next reply.
    • If items are detected it will stay on the Scanner window and you will see Objects detected: 1 (the number may be higher).
    • Click on Show Results and put a check mark next to all the items displayed in the list by clicking on each one in turn <--- very important, then click on Remove Selected.
    • The log will appear, Copy & Paste it into your next post.
    • Click on OK and close the window.
     
  8. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
    Ran by kingsa1 at 2013-10-08 16:11:46 Run:1
    Running from C:\Users\kingsa1\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
    *****************

    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
    "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

    ==== End of Fixlog ====




    # AdwCleaner v3.006 - Report created 08/10/2013 at 16:19:21
    # Updated 01/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : kingsa1 - KINGSA1-HP
    # Running from : C:\Users\kingsa1\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16686


    -\\ Google Chrome v30.0.1599.69

    [ File : C:\Users\kingsa1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [10048 octets] - [08/10/2013 09:00:41]
    AdwCleaner[R1].txt - [891 octets] - [08/10/2013 16:17:20]
    AdwCleaner[S0].txt - [9831 octets] - [08/10/2013 09:01:55]
    AdwCleaner[S1].txt - [813 octets] - [08/10/2013 16:19:21]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [872 octets] ##########
     
  9. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    RogueKiller V8.7.1 _x64_ [Oct 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : kingsa1 [Admin rights]
    Mode : Scan -- Date : 10/08/2013 16:31:29
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] utt347B.tmp.exe -- C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe" /MINIMIZED [7]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1895111836-1248595627-1161135978-1000\[...]\Run : uTorrent ("C:\Users\kingsa1\AppData\Local\Temp\utt347B.tmp.exe" /MINIMIZED [7]) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][Folder] Install : C:\Users\kingsa1\AppData\Local\Google\Desktop\Install [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDS721050CLA362 SATA Disk Device +++++
    --- User ---
    [MBR] f896fd631248aee4dcc883af928db460
    [BSP] 6921928446cdcaf84db4cca9d3f3e044 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464702 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951916544 | Size: 12136 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 2178ce8bd41052526ee7d10340327936
    [BSP] eed74580584a91e14e0c5d2f5f964904 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

    Finished : << RKreport[0]_S_10082013_163129.txt >>
    RKreport[0]_S_10082013_091247.txt;RKreport[0]_S_10082013_161515.txt
     
  10. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    says nothing found in kapersky uninstall tool
     
  11. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    the rkill black box shows up and freezes when it gets to zero access malware found tried three times same result everytime
     
  12. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    sorry misunderstood this report showed up but I saw no buttons only the black box

    Rkill 2.6.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 10/08/2013 05:00:12 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    * ALERT: ZEROACCESS rootkit symptoms found!

    * C:\Program Files (x86)\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\ [ZA Dir]
    * C:\Program Files (x86)\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\ \ [ZA Dir]
    * C:\Program Files (x86)\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\ \...\ [ZA Dir]
    * C:\Program Files (x86)\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\ \...\&#64505;&#3675;\ [ZA Dir]
    * C:\Program Files (x86)\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\ \...\&#64505;&#3675;\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\ [ZA Dir]
    * C:\Users\kingsa1\AppData\Local\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\ [ZA Dir]
    * C:\Users\kingsa1\AppData\Local\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\&#10084;&#8824;&#8921;\ [ZA Dir]
    * C:\Users\kingsa1\AppData\Local\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\&#10084;&#8824;&#8921;\&#11298;&#9760;&#9064;\ [ZA Dir]
    * C:\Users\kingsa1\AppData\Local\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\&#10084;&#8824;&#8921;\&#11298;&#9760;&#9064;\&#64505;&#3675;\ [ZA Dir]
    * C:\Users\kingsa1\AppData\Local\Google\Desktop\Install\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\&#10084;&#8824;&#8921;\&#11298;&#9760;&#9064;\&#64505;&#3675;\{681bcce0-51c8-e2da-de9a-fb7ab174e79f}\ [ZA Dir]

    Checking Windows Service Integrity:

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Disabled

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Disabled

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 10/08/2013 05:01:22 PM
    Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)
     
  13. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.08.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16686
    kingsa1 :: KINGSA1-HP [administrator]

    Protection: Enabled

    10/8/2013 5:11:11 PM
    mbam-log-2013-10-08 (17-11-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199326
    Time elapsed: 9 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Program Files (x86)\LinkSwift\LinkSwiftBHO.dll (PUP.Optional.LinkSwift.A) -> Delete on reboot.

    Registry Keys Detected: 8
    HKCR\CLSID\{323420b6-65e5-4657-8106-a27392d4d4aa} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{49fb101a-0a00-4e85-a807-8785c2d32604} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{339CA35C-F74A-44C3-BD78-9CE3E8C9C560} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\LINKSWIFT (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\LinkSwift|iid (PUP.Optional.LinkSwift.A) -> Data: def_LinkSwift -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Program Files (x86)\LinkSwift (PUP.Optional.LinkSwift.A) -> Delete on reboot.

    Files Detected: 12
    C:\Program Files (x86)\LinkSwift\LinkSwiftBHO.dll (PUP.Optional.LinkSwift.A) -> Delete on reboot.
    C:\ProgramData\rjzjq3jwl.pzz (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Users\kingsa1\Downloads\irfanview setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
    C:\Users\kingsa1\Downloads\rgs avacam setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
    C:\Users\kingsa1\Downloads\spybot search amp destroy setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
    C:\Users\kingsa1\Downloads\video.hd_55315.zip (Malware.Builder.CD) -> Quarantined and deleted successfully.
    C:\Users\kingsa1\Downloads\vlc media player setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LinkSwift\LinkSwift.ico (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LinkSwift\LinkSwiftUninstall.exe (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\LinkSwift\sqlite3.exe (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.

    (end)
     
  14. king_02891

    king_02891 Thread Starter

    Joined:
    Jul 4, 2001
    Messages:
    277
    okay pretty sure I did everything as you instructed awaiting further instructions (thank you very much for your time)
     
  15. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Good progress, but a part of the infection is still there.


    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Delete when complete.
    • Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.


    When that is done, reboot the system and run another scan with RogueKiller and post the new log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1110156

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice