Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

KPCGRHYNKO.VBS in my USB flash drive please help :(


  • Please log in to reply
17 replies to this topic

#1 geraldsantarin

geraldsantarin

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 December 2013 - 11:36 AM

I need help in removing that 'malware' please. All my files are in my usb and I don't have any backups. I've the solutions on the other threads but results are different :(



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:47 PM

Posted 07 December 2013 - 05:34 PM

:welcome: to the BC forums, geraldsantarin!


Please do the following...

:step1: Please click on the Windows 7 Start button and then on Control Panel
In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

In the Advanced settings: area, locate the Hidden files and folders category.
Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)
Click Apply and OK at the bottom of the Folder Options window.

:step2: Next, download UsbFix:
http://www.en.usbfix.net
Save to the Desktop.
Right-click the downloaded USBFix file and select: Run as Administrator
Connect any problem USB drive!
Press: Research
When done, the program closes on its own, and a report appears.
(The report file is also found at C:\UsbFix.txt)

>> Please post the UsbFix.txt (Research Mode) report in your reply.

:step3: Once again, run USBFix as Administrator, but, this time, press: Listing
>> Also post the UsbFix.txt (Listing Mode) report in your reply.

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:
Restart your computer.
When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu
Using the arrow keys, select: Safe Mode
Press the Enter key on your keyboard to boot into the selected mode.

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:
Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
When done with USBFix, re-enable your AV!

:step4: Last, please download the Farbar Recovery Scan Tool
Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
>> Also post the Addition.txt in your reply.


Old duck...


#3 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 December 2013 - 09:24 PM

############################## | UsbFix V 7.152 | [Research]
 
User: User's files (Administrator) # USERSFILES-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 10:21:27 | 08/12/2013
 
 
PC: Intel Corporation (DH61WW)
CPU: Intel® Core™ i3-2120 CPU @ 3.30GHz
RAM -> [Total : 3494 | Free : 1807]
Bios: Intel Corp.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 19.0.2
WB: Safari : 534.57.2
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (107 Mb free - 46%) [] # NTFS
D:\ -> Fixed drive # 233 Gb (155 Mb free - 67%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (671 Mb free - 17%) [GERALD] # FAT32
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID: 444 |ParentID: 368)
C:\Windows\system32\wininit.exe (ID: 496 |ParentID: 368)
C:\Windows\system32\csrss.exe (ID: 504 |ParentID: 488)
C:\Windows\system32\services.exe (ID: 556 |ParentID: 496)
C:\Windows\system32\lsass.exe (ID: 564 |ParentID: 496)
C:\Windows\system32\lsm.exe (ID: 572 |ParentID: 496)
C:\Windows\system32\winlogon.exe (ID: 604 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 712 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 796 |ParentID: 556)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 864 |ParentID: 556)
C:\Windows\System32\svchost.exe (ID: 956 |ParentID: 556)
C:\Windows\System32\svchost.exe (ID: 988 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 1016 |ParentID: 556)
C:\Windows\UnsignedThemesSvc.exe (ID: 1040 |ParentID: 556)
C:\Windows\system32\AUDIODG.EXE (ID: 1136 |ParentID: 956)
C:\Windows\system32\svchost.exe (ID: 1220 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 1388 |ParentID: 556)
C:\Windows\System32\spoolsv.exe (ID: 1640 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 1680 |ParentID: 556)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1868 |ParentID: 556)
C:\Windows\system32\taskhost.exe (ID: 1928 |ParentID: 556)
C:\Windows\system32\Dwm.exe (ID: 2012 |ParentID: 988)
C:\Windows\Explorer.EXE (ID: 2040 |ParentID: 2000)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 124 |ParentID: 556)
C:\Windows\system32\taskeng.exe (ID: 328 |ParentID: 1016)
C:\Windows\system32\taskeng.exe (ID: 448 |ParentID: 1016)
C:\Program Files\Garena Plus\ggdllhost.exe (ID: 488 |ParentID: 328)
C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe (ID: 1332 |ParentID: 556)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1560 |ParentID: 556)
C:\Windows\system32\IProsetMonitor.exe (ID: 1904 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 1452 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 2064 |ParentID: 556)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2204 |ParentID: 556)
C:\Windows\system32\SearchIndexer.exe (ID: 2380 |ParentID: 556)
C:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 2432 |ParentID: 556)
C:\Program Files\USB Disk Security\USBGuard.exe (ID: 2720 |ParentID: 2040)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2772 |ParentID: 2204)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 2888 |ParentID: 2040)
C:\Windows\System32\igfxpers.exe (ID: 2896 |ParentID: 2040)
C:\Windows\System32\hkcmd.exe (ID: 2920 |ParentID: 2040)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 2948 |ParentID: 2040)
C:\Program Files\HP\HP Software Update\hpwuschd2.exe (ID: 3104 |ParentID: 2040)
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ID: 3256 |ParentID: 2040)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3296 |ParentID: 2040)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 3340 |ParentID: 2040)
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (ID: 3364 |ParentID: 556)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 3416 |ParentID: 2040)
C:\Program Files\DAP\DAP.exe (ID: 3456 |ParentID: 2040)
C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe (ID: 3588 |ParentID: 2040)
C:\Windows\system32\svchost.exe (ID: 3736 |ParentID: 556)
C:\Windows\System32\svchost.exe (ID: 3856 |ParentID: 556)
C:\Program Files\iPod\bin\iPodService.exe (ID: 3984 |ParentID: 556)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4072 |ParentID: 556)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3164 |ParentID: 2040)
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 2568 |ParentID: 2040)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3124 |ParentID: 3164)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4016 |ParentID: 3164)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2912 |ParentID: 3164)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3200 |ParentID: 3164)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3204 |ParentID: 3164)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4112 |ParentID: 712)
C:\Windows\system32\DllHost.exe (ID: 4860 |ParentID: 712)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5676 |ParentID: 3164)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6140 |ParentID: 3164)
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID: 4564 |ParentID: 556)
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID: 4788 |ParentID: 556)
C:\Windows\system32\wuauclt.exe (ID: 5072 |ParentID: 1016)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 900 |ParentID: 3164)
C:\Windows\system32\taskeng.exe (ID: 4164 |ParentID: 1016)
C:\Windows\System32\WUDFHost.exe (ID: 1484 |ParentID: 988)
C:\Windows\servicing\TrustedInstaller.exe (ID: 464 |ParentID: 556)
C:\UsbFix\Go.exe (ID: 3608 |ParentID: 2312)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4816 |ParentID: 712)
 
################## | Regedit Run |
 
04 - HKLM\SOFTWARE | Run : [USB Security] - C:\Program Files\USB Disk Security\USBGuard.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [] - 
04 - HKLM\SOFTWARE | Run : [UX Launcher] - C:\Program Files\UX Pack\uxlaunch.exe
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [DownloadAccelerator] - "C:\Program Files\DAP\DAP.EXE" /STARTUP
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Messenger (Yahoo!)] - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [GarenaPlus] - "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Google Update] - "C:\Users\User's files\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Rim.DesktopHelper.exe] - "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Steam] - "C:\Program Files\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Found ! D:\ArcInstall_v20130810a.exe
Found ! D:\DNClientVer101_20130716.exe
Found ! D:\FLv19_TOR_setup.exe
Found ! D:\ROEP25setup.exe
Found ! D:\Union Ragnarok Online (CursorLock).lnk
Found ! F:\MANAGEMENT CONTROL SYSTEM.lnk
Found ! F:\hospitality info tech by pearson.lnk
Found ! F:\instruction.lnk
Found ! F:\RESUME.lnk
Found ! F:\RESUME 2.lnk
Found ! F:\Vids .lnk
Found ! F:\Pics .lnk
Found ! F:\Thumbs.lnk
Found ! F:\Thumbs   .lnk
Found ! F:\_ .lnk
Found ! F:\Pics.lnk
Found ! F:\Vids.lnk
Found ! F:\_.lnk
Found ! C:\Users\USER'S~1\AppData\Local\Temp\uttD688.tmp.exe
 
################## | Registry |
 
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |


#4 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 December 2013 - 09:29 PM

############################## | UsbFix V 7.152 | [Listing]
 
User: User's files (Administrator) # USERSFILES-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 10:29:32 | 08/12/2013
 
 
PC: Intel Corporation (DH61WW)
CPU: Intel® Core™ i3-2120 CPU @ 3.30GHz
RAM -> [Total : 3494 | Free : 2349]
Bios: Intel Corp.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 19.0.2
WB: Safari : 534.57.2
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (107 Mb free - 46%) [] # NTFS
D:\ -> Fixed drive # 233 Gb (155 Mb free - 67%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (671 Mb free - 17%) [GERALD] # FAT32
 
################## | Listing |
 
[09/10/2012 - 15:16:49 | SHD ] C:\$Recycle.Bin
[08/10/2013 - 08:40:00 | HD ] C:\ArcTemp
[11/06/2009 - 05:42:20 | A | 24] C:\autoexec.bat
[23/10/2013 - 09:02:41 | D ] C:\CherryDeGames
[11/06/2009 - 05:42:20 | A | 10] C:\config.sys
[14/07/2009 - 12:53:55 | SHD ] C:\Documents and Settings
[06/02/2013 - 01:33:02 | D ] C:\Fraps
[08/12/2013 - 00:05:43 | D ] C:\FRST
[09/10/2012 - 23:58:42 | D ] C:\GarenaDownload
[05/01/2013 - 09:23:21 | D ] C:\gravity
[08/12/2013 - 10:16:28 | ASH | 2748108800] C:\hiberfil.sys
[09/10/2012 - 15:19:44 | D ] C:\Intel
[06/04/2013 - 02:26:32 | D ] C:\Level Up Games
[09/10/2012 - 15:38:32 | RHD ] C:\MSOCache
[08/12/2013 - 10:16:31 | ASH | 3664146432] C:\pagefile.sys
[14/07/2009 - 10:37:05 | D ] C:\PerfLogs
[05/01/2013 - 09:12:44 | D ] C:\PlayPark
[10/10/2012 - 23:24:09 | D ] C:\Process Monitor
[21/11/2013 - 14:09:09 | RD ] C:\Program Files
[21/11/2013 - 14:09:08 | HD ] C:\ProgramData
[09/10/2012 - 15:20:33 | A | 206] C:\Realtek.log
[09/10/2012 - 15:16:35 | SHD ] C:\Recovery
[09/10/2012 - 15:20:33 | A | 2073] C:\RHDSetup.log
[07/12/2013 - 23:49:53 | SHD ] C:\System Volume Information
[09/10/2012 - 15:28:54 | D ] C:\TempEI4
[08/12/2013 - 10:29:33 | D ] C:\UsbFix
[08/12/2013 - 00:03:20 | A | 7022] C:\UsbFix [Listing 1 ] USERSFILES-PC.txt
[08/12/2013 - 00:04:05 | A | 7100] C:\UsbFix [Listing 2 ] USERSFILES-PC.txt
[08/12/2013 - 00:04:35 | A | 8343] C:\UsbFix [Listing 3 ] USERSFILES-PC.txt
[08/12/2013 - 10:29:34 | A | 2684] C:\UsbFix [Listing 4 ] USERSFILES-PC.txt
[07/12/2013 - 23:41:26 | A | 10188] C:\UsbFix [Scan 1] USERSFILES-PC.txt
[07/12/2013 - 23:42:40 | A | 7022] C:\UsbFix [Scan 2] USERSFILES-PC.txt
[08/12/2013 - 00:25:18 | A | 10526] C:\UsbFix [Scan 3] USERSFILES-PC.txt
[08/12/2013 - 10:23:08 | A | 10560] C:\UsbFix [Scan 4] USERSFILES-PC.txt
[09/10/2012 - 15:16:40 | RD ] C:\Users
[08/12/2013 - 00:05:45 | D ] C:\Windows
[09/10/2012 - 15:57:19 | SHD ] D:\$RECYCLE.BIN
[23/10/2013 - 01:03:08 | A | 111971450] D:\54303.flv
[25/04/2013 - 09:54:14 | A | 1298117] D:\Acknowledgement.docx
[20/05/2013 - 08:51:51 | A | 67994631] D:\Amateur porn with a young slut.mp4
[07/10/2013 - 23:59:14 | A | 8673680] D:\ArcInstall_v20130810a.exe
[25/04/2013 - 10:23:48 | A | 231770] D:\cert.jpg
[24/04/2013 - 21:53:21 | A | 43156] D:\claw1.docx
[23/04/2013 - 15:26:53 | A | 2103594] D:\claw2.docx
[25/04/2013 - 10:11:18 | A | 10966] D:\Cover.docx
[12/02/2013 - 01:21:38 | D ] D:\Culinary Etc
[23/10/2013 - 08:15:41 | RA | 3825990599] D:\DNClientVer101_20130716.exe
[06/03/2013 - 02:40:56 | D ] D:\Dr.Seuss.The.Lorax.2012.DVDRip.LiNE.XviD.AC3.HQ.Hive-CM8
[22/11/2013 - 12:53:31 | D ] D:\Dragnest
[22/11/2013 - 12:43:54 | RA | 4286517146] D:\DragnestFullSetupVer106.zip
[25/04/2013 - 10:53:15 | A | 465193] D:\eval1.jpg
[25/04/2013 - 10:57:06 | A | 510213] D:\eval2.jpg
[06/04/2013 - 02:17:51 | A | 1054173258] D:\FLv19_TOR_setup.exe
[25/03/2013 - 03:16:05 | A | 10827510] D:\Franco Reyes - Blame.flv
[10/03/2013 - 03:56:02 | D ] D:\Ice Age 4 Continental Drift (2012) [1080p]
[14/06/2013 - 08:24:53 | A | 89928] D:\id.jpg
[01/01/2013 - 01:38:43 | D ] D:\iPod Photo Cache
[29/08/2013 - 13:49:47 | D ] D:\Iron Man 3 (2013) [1080p]
[29/08/2013 - 15:50:53 | A | 700593354] D:\Iron.Man.3.2013.1080p.BluRay.x264.YIFY.avi
[23/06/2013 - 02:33:41 | A | 1242173] D:\J2BKfRRHTqMg.128.mp3.dap
[27/05/2013 - 00:25:03 | A | 130322334] D:\League of Legends Cinematic_ A Twist of Fate.mp4
[25/06/2013 - 07:23:10 | D ] D:\Leanna Decker
[22/08/2013 - 03:46:00 | A | 268481] D:\LiAoi 20130808.jpg
[14/08/2013 - 03:11:10 | A | 76877078] D:\LiAoi 20130808.mp4
[07/11/2013 - 08:39:38 | A | 77145686] D:\LiAoi-20130808.rar
[12/11/2013 - 14:44:44 | A | 458] D:\Local Disk © - Shortcut.lnk
[22/05/2013 - 22:02:03 | D ] D:\movies
[05/12/2013 - 15:08:20 | A | 14921] D:\mp.jpg
[06/02/2013 - 01:50:16 | HD ] D:\msdownld.tmp
[06/12/2013 - 06:10:08 | D ] D:\music
[04/12/2012 - 23:02:12 | A | 7283441664] D:\NBA.2K13-RELOADED.iso
[08/10/2013 - 11:15:25 | D ] D:\NBA.2K14.Crack.Only-RELOADED
[05/10/2013 - 22:47:18 | D ] D:\NBA2K14-SKIDROWCRACK.COM
[13/04/2013 - 08:58:18 | N | 1368274] D:\new orleans practicum.pdf
[25/04/2013 - 10:07:12 | A | 21896203] D:\OJT Docu.docx
[25/04/2013 - 08:39:48 | A | 123185] D:\Org chart.jpg
[22/05/2013 - 22:02:23 | D ] D:\pics
[21/02/2013 - 04:01:51 | A | 6288559] D:\Premiere vixens 3D.zip
[27/05/2013 - 04:50:02 | A | 99049057] D:\putapepe eyes 4Nia.mp4
[06/06/2013 - 09:26:22 | A | 574075] D:\ret1.jpg
[06/06/2013 - 09:27:47 | A | 232829] D:\ret2.jpg
[23/06/2013 - 02:33:35 | A | 3096240] D:\rJHpo658pDf8.128.mp3.dap
[05/12/2012 - 02:49:40 | A | 1669307084] D:\ROEP25setup.exe
[18/01/2013 - 01:11:22 | A | 0] D:\rpe_log.log
[17/04/2013 - 02:40:59 | A | 75959628] D:\Sachie_Sanders_-_VIVA_HB_GONE_WILD__2007_.wmv
[19/06/2013 - 15:00:11 | A | 96196560] D:\slut wife.wmv
[19/06/2013 - 14:47:51 | A | 84151] D:\slutwife.wmv#
[16/03/2013 - 03:05:15 | D ] D:\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
[22/05/2013 - 22:10:31 | A | 16105101] D:\Sora Aoi.mp4
[14/04/2013 - 03:20:08 | D ] D:\Step Up Revolution (2012) [1080p]
[22/03/2013 - 02:46:32 | D ] D:\Strat
[09/10/2012 - 15:55:58 | SHD ] D:\System Volume Information
[13/04/2013 - 08:58:16 | N | 191658] D:\table of contents.pdf
[02/03/2013 - 02:04:10 | D ] D:\Taken 2 (2012) [1080p]
[01/03/2013 - 01:37:28 | D ] D:\Ted 2012 [R6 movie]
[03/03/2013 - 05:10:31 | D ] D:\The Avengers (2012)
[28/08/2013 - 22:13:43 | D ] D:\The Conjuring 2013 R6 WEBRiP XviD-Acesan8s
[06/03/2013 - 04:30:29 | D ] D:\The Hunger Games (2012)
[25/04/2013 - 10:25:28 | A | 579980] D:\time1.jpg
[25/04/2013 - 10:26:58 | A | 607299] D:\time2.jpg
[25/04/2013 - 10:35:38 | A | 167047] D:\time3.jpg
[25/04/2013 - 10:07:50 | A | 1299331] D:\title page.docx
[05/12/2013 - 23:15:50 | D ] D:\Torrent
[16/01/2013 - 16:31:14 | A | 1140] D:\Union Ragnarok Online (CursorLock).lnk
[12/11/2013 - 15:26:35 | D ] D:\Verniece Enciso
[23/11/2013 - 02:29:57 | D ] D:\VRO
[01/03/2013 - 03:57:17 | D ] D:\Wreck-It Ralph (2012) [1080p]
[22/05/2013 - 22:29:27 | A | 15540504] D:\YouPorn - sora aoi nice.mp4
[31/07/2012 - 00:14:28 | HD ] F:\Vids
[24/01/2013 - 14:53:18 | SH | 875520] F:\MANAGEMENT CONTROL SYSTEM.ppt
[21/11/2011 - 22:36:48 | SH | 655360] F:\hospitality info tech by pearson.ppt
[02/02/2013 - 09:06:32 | SH | 27136] F:\instruction.doc
[04/12/2013 - 16:07:12 | SH | 132688] F:\RESUME.docx
[05/12/2013 - 15:23:48 | SH | 140636] F:\RESUME 2.docx
[05/12/2013 - 16:46:32 | HD ] F:\_
[05/12/2013 - 16:56:08 | A | 1646] F:\MANAGEMENT CONTROL SYSTEM.lnk
[05/12/2013 - 16:56:08 | A | 1668] F:\hospitality info tech by pearson.lnk
[05/12/2013 - 16:56:08 | A | 1614] F:\instruction.lnk
[05/12/2013 - 16:56:08 | A | 1606] F:\RESUME.lnk
[05/12/2013 - 16:56:08 | A | 1614] F:\RESUME 2.lnk
[05/12/2013 - 16:56:08 | A | 1606] F:\Vids .lnk
[05/12/2013 - 16:56:08 | A | 1606] F:\Pics .lnk
[05/12/2013 - 16:56:08 | A | 738] F:\Thumbs.lnk
[05/12/2013 - 16:56:08 | A | 712] F:\Thumbs   .lnk
[05/12/2013 - 16:56:08 | A | 734] F:\_ .lnk
[05/12/2013 - 16:56:08 | A | 690] F:\Pics.lnk
[05/12/2013 - 16:56:08 | A | 744] F:\Vids.lnk
[05/12/2013 - 16:56:08 | A | 738] F:\_.lnk
 
################## | E.O.F |


#5 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:47 PM

Posted 07 December 2013 - 09:47 PM

D:\NBA.2K14.Crack.Only-RELOADED
D:\NBA2K14-SKIDROWCRACK.COM

There is cracked software detected on the D:\ drive.

Besides being illegal, cracked software is a prime source for infecting your system, as malware authors prey on users looking to circumvent software protection mechanisms.

This forum, as well as other reputable malware removal forums, do not support the use of illegal software, as our help may be construed as aiding copyright violations. Therefore, if you wish to receive my help, you must first remove all cracked or illegal software from the computer.

After doing so, post the Farbar Recovery Scan Tool report.

Old duck...


#6 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 December 2013 - 10:07 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2013 01
Ran by User's files (administrator) on USERSFILES-PC on 08-12-2013 10:50:43
Running from C:\Users\User's files\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [USB Security] - C:\Program Files\USB Disk Security\USBGuard.exe [658632 2012-07-31] (Zbshareware Lab)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [UX Launcher] - C:\Program Files\UX Pack\uxlaunch.exe [211577 2011-12-26] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Runonce: [] - [x]
HKCU\...\Run: [DownloadAccelerator] - C:\Program Files\DAP\DAP.exe [3795160 2012-10-09] (Speedbit Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [GarenaPlus] - C:\Program Files\Garena Plus\GarenaMessenger.exe [9890608 2013-11-21] ()
HKCU\...\Run: [Google Update] - C:\Users\User's files\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-02] (Google Inc.)
HKCU\...\Run: [Rim.DesktopHelper.exe] - C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe [752656 2013-03-07] (Research In Motion)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1814440 2013-09-22] (Valve Corporation)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Winlogon: [Shell] expstart.exe <==== ATTENTION 
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
URLSearchHook: HKLM - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
URLSearchHook: HKCU - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
SearchScopes: HKCU - {B318F7BE-BE73-4D78-921E-9A65C29A19A1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - BitTorrentControl_v12 Toolbar - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\User's files\AppData\Roaming\Mozilla\Firefox\Profiles\ow1yyplq.default
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @raidcall.en/RCplugin - C:\Users\User's files\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @t.garena.com/garenatalk - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User's files\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User's files\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: BitTorrentControl_v12  - C:\Users\User's files\AppData\Roaming\Mozilla\Firefox\Profiles\ow1yyplq.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
FF Extension: testpilot - C:\Users\User's files\AppData\Roaming\Mozilla\Firefox\Profiles\ow1yyplq.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF Extension: Babylon Translation Activation - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR RestoreOnStartup: "hxxp://www.facebook.com/"
CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSuggestURL:       "suggest_url": "",
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U23) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (YouTube) - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (DAP Link Checker) - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_0
CHR Extension: (Google Search) - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (BitTorrentControl_v12) - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.22.3.518_0
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0
CHR Extension: (Web Navigation) - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0
CHR Extension: (Google Wallet) - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files\DAP\daplinkchecker.crx
CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\User's files\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx
CHR HKLM\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\User's files\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx
CHR StartMenuInternet: Google Chrome - C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-09-26] (Perfect World Entertainment Inc)
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [109728 2010-12-06] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-07] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [287824 2012-09-12] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4763048 2013-02-13] (INCA Internet Co., Ltd.)
S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
 
==================== Drivers (Whitelisted) ====================
 
S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-12-21] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]
S3 netr28u; system32\DRIVERS\netr28u.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-08 10:34 - 2013-12-08 10:34 - 00000000 ____D C:\Users\User's files\Desktop\FRST-OlderVersion
2013-12-08 10:29 - 2013-12-08 10:29 - 00008610 _____ C:\UsbFix [Listing 4 ] USERSFILES-PC.txt
2013-12-08 10:21 - 2013-12-08 10:23 - 00010560 _____ C:\UsbFix [Scan 4] USERSFILES-PC.txt
2013-12-08 00:24 - 2013-12-08 00:25 - 00010526 _____ C:\UsbFix [Scan 3] USERSFILES-PC.txt
2013-12-08 00:05 - 2013-12-08 10:51 - 00017340 _____ C:\Users\User's files\Desktop\FRST.txt
2013-12-08 00:05 - 2013-12-08 10:34 - 00000000 ____D C:\FRST
2013-12-08 00:04 - 2013-12-08 00:04 - 00008343 _____ C:\UsbFix [Listing 3 ] USERSFILES-PC.txt
2013-12-08 00:04 - 2013-12-08 00:04 - 00007100 _____ C:\UsbFix [Listing 2 ] USERSFILES-PC.txt
2013-12-08 00:03 - 2013-12-08 00:03 - 00007022 _____ C:\UsbFix [Listing 1 ] USERSFILES-PC.txt
2013-12-08 00:02 - 2013-12-08 10:34 - 01060421 _____ (Farbar) C:\Users\User's files\Desktop\FRST.exe
2013-12-07 23:42 - 2013-12-07 23:42 - 00007022 _____ C:\UsbFix [Scan 2] USERSFILES-PC.txt
2013-12-07 23:41 - 2013-12-08 10:23 - 00002104 _____ C:\Users\User's files\Desktop\UsbFix Donate.lnk
2013-12-07 23:39 - 2013-12-08 10:29 - 00000000 ____D C:\UsbFix
2013-12-07 23:39 - 2013-12-07 23:41 - 00010188 _____ C:\UsbFix [Scan 1] USERSFILES-PC.txt
2013-12-07 23:32 - 2013-12-07 23:32 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\User's files\Desktop\UsbFix.exe
2013-12-07 23:27 - 2013-12-07 23:27 - 00655360 _____ C:\Users\User's files\Downloads\MicrosoftFixit50471.msi.dap
2013-12-07 23:27 - 2013-12-07 23:27 - 00655360 _____ C:\Users\User's files\Desktop\MicrosoftFixit50471.msi
2013-12-05 23:16 - 2013-12-05 23:16 - 00020054 _____ C:\Users\User's files\Downloads\[kickass.to]fun.aim.and.ignite.mp3.torrent
2013-12-02 21:28 - 2012-12-04 14:24 - 34953090 _____ C:\Users\User's files\Desktop\Pads Video 9mins.mp4
2013-11-29 23:25 - 2013-11-29 23:25 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-23 02:24 - 2013-11-23 02:24 - 00000541 _____ C:\Users\User's files\Desktop\DotaRO.exe.lnk
2013-11-23 02:24 - 2013-11-23 02:24 - 00000000 ____D C:\Users\User's files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DotaRO Installer v2.0
2013-11-23 02:08 - 2013-11-23 02:23 - 112716344 _____ () C:\Users\User's files\Downloads\DotaRO Installer v2.0.exe
2013-11-22 13:02 - 2013-11-22 13:02 - 00000656 _____ C:\Users\Public\Desktop\PlayDGN.lnk
2013-11-21 16:26 - 2013-11-21 16:26 - 00164176 _____ C:\Users\User's files\Downloads\DragnestFullSetupVer106.torrent
2013-11-21 14:09 - 2013-11-21 14:09 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-21 14:09 - 2013-11-21 14:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-21 14:09 - 2013-11-21 14:09 - 00000000 ____D C:\Program Files\iTunes
2013-11-21 14:09 - 2013-11-21 14:09 - 00000000 ____D C:\Program Files\iPod
2013-11-21 02:35 - 2013-11-21 02:35 - 00164165 _____ C:\Users\User's files\Downloads\Dgnto106.torrent
2013-11-14 03:10 - 2013-11-14 03:10 - 00467496 _____ (WinZip Computing) C:\Users\User's files\Downloads\WinZipRegistryOptimizer.exe
2013-11-12 15:48 - 2013-11-12 15:48 - 00000000 ____D C:\Users\User's files\Podcasts
2013-11-12 15:48 - 2013-11-12 15:48 - 00000000 ____D C:\Users\User's files\Documents\Media Go
2013-11-12 15:47 - 2013-11-12 15:49 - 00000000 ____D C:\Users\User's files\AppData\Local\Sony
2013-11-12 15:47 - 2013-11-12 15:47 - 00001855 _____ C:\Users\Public\Desktop\Media Go.lnk
2013-11-12 15:47 - 2013-11-12 15:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-11-12 15:47 - 2013-11-12 15:47 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-11-12 15:44 - 2013-11-12 15:47 - 00000000 ____D C:\Program Files\Sony
2013-11-12 15:44 - 2013-11-12 15:44 - 00000000 ____D C:\Users\User's files\AppData\Local\Downloaded Installations
2013-11-12 15:43 - 2013-11-12 22:42 - 00000000 ____D C:\Users\User's files\AppData\Roaming\Sony
2013-11-12 15:43 - 2013-11-12 15:44 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-11-12 15:02 - 2013-11-12 15:35 - 104760376 _____ (Sony Network Entertainment International LLC) C:\Users\User's files\Downloads\mediago_setup.exe
2013-11-12 11:29 - 2013-11-12 11:29 - 00000965 _____ C:\Users\User's files\Desktop\RaidCall.lnk
2013-11-12 11:21 - 2013-11-12 11:22 - 05525848 _____ C:\Users\User's files\Downloads\raidcall.exe
2013-11-12 11:21 - 2013-11-12 11:21 - 05525848 _____ C:\Users\User's files\Downloads\raidcall.exe.dap
2013-11-12 11:19 - 2013-11-12 11:20 - 05525848 _____ C:\Users\User's files\Downloads\7.3.0
2013-11-11 16:25 - 2013-11-11 16:25 - 00000543 _____ C:\Users\User's files\Desktop\SpectralRO.lnk
2013-11-11 16:25 - 2013-11-11 16:25 - 00000000 ____D C:\Users\User's files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spectral Ragnarok Online
2013-11-11 10:49 - 2013-11-11 11:20 - 111489587 _____ () C:\Users\User's files\Downloads\SpectralRO Installer v1.5.exe
 
==================== One Month Modified Files and Folders =======
 
2013-12-08 10:51 - 2013-12-08 00:05 - 00017340 _____ C:\Users\User's files\Desktop\FRST.txt
2013-12-08 10:51 - 2012-10-09 15:18 - 02063562 _____ C:\Windows\WindowsUpdate.log
2013-12-08 10:45 - 2013-03-07 23:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-08 10:40 - 2012-12-02 00:04 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917163984-75659229-3925815574-1000UA.job
2013-12-08 10:34 - 2013-12-08 10:34 - 00000000 ____D C:\Users\User's files\Desktop\FRST-OlderVersion
2013-12-08 10:34 - 2013-12-08 00:05 - 00000000 ____D C:\FRST
2013-12-08 10:34 - 2013-12-08 00:02 - 01060421 _____ (Farbar) C:\Users\User's files\Desktop\FRST.exe
2013-12-08 10:29 - 2013-12-08 10:29 - 00008610 _____ C:\UsbFix [Listing 4 ] USERSFILES-PC.txt
2013-12-08 10:29 - 2013-12-07 23:39 - 00000000 ____D C:\UsbFix
2013-12-08 10:23 - 2013-12-08 10:21 - 00010560 _____ C:\UsbFix [Scan 4] USERSFILES-PC.txt
2013-12-08 10:23 - 2013-12-07 23:41 - 00002104 _____ C:\Users\User's files\Desktop\UsbFix Donate.lnk
2013-12-08 10:20 - 2013-06-15 11:43 - 00000000 ____D C:\Program Files\Steam
2013-12-08 10:20 - 2012-10-09 23:56 - 00000000 ____D C:\Users\User's files\AppData\Roaming\GarenaPlus
2013-12-08 10:20 - 2012-10-09 23:56 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-12-08 10:20 - 2012-10-09 15:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-08 10:20 - 2012-10-09 15:30 - 00000000 ____D C:\Users\User's files\AppData\Roaming\Skype
2013-12-08 10:16 - 2013-03-07 23:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-08 10:16 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 10:16 - 2009-07-14 12:39 - 00069750 _____ C:\Windows\setupact.log
2013-12-08 01:01 - 2013-10-23 09:10 - 00000000 ____D C:\Users\User's files\Documents\DragonNest
2013-12-08 00:25 - 2013-12-08 00:24 - 00010526 _____ C:\UsbFix [Scan 3] USERSFILES-PC.txt
2013-12-08 00:16 - 2009-07-14 12:34 - 00010320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 00:16 - 2009-07-14 12:34 - 00010320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 00:04 - 2013-12-08 00:04 - 00008343 _____ C:\UsbFix [Listing 3 ] USERSFILES-PC.txt
2013-12-08 00:04 - 2013-12-08 00:04 - 00007100 _____ C:\UsbFix [Listing 2 ] USERSFILES-PC.txt
2013-12-08 00:03 - 2013-12-08 00:03 - 00007022 _____ C:\UsbFix [Listing 1 ] USERSFILES-PC.txt
2013-12-07 23:42 - 2013-12-07 23:42 - 00007022 _____ C:\UsbFix [Scan 2] USERSFILES-PC.txt
2013-12-07 23:41 - 2013-12-07 23:39 - 00010188 _____ C:\UsbFix [Scan 1] USERSFILES-PC.txt
2013-12-07 23:32 - 2013-12-07 23:32 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\User's files\Desktop\UsbFix.exe
2013-12-07 23:27 - 2013-12-07 23:27 - 00655360 _____ C:\Users\User's files\Downloads\MicrosoftFixit50471.msi.dap
2013-12-07 23:27 - 2013-12-07 23:27 - 00655360 _____ C:\Users\User's files\Desktop\MicrosoftFixit50471.msi
2013-12-06 06:09 - 2012-10-31 21:37 - 00000000 ____D C:\Users\User's files\AppData\Roaming\BitTorrent
2013-12-05 23:16 - 2013-12-05 23:16 - 00020054 _____ C:\Users\User's files\Downloads\[kickass.to]fun.aim.and.ignite.mp3.torrent
2013-12-04 16:04 - 2012-10-09 15:22 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 09:39 - 2012-12-02 00:04 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917163984-75659229-3925815574-1000Core.job
2013-11-30 15:54 - 2009-07-14 12:53 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-29 23:25 - 2013-11-29 23:25 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-29 23:25 - 2012-12-03 23:19 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-28 22:38 - 2012-10-09 23:56 - 00000000 ____D C:\Program Files\Garena Plus
2013-11-23 02:24 - 2013-11-23 02:24 - 00000541 _____ C:\Users\User's files\Desktop\DotaRO.exe.lnk
2013-11-23 02:24 - 2013-11-23 02:24 - 00000000 ____D C:\Users\User's files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DotaRO Installer v2.0
2013-11-23 02:23 - 2013-11-23 02:08 - 112716344 _____ () C:\Users\User's files\Downloads\DotaRO Installer v2.0.exe
2013-11-23 01:06 - 2012-10-09 15:29 - 00000000 ____D C:\Users\User's files\AppData\Roaming\vlc
2013-11-22 13:02 - 2013-11-22 13:02 - 00000656 _____ C:\Users\Public\Desktop\PlayDGN.lnk
2013-11-21 16:26 - 2013-11-21 16:26 - 00164176 _____ C:\Users\User's files\Downloads\DragnestFullSetupVer106.torrent
2013-11-21 14:09 - 2013-11-21 14:09 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-21 14:09 - 2013-11-21 14:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-21 14:09 - 2013-11-21 14:09 - 00000000 ____D C:\Program Files\iTunes
2013-11-21 14:09 - 2013-11-21 14:09 - 00000000 ____D C:\Program Files\iPod
2013-11-21 14:09 - 2012-10-10 00:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-21 02:35 - 2013-11-21 02:35 - 00164165 _____ C:\Users\User's files\Downloads\Dgnto106.torrent
2013-11-19 18:21 - 2012-10-10 21:41 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-15 09:54 - 2012-10-09 15:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-15 09:54 - 2012-10-09 15:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-15 09:51 - 2013-04-17 02:44 - 00000000 ____D C:\Users\User's files\AppData\Local\Adobe
2013-11-14 03:10 - 2013-11-14 03:10 - 00467496 _____ (WinZip Computing) C:\Users\User's files\Downloads\WinZipRegistryOptimizer.exe
2013-11-12 22:42 - 2013-11-12 15:43 - 00000000 ____D C:\Users\User's files\AppData\Roaming\Sony
2013-11-12 22:41 - 2012-10-09 15:16 - 00000000 ____D C:\Users\User's files
2013-11-12 15:49 - 2013-11-12 15:47 - 00000000 ____D C:\Users\User's files\AppData\Local\Sony
2013-11-12 15:48 - 2013-11-12 15:48 - 00000000 ____D C:\Users\User's files\Podcasts
2013-11-12 15:48 - 2013-11-12 15:48 - 00000000 ____D C:\Users\User's files\Documents\Media Go
2013-11-12 15:47 - 2013-11-12 15:47 - 00001855 _____ C:\Users\Public\Desktop\Media Go.lnk
2013-11-12 15:47 - 2013-11-12 15:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-11-12 15:47 - 2013-11-12 15:47 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-11-12 15:47 - 2013-11-12 15:44 - 00000000 ____D C:\Program Files\Sony
2013-11-12 15:44 - 2013-11-12 15:44 - 00000000 ____D C:\Users\User's files\AppData\Local\Downloaded Installations
2013-11-12 15:44 - 2013-11-12 15:43 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-11-12 15:35 - 2013-11-12 15:02 - 104760376 _____ (Sony Network Entertainment International LLC) C:\Users\User's files\Downloads\mediago_setup.exe
2013-11-12 11:30 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\RaidCall
2013-11-12 11:29 - 2013-11-12 11:29 - 00000965 _____ C:\Users\User's files\Desktop\RaidCall.lnk
2013-11-12 11:29 - 2013-03-07 23:13 - 00000989 _____ C:\Users\User's files\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2013-11-12 11:22 - 2013-11-12 11:21 - 05525848 _____ C:\Users\User's files\Downloads\raidcall.exe
2013-11-12 11:21 - 2013-11-12 11:21 - 05525848 _____ C:\Users\User's files\Downloads\raidcall.exe.dap
2013-11-12 11:20 - 2013-11-12 11:19 - 05525848 _____ C:\Users\User's files\Downloads\7.3.0
2013-11-11 16:25 - 2013-11-11 16:25 - 00000543 _____ C:\Users\User's files\Desktop\SpectralRO.lnk
2013-11-11 16:25 - 2013-11-11 16:25 - 00000000 ____D C:\Users\User's files\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spectral Ragnarok Online
2013-11-11 11:20 - 2013-11-11 10:49 - 111489587 _____ () C:\Users\User's files\Downloads\SpectralRO Installer v1.5.exe
 
Some content of TEMP:
====================
C:\Users\User's files\AppData\Local\Temp\AutoUI.exe
C:\Users\User's files\AppData\Local\Temp\avguidx.dll
C:\Users\User's files\AppData\Local\Temp\cabex.dll
C:\Users\User's files\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User's files\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\User's files\AppData\Local\Temp\GUninstaller.exe
C:\Users\User's files\AppData\Local\Temp\install_reader10_en_mssd_aih.exe
C:\Users\User's files\AppData\Local\Temp\install_reader11_en_mssd_aih.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\User's files\AppData\Local\Temp\oi_{B42980EF-19C1-4AB3-B333-CAD541CE137F}.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062200.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062301.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062401.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062402.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062500.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062600.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062700.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062800.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062901.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063000.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063100.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063301.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063400.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063500.exe
C:\Users\User's files\AppData\Local\Temp\PH173_patch_121213to121219.exe
C:\Users\User's files\AppData\Local\Temp\PH303_patch_130221to130307.exe
C:\Users\User's files\AppData\Local\Temp\PH305_balance_patch_130404to130412.exe
C:\Users\User's files\AppData\Local\Temp\PH305_patch_130322to130404.exe
C:\Users\User's files\AppData\Local\Temp\PH_130513to130522_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_130608to130717_309v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_130717to130718_309v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_130802to130827_310_hotfix.exe
C:\Users\User's files\AppData\Local\Temp\PH_130913to131016_312.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_hotfix_130503to130504.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_hotfix_130504to130513.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_patch_130412to130503.exe
C:\Users\User's files\AppData\Local\Temp\PH_308_130606to130618v4.exe
C:\Users\User's files\AppData\Local\Temp\PH_310_130718to130802.exe
C:\Users\User's files\AppData\Local\Temp\PH_311_130827to130911_3.exe
C:\Users\User's files\AppData\Local\Temp\PH_311_130911to130913.exe
C:\Users\User's files\AppData\Local\Temp\PH_313hotfix_131104to131114.exe
C:\Users\User's files\AppData\Local\Temp\PH_313_131016to131104v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_hotfix_130522to130529_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_hotfix_130529to130606_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch304_130307to130321.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch304_130321to130322.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_120924to121031.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121115to121213_172_2.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121219to121221_hotfix.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121221to130124_174.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_130124to130221v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_171_121031to121115.exe
C:\Users\User's files\AppData\Local\Temp\RunWizards.exe
C:\Users\User's files\AppData\Local\Temp\svd_dap.exe
C:\Users\User's files\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\User's files\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\User's files\AppData\Local\Temp\tbedrs.dll
C:\Users\User's files\AppData\Local\Temp\uninst1.exe
C:\Users\User's files\AppData\Local\Temp\uttD688.tmp.exe
C:\Users\User's files\AppData\Local\Temp\vcredist_x86.exe
C:\Users\User's files\AppData\Local\Temp\zbqciscz.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-06 00:49
 
==================== End Of Log ============================


#7 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 December 2013 - 10:08 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-12-2013 01
Ran by User's files at 2013-12-08 10:51:40
Running from C:\Users\User's files\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Arc (Version: 1.0.0.5510)
Auslogics BoostSpeed (Version: 5.0)
Bing Bar (Version: 7.2.241.0)
BitTorrent (Version: 7.7.0.27987)
BitTorrentControl_v12 Toolbar (Version: 6.9.0.16) <==== ATTENTION
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41)
BlackBerry Device Software v7.1.0 for the BlackBerry 9320 smartphone (Version: 7.1.0.746 (Platform 9.49.0.77))
Bonjour (Version: 3.0.0.10)
Chikka Messenger
Coupon Printer for Windows (Version: 5.0.0.0)
Diablo III (Version: 1.0.0.8370)
Dota 2
DotaRO Installer v2.0
Download Accelerator Plus (DAP) (Version: 10043 (Build 2489))
Dragon Nest SEA (Version: 1.101.0000)
Facebook Icon (Version: 1.00.00)
FlyFF (Version: 1.0.0)
Fraps
Garena - Heroes of Newerth (Version: 2011)
Garena - League of Legends
Garena Plus (Version: 2011)
Google Chrome (HKCU Version: 31.0.1650.63)
Google Drive (Version: 1.12.5329.1887)
Google Update Helper (Version: 1.3.21.165)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (Version: 22.0.334.0)
HP Deskjet Ink Adv 2060 K110 Help (Version: 140.0.2.2)
HP Deskjet Ink Adv 2060 K110 Product Improvement Study (Version: 22.0.334.0)
HP Photo Creations (Version: 1.0.0.3341)
HP Update (Version: 5.002.005.003)
iCloud (Version: 3.0.2.163)
IconPackager (Version: 5.00)
iExplorer 3.1.1.0
iFunbox (v2.1.2228.731), iFunbox DevTeam (Version: v2.1.2228.731)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Network Connections 16.0.19.0 (Version: 16.0.19.0)
Intel® Processor Graphics (Version: 8.15.10.2279)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Lion UX Pack (Version: 1.0)
LOLReplay (Version: 0.8.1.4)
Magic ISO Maker v5.5 (build 0281)
McAfee Security Scan Plus (Version: 3.8.130.10)
Media Go (Version: 2.5.299)
Media Go Video Playback Engine 1.120.108.05010 (Version: 1.120.108.05010)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Encarta Premium 2009 (Version: 2009)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Mozilla Firefox 17.0 (x86 en-US) (Version: 17.0)
Mozilla Maintenance Service (Version: 17.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NBA 2K11 (Version: 1.0.0)
NBA 2K14 (Version: 1.0.0)
Nero 8 Lite (Version: 8.3.13.0)
NVIDIA PhysX (Version: 9.10.0514)
Pando Media Booster (Version: 2.6.0.9)
Picasa 3 (Version: 3.9)
PlayDGN version 106 (Version: 106)
PlayStation®Store (Version: 4.16.2.15545)
QuickTime (Version: 7.74.80.86)
Ragnarok Online (Version: 1.0.0)
Ragnarok Online2 (Version: 2.00.0000)
RaidCall (Version: 7.3.0-1.0.10926.49)
Realtek High Definition Audio Driver (Version: 6.0.1.6299)
Safari (Version: 5.34.57.2)
Skype™ 5.10 (Version: 5.10.116)
Spectral Ragnarok Online
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Text Twist 2 1.00
The KMPlayer (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
USB Disk Security
UsbFix By El Desaparecido
UxStyle Core Beta (Version: 0.2.1.1)
Villain RO Lite Installer
Villain RO Lite Installer v3.0
VLC media player 2.0.2 (Version: 2.0.2)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Yahoo! Messenger
YTD Video Downloader 3.9.6 (Version: 3.9.6)
 
==================== Restore Points  =========================
 
23-11-2013 15:29:48 Windows Update
27-11-2013 05:04:29 Windows Update
30-11-2013 22:56:29 Windows Update
04-12-2013 01:31:24 Windows Update
07-12-2013 15:31:54 Installed Microsoft Fix it 50471
07-12-2013 15:49:46 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 10:04 - 2012-10-09 15:54 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02693E11-D99A-4714-9279-5EF57743D4F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {314EFBA3-F628-427F-B9EA-63D14652E2B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2917163984-75659229-3925815574-1000UA => C:\Users\User's files\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {51A3D524-66F8-4B1C-AD1A-335606E0D686} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2917163984-75659229-3925815574-1000Core => C:\Users\User's files\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {611FCA70-EBEB-4B0C-AA14-F9AE5EF1DF44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {89635852-6DF9-45FC-94A4-379C1B5B83FE} - System32\Tasks\gg_uac_daemon_User's files => C:\Program Files\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {93ACCA4A-3BC6-48A3-B1BE-C79CB343448C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B08C2561-D17F-4821-BD3D-3F08F331E4D6} - System32\Tasks\HPCustParticipation HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {D26EA629-5CDE-4256-99EE-0EB20DBAEB18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15] (Adobe Systems Incorporated)
Task: {F4898260-7EBD-4C94-9820-5FA1CCDA785B} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917163984-75659229-3925815574-1000Core.job => C:\Users\User's files\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917163984-75659229-3925815574-1000UA.job => C:\Users\User's files\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-06 10:42 - 2013-12-04 10:47 - 00702416 _____ () C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 10:42 - 2013-12-04 10:47 - 00099792 _____ () C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 10:42 - 2013-12-04 10:48 - 04055504 _____ () C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 10:42 - 2013-12-04 10:48 - 00399312 _____ () C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 10:42 - 2013-12-04 10:47 - 01619408 _____ () C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 10:42 - 2013-12-04 10:48 - 13586896 _____ () C:\Users\User's files\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-17 12:32 - 2013-08-23 17:10 - 00553776 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2012-10-09 15:19 - 2011-01-07 16:57 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2012-02-22 16:52 - 2013-01-30 16:26 - 00104752 _____ () C:\Program Files\Garena Plus\CommonLib.dll
2012-07-12 13:40 - 2013-02-07 17:11 - 00033584 _____ () C:\Program Files\Garena Plus\DibModule.dll
2012-09-18 10:57 - 2013-11-21 19:28 - 00027952 _____ () C:\Program Files\Garena Plus\VersionModule.dll
2012-08-13 17:09 - 2013-02-07 17:11 - 00051504 _____ () C:\Program Files\Garena Plus\FileLoader.dll
2012-07-27 15:41 - 2013-02-07 17:11 - 00087344 _____ () C:\Program Files\Garena Plus\PluginKernel.dll
2012-09-13 17:25 - 2013-03-07 10:10 - 00487216 _____ () C:\Program Files\Garena Plus\CxImage.dll
2012-04-24 09:21 - 2013-02-07 17:11 - 00025392 _____ () C:\Program Files\Garena Plus\PluginModule.dll
2012-07-27 14:59 - 2013-04-10 17:23 - 00170800 _____ () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2012-09-13 17:25 - 2013-03-13 18:05 - 00374064 _____ () C:\Program Files\Garena Plus\lib\Http.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00178176 _____ () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files\Garena Plus\lame_enc.DLL
2012-02-22 16:52 - 2013-01-14 19:57 - 00219952 _____ () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2012-09-13 14:19 - 2013-03-07 10:10 - 00106288 _____ () C:\Program Files\Garena Plus\lib\UILayout.dll
2012-09-17 12:49 - 2013-07-26 14:18 - 00957232 _____ () C:\Program Files\Garena Plus\lib\XLL.dll
2012-09-13 14:19 - 2012-09-13 14:19 - 00048640 _____ () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files\Garena Plus\sqlite3.dll
2012-09-13 17:39 - 2013-03-07 10:10 - 00224560 _____ () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2012-11-02 00:05 - 2013-11-21 19:28 - 00896304 _____ () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2012-06-21 20:35 - 2013-02-07 17:11 - 00192816 _____ () C:\Program Files\Garena Plus\ImageModule.dll
2013-04-11 11:50 - 2013-04-10 17:22 - 00155440 _____ () C:\Program Files\Garena Plus\libmpg123.dll
2012-08-30 21:43 - 2013-01-30 16:26 - 02941232 _____ () C:\Program Files\Garena Plus\ggdownloader.dll
2012-04-13 11:12 - 2012-04-13 11:12 - 00059392 _____ () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2012-07-27 14:59 - 2012-07-27 14:59 - 00010240 _____ () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2012-09-13 17:23 - 2013-07-15 22:29 - 01545520 _____ () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2012-07-31 18:38 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files\Garena Plus\libzmq.dll
2012-08-30 18:49 - 2013-09-20 19:12 - 00956208 _____ () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2012-04-24 09:19 - 2012-04-24 09:19 - 00238592 _____ () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2012-04-13 11:12 - 2012-04-13 11:12 - 00019968 _____ () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2012-03-08 16:56 - 2012-03-08 16:56 - 00510464 _____ () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2012-07-27 14:59 - 2012-07-27 14:59 - 00061952 _____ () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2012-10-09 15:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2013 10:16:41 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/08/2013 00:16:58 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/07/2013 11:37:34 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/07/2013 10:54:10 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/07/2013 09:19:21 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/07/2013 02:47:39 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/07/2013 11:54:52 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/06/2013 10:00:41 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/06/2013 10:21:01 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/06/2013 00:52:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (12/08/2013 10:23:31 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
%%1056
 
Error: (12/08/2013 10:22:01 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (12/08/2013 10:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (12/08/2013 10:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/08/2013 10:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/08/2013 10:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/08/2013 10:21:31 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/08/2013 10:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/08/2013 10:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Blackberry Device Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/08/2013 10:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 3494.4 MB
Available physical RAM: 2155.75 MB
Total Pagefile: 6987.09 MB
Available Pagefile: 5584 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.78 GB) (Free:107.27 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:154.91 GB) NTFS
Drive f: (GERALD) (Removable) (Total:3.75 GB) (Free:0.66 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 46143497)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
 
==================== End Of Log ============================


#8 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 December 2013 - 10:11 PM

Oh, okay. Deleted already.

 

############################## | UsbFix V 7.152 | [Research]
 
User: User's files (Administrator) # USERSFILES-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 11:09:53 | 08/12/2013
 
 
PC: Intel Corporation (DH61WW)
CPU: Intel® Core™ i3-2120 CPU @ 3.30GHz
RAM -> [Total : 3494 | Free : 1964]
Bios: Intel Corp.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 19.0.2
WB: Safari : 534.57.2
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (107 Mb free - 46%) [] # NTFS
D:\ -> Fixed drive # 233 Gb (171 Mb free - 74%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (671 Mb free - 17%) [GERALD] # FAT32
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID: 444 |ParentID: 368)
C:\Windows\system32\wininit.exe (ID: 496 |ParentID: 368)
C:\Windows\system32\csrss.exe (ID: 504 |ParentID: 488)
C:\Windows\system32\services.exe (ID: 556 |ParentID: 496)
C:\Windows\system32\lsass.exe (ID: 564 |ParentID: 496)
C:\Windows\system32\lsm.exe (ID: 572 |ParentID: 496)
C:\Windows\system32\winlogon.exe (ID: 604 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 712 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 796 |ParentID: 556)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 864 |ParentID: 556)
C:\Windows\System32\svchost.exe (ID: 956 |ParentID: 556)
C:\Windows\System32\svchost.exe (ID: 988 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 1016 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 1220 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 1388 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 1680 |ParentID: 556)
C:\Windows\system32\Dwm.exe (ID: 2012 |ParentID: 988)
C:\Windows\system32\svchost.exe (ID: 1452 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 2064 |ParentID: 556)
C:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 2432 |ParentID: 556)
C:\Windows\system32\svchost.exe (ID: 3736 |ParentID: 556)
C:\Windows\System32\svchost.exe (ID: 3856 |ParentID: 556)
C:\Windows\System32\rundll32.exe (ID: 5244 |ParentID: 712)
C:\Windows\System32\WUDFHost.exe (ID: 2804 |ParentID: 988)
C:\Windows\system32\sppsvc.exe (ID: 2828 |ParentID: 556)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 4864 |ParentID: 556)
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID: 5688 |ParentID: 556)
C:\Windows\system32\SearchIndexer.exe (ID: 4832 |ParentID: 556)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 6124 |ParentID: 4864)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 460 |ParentID: 556)
C:\Windows\System32\spoolsv.exe (ID: 3324 |ParentID: 556)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 6052 |ParentID: 556)
C:\Windows\Explorer.exe (ID: 1988 |ParentID: 3608)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5844 |ParentID: 1988)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5888 |ParentID: 5844)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3560 |ParentID: 5844)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4536 |ParentID: 5844)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3700 |ParentID: 5844)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 492 |ParentID: 5844)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1316 |ParentID: 5844)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1568 |ParentID: 5844)
C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2312 |ParentID: 5844)
C:\Users\User's files\Desktop\FRST.exe (ID: 884 |ParentID: 5980)
C:\Windows\system32\notepad.exe (ID: 5296 |ParentID: 884)
C:\Windows\system32\AUDIODG.EXE (ID: 5144 |ParentID: 956)
C:\UsbFix\Go.exe (ID: 4164 |ParentID: 3924)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4144 |ParentID: 712)
 
################## | ByPass |
 
Stopped! C:\Windows\system32\notepad.exe (ID: 5296 |ParentID: 884)
Stopped! C:\Users\User's files\Desktop\FRST.exe (ID: 884 |ParentID: 5980 )
 
################## | Regedit Run |
 
04 - HKLM\SOFTWARE | Run : [USB Security] - C:\Program Files\USB Disk Security\USBGuard.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [] - 
04 - HKLM\SOFTWARE | Run : [UX Launcher] - C:\Program Files\UX Pack\uxlaunch.exe
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [DownloadAccelerator] - "C:\Program Files\DAP\DAP.EXE" /STARTUP
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Messenger (Yahoo!)] - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [GarenaPlus] - "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Google Update] - "C:\Users\User's files\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Rim.DesktopHelper.exe] - "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Steam] - "C:\Program Files\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Found ! D:\ArcInstall_v20130810a.exe
Found ! D:\DNClientVer101_20130716.exe
Found ! D:\FLv19_TOR_setup.exe
Found ! D:\ROEP25setup.exe
Found ! D:\Union Ragnarok Online (CursorLock).lnk
Found ! F:\MANAGEMENT CONTROL SYSTEM.lnk
Found ! F:\hospitality info tech by pearson.lnk
Found ! F:\instruction.lnk
Found ! F:\RESUME.lnk
Found ! F:\RESUME 2.lnk
Found ! F:\Vids .lnk
Found ! F:\Pics .lnk
Found ! F:\Thumbs.lnk
Found ! F:\Thumbs   .lnk
Found ! F:\_ .lnk
Found ! F:\Pics.lnk
Found ! F:\Vids.lnk
Found ! F:\_.lnk
Found ! C:\Users\USER'S~1\AppData\Local\Temp\uttD688.tmp.exe
 
################## | Registry |
 
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |


#9 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 December 2013 - 10:14 PM

############################## | UsbFix V 7.152 | [Listing]
 
User: User's files (Administrator) # USERSFILES-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 11:14:05 | 08/12/2013
 
 
PC: Intel Corporation (DH61WW)
CPU: Intel® Core™ i3-2120 CPU @ 3.30GHz
RAM -> [Total : 3494 | Free : 2250]
Bios: Intel Corp.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 19.0.2
WB: Safari : 534.57.2
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (107 Mb free - 46%) [] # NTFS
D:\ -> Fixed drive # 233 Gb (171 Mb free - 74%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (671 Mb free - 17%) [GERALD] # FAT32
 
################## | Listing |
 
[09/10/2012 - 15:16:49 | SHD ] C:\$Recycle.Bin
[08/10/2013 - 08:40:00 | HD ] C:\ArcTemp
[11/06/2009 - 05:42:20 | A | 24] C:\autoexec.bat
[23/10/2013 - 09:02:41 | D ] C:\CherryDeGames
[11/06/2009 - 05:42:20 | A | 10] C:\config.sys
[14/07/2009 - 12:53:55 | SHD ] C:\Documents and Settings
[06/02/2013 - 01:33:02 | D ] C:\Fraps
[08/12/2013 - 10:34:35 | D ] C:\FRST
[09/10/2012 - 23:58:42 | D ] C:\GarenaDownload
[05/01/2013 - 09:23:21 | D ] C:\gravity
[08/12/2013 - 10:16:28 | ASH | 2748108800] C:\hiberfil.sys
[09/10/2012 - 15:19:44 | D ] C:\Intel
[06/04/2013 - 02:26:32 | D ] C:\Level Up Games
[09/10/2012 - 15:38:32 | RHD ] C:\MSOCache
[08/12/2013 - 10:16:31 | ASH | 3664146432] C:\pagefile.sys
[14/07/2009 - 10:37:05 | D ] C:\PerfLogs
[05/01/2013 - 09:12:44 | D ] C:\PlayPark
[10/10/2012 - 23:24:09 | D ] C:\Process Monitor
[21/11/2013 - 14:09:09 | RD ] C:\Program Files
[21/11/2013 - 14:09:08 | HD ] C:\ProgramData
[09/10/2012 - 15:20:33 | A | 206] C:\Realtek.log
[09/10/2012 - 15:16:35 | SHD ] C:\Recovery
[09/10/2012 - 15:20:33 | A | 2073] C:\RHDSetup.log
[07/12/2013 - 23:49:53 | SHD ] C:\System Volume Information
[09/10/2012 - 15:28:54 | D ] C:\TempEI4
[08/12/2013 - 11:14:06 | D ] C:\UsbFix
[08/12/2013 - 00:03:20 | A | 7022] C:\UsbFix [Listing 1 ] USERSFILES-PC.txt
[08/12/2013 - 00:04:05 | A | 7100] C:\UsbFix [Listing 2 ] USERSFILES-PC.txt
[08/12/2013 - 00:04:35 | A | 8343] C:\UsbFix [Listing 3 ] USERSFILES-PC.txt
[08/12/2013 - 10:29:34 | A | 8610] C:\UsbFix [Listing 4 ] USERSFILES-PC.txt
[08/12/2013 - 11:13:10 | A | 8640] C:\UsbFix [Listing 5 ] USERSFILES-PC.txt
[08/12/2013 - 11:14:06 | A | 2840] C:\UsbFix [Listing 6 ] USERSFILES-PC.txt
[07/12/2013 - 23:41:26 | A | 10188] C:\UsbFix [Scan 1] USERSFILES-PC.txt
[07/12/2013 - 23:42:40 | A | 7022] C:\UsbFix [Scan 2] USERSFILES-PC.txt
[08/12/2013 - 00:25:18 | A | 10526] C:\UsbFix [Scan 3] USERSFILES-PC.txt
[08/12/2013 - 10:23:08 | A | 10560] C:\UsbFix [Scan 4] USERSFILES-PC.txt
[08/12/2013 - 11:10:34 | A | 8751] C:\UsbFix [Scan 5] USERSFILES-PC.txt
[09/10/2012 - 15:16:40 | RD ] C:\Users
[08/12/2013 - 00:05:45 | D ] C:\Windows
[09/10/2012 - 15:57:19 | SHD ] D:\$RECYCLE.BIN
[23/10/2013 - 01:03:08 | A | 111971450] D:\54303.flv
[25/04/2013 - 09:54:14 | A | 1298117] D:\Acknowledgement.docx
[20/05/2013 - 08:51:51 | A | 67994631] D:\Amateur porn with a young slut.mp4
[07/10/2013 - 23:59:14 | A | 8673680] D:\ArcInstall_v20130810a.exe
[25/04/2013 - 10:23:48 | A | 231770] D:\cert.jpg
[24/04/2013 - 21:53:21 | A | 43156] D:\claw1.docx
[23/04/2013 - 15:26:53 | A | 2103594] D:\claw2.docx
[25/04/2013 - 10:11:18 | A | 10966] D:\Cover.docx
[12/02/2013 - 01:21:38 | D ] D:\Culinary Etc
[23/10/2013 - 08:15:41 | RA | 3825990599] D:\DNClientVer101_20130716.exe
[06/03/2013 - 02:40:56 | D ] D:\Dr.Seuss.The.Lorax.2012.DVDRip.LiNE.XviD.AC3.HQ.Hive-CM8
[22/11/2013 - 12:53:31 | D ] D:\Dragnest
[22/11/2013 - 12:43:54 | RA | 4286517146] D:\DragnestFullSetupVer106.zip
[25/04/2013 - 10:53:15 | A | 465193] D:\eval1.jpg
[25/04/2013 - 10:57:06 | A | 510213] D:\eval2.jpg
[06/04/2013 - 02:17:51 | A | 1054173258] D:\FLv19_TOR_setup.exe
[25/03/2013 - 03:16:05 | A | 10827510] D:\Franco Reyes - Blame.flv
[10/03/2013 - 03:56:02 | D ] D:\Ice Age 4 Continental Drift (2012) [1080p]
[14/06/2013 - 08:24:53 | A | 89928] D:\id.jpg
[01/01/2013 - 01:38:43 | D ] D:\iPod Photo Cache
[29/08/2013 - 13:49:47 | D ] D:\Iron Man 3 (2013) [1080p]
[29/08/2013 - 15:50:53 | A | 700593354] D:\Iron.Man.3.2013.1080p.BluRay.x264.YIFY.avi
[23/06/2013 - 02:33:41 | A | 1242173] D:\J2BKfRRHTqMg.128.mp3.dap
[27/05/2013 - 00:25:03 | A | 130322334] D:\League of Legends Cinematic_ A Twist of Fate.mp4
[25/06/2013 - 07:23:10 | D ] D:\Leanna Decker
[22/08/2013 - 03:46:00 | A | 268481] D:\LiAoi 20130808.jpg
[14/08/2013 - 03:11:10 | A | 76877078] D:\LiAoi 20130808.mp4
[07/11/2013 - 08:39:38 | A | 77145686] D:\LiAoi-20130808.rar
[12/11/2013 - 14:44:44 | A | 458] D:\Local Disk © - Shortcut.lnk
[22/05/2013 - 22:02:03 | D ] D:\movies
[05/12/2013 - 15:08:20 | A | 14921] D:\mp.jpg
[06/02/2013 - 01:50:16 | HD ] D:\msdownld.tmp
[06/12/2013 - 06:10:08 | D ] D:\music
[13/04/2013 - 08:58:18 | N | 1368274] D:\new orleans practicum.pdf
[25/04/2013 - 10:07:12 | A | 21896203] D:\OJT Docu.docx
[25/04/2013 - 08:39:48 | A | 123185] D:\Org chart.jpg
[22/05/2013 - 22:02:23 | D ] D:\pics
[21/02/2013 - 04:01:51 | A | 6288559] D:\Premiere vixens 3D.zip
[27/05/2013 - 04:50:02 | A | 99049057] D:\putapepe eyes 4Nia.mp4
[06/06/2013 - 09:26:22 | A | 574075] D:\ret1.jpg
[06/06/2013 - 09:27:47 | A | 232829] D:\ret2.jpg
[23/06/2013 - 02:33:35 | A | 3096240] D:\rJHpo658pDf8.128.mp3.dap
[05/12/2012 - 02:49:40 | A | 1669307084] D:\ROEP25setup.exe
[18/01/2013 - 01:11:22 | A | 0] D:\rpe_log.log
[17/04/2013 - 02:40:59 | A | 75959628] D:\Sachie_Sanders_-_VIVA_HB_GONE_WILD__2007_.wmv
[19/06/2013 - 15:00:11 | A | 96196560] D:\slut wife.wmv
[19/06/2013 - 14:47:51 | A | 84151] D:\slutwife.wmv#
[16/03/2013 - 03:05:15 | D ] D:\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
[22/05/2013 - 22:10:31 | A | 16105101] D:\Sora Aoi.mp4
[14/04/2013 - 03:20:08 | D ] D:\Step Up Revolution (2012) [1080p]
[22/03/2013 - 02:46:32 | D ] D:\Strat
[09/10/2012 - 15:55:58 | SHD ] D:\System Volume Information
[13/04/2013 - 08:58:16 | N | 191658] D:\table of contents.pdf
[02/03/2013 - 02:04:10 | D ] D:\Taken 2 (2012) [1080p]
[01/03/2013 - 01:37:28 | D ] D:\Ted 2012 [R6 movie]
[03/03/2013 - 05:10:31 | D ] D:\The Avengers (2012)
[28/08/2013 - 22:13:43 | D ] D:\The Conjuring 2013 R6 WEBRiP XviD-Acesan8s
[06/03/2013 - 04:30:29 | D ] D:\The Hunger Games (2012)
[25/04/2013 - 10:25:28 | A | 579980] D:\time1.jpg
[25/04/2013 - 10:26:58 | A | 607299] D:\time2.jpg
[25/04/2013 - 10:35:38 | A | 167047] D:\time3.jpg
[25/04/2013 - 10:07:50 | A | 1299331] D:\title page.docx
[05/12/2013 - 23:15:50 | D ] D:\Torrent
[16/01/2013 - 16:31:14 | A | 1140] D:\Union Ragnarok Online (CursorLock).lnk
[12/11/2013 - 15:26:35 | D ] D:\Verniece Enciso
[23/11/2013 - 02:29:57 | D ] D:\VRO
[01/03/2013 - 03:57:17 | D ] D:\Wreck-It Ralph (2012) [1080p]
[22/05/2013 - 22:29:27 | A | 15540504] D:\YouPorn - sora aoi nice.mp4
[31/07/2012 - 00:14:28 | HD ] F:\Vids
[24/01/2013 - 14:53:18 | SH | 875520] F:\MANAGEMENT CONTROL SYSTEM.ppt
[21/11/2011 - 22:36:48 | SH | 655360] F:\hospitality info tech by pearson.ppt
[02/02/2013 - 09:06:32 | SH | 27136] F:\instruction.doc
[04/12/2013 - 16:07:12 | SH | 132688] F:\RESUME.docx
[05/12/2013 - 15:23:48 | SH | 140636] F:\RESUME 2.docx
[05/12/2013 - 16:46:32 | HD ] F:\_
[05/12/2013 - 16:56:08 | A | 1646] F:\MANAGEMENT CONTROL SYSTEM.lnk
[05/12/2013 - 16:56:08 | A | 1668] F:\hospitality info tech by pearson.lnk
[05/12/2013 - 16:56:08 | A | 1614] F:\instruction.lnk
[05/12/2013 - 16:56:08 | A | 1606] F:\RESUME.lnk
[05/12/2013 - 16:56:08 | A | 1614] F:\RESUME 2.lnk
[05/12/2013 - 16:56:08 | A | 1606] F:\Vids .lnk
[05/12/2013 - 16:56:08 | A | 1606] F:\Pics .lnk
[05/12/2013 - 16:56:08 | A | 738] F:\Thumbs.lnk
[05/12/2013 - 16:56:08 | A | 712] F:\Thumbs   .lnk
[05/12/2013 - 16:56:08 | A | 734] F:\_ .lnk
[05/12/2013 - 16:56:08 | A | 690] F:\Pics.lnk
[05/12/2013 - 16:56:08 | A | 744] F:\Vids.lnk
[05/12/2013 - 16:56:08 | A | 738] F:\_.lnk
 
################## | E.O.F |


#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:47 PM

Posted 07 December 2013 - 11:51 PM

:step1: Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the Desktop, and name it: fixlist.txt


start
HKLM\...\Run: [] - [x]
HKLM\...\Runonce: [] - [x]
HKCU\...\Winlogon: [Shell] expstart.exe <==== ATTENTION 
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 C:\Users\User's files\AppData\Local\Temp\AutoUI.exe
C:\Users\User's files\AppData\Local\Temp\avguidx.dll
C:\Users\User's files\AppData\Local\Temp\cabex.dll
C:\Users\User's files\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User's files\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\User's files\AppData\Local\Temp\GUninstaller.exe
C:\Users\User's files\AppData\Local\Temp\install_reader10_en_mssd_aih.exe
C:\Users\User's files\AppData\Local\Temp\install_reader11_en_mssd_aih.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\User's files\AppData\Local\Temp\oi_{B42980EF-19C1-4AB3-B333-CAD541CE137F}.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062200.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062301.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062401.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062402.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062500.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062600.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062700.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062800.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062901.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063000.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063100.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063301.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063400.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063500.exe
C:\Users\User's files\AppData\Local\Temp\PH173_patch_121213to121219.exe
C:\Users\User's files\AppData\Local\Temp\PH303_patch_130221to130307.exe
C:\Users\User's files\AppData\Local\Temp\PH305_balance_patch_130404to130412.exe
C:\Users\User's files\AppData\Local\Temp\PH305_patch_130322to130404.exe
C:\Users\User's files\AppData\Local\Temp\PH_130513to130522_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_130608to130717_309v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_130717to130718_309v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_130802to130827_310_hotfix.exe
C:\Users\User's files\AppData\Local\Temp\PH_130913to131016_312.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_hotfix_130503to130504.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_hotfix_130504to130513.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_patch_130412to130503.exe
C:\Users\User's files\AppData\Local\Temp\PH_308_130606to130618v4.exe
C:\Users\User's files\AppData\Local\Temp\PH_310_130718to130802.exe
C:\Users\User's files\AppData\Local\Temp\PH_311_130827to130911_3.exe
C:\Users\User's files\AppData\Local\Temp\PH_311_130911to130913.exe
C:\Users\User's files\AppData\Local\Temp\PH_313hotfix_131104to131114.exe
C:\Users\User's files\AppData\Local\Temp\PH_313_131016to131104v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_hotfix_130522to130529_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_hotfix_130529to130606_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch304_130307to130321.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch304_130321to130322.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_120924to121031.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121115to121213_172_2.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121219to121221_hotfix.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121221to130124_174.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_130124to130221v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_171_121031to121115.exe
C:\Users\User's files\AppData\Local\Temp\RunWizards.exe
C:\Users\User's files\AppData\Local\Temp\svd_dap.exe
C:\Users\User's files\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\User's files\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\User's files\AppData\Local\Temp\tbedrs.dll
C:\Users\User's files\AppData\Local\Temp\uninst1.exe
C:\Users\User's files\AppData\Local\Temp\uttD688.tmp.exe
C:\Users\User's files\AppData\Local\Temp\vcredist_x86.exe
C:\Users\User's files\AppData\Local\Temp\zbqciscz.exe
 End
Once again, double-click FRST to run it.
When the tool opens click Yes to disclaimer.

Press the Fix button just once, and wait.

When done, FRST produces Fixlog.txt on the Desktop.
>> Please provide the Fixlog.txt on your reply.


:step2: Now, please run USBFix once again

Press: Deletion

When done, the program closes on its own, and a report appears.

>> Please post the UsbFix.txt (Deletion) report in your reply.

Note: As before, if your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program.


Check your USB drive, and post back on how it looks now.

Edited by Aaflac, 07 December 2013 - 11:52 PM.

Old duck...


#11 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 08 December 2013 - 12:19 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-12-2013 01
Ran by User's files at 2013-12-08 13:19:12 Run:2
Running from C:\Users\User's files\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [] - [x]
HKLM\...\Runonce: [] - [x]
HKCU\...\Winlogon: [Shell] expstart.exe <==== ATTENTION 
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 C:\Users\User's files\AppData\Local\Temp\AutoUI.exe
C:\Users\User's files\AppData\Local\Temp\avguidx.dll
C:\Users\User's files\AppData\Local\Temp\cabex.dll
C:\Users\User's files\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User's files\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\User's files\AppData\Local\Temp\GUninstaller.exe
C:\Users\User's files\AppData\Local\Temp\install_reader10_en_mssd_aih.exe
C:\Users\User's files\AppData\Local\Temp\install_reader11_en_mssd_aih.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User's files\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\User's files\AppData\Local\Temp\oi_{B42980EF-19C1-4AB3-B333-CAD541CE137F}.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062200.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062301.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062401.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062402.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062500.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062600.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062700.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062800.exe
C:\Users\User's files\AppData\Local\Temp\patch_2062901.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063000.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063100.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063301.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063400.exe
C:\Users\User's files\AppData\Local\Temp\patch_2063500.exe
C:\Users\User's files\AppData\Local\Temp\PH173_patch_121213to121219.exe
C:\Users\User's files\AppData\Local\Temp\PH303_patch_130221to130307.exe
C:\Users\User's files\AppData\Local\Temp\PH305_balance_patch_130404to130412.exe
C:\Users\User's files\AppData\Local\Temp\PH305_patch_130322to130404.exe
C:\Users\User's files\AppData\Local\Temp\PH_130513to130522_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_130608to130717_309v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_130717to130718_309v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_130802to130827_310_hotfix.exe
C:\Users\User's files\AppData\Local\Temp\PH_130913to131016_312.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_hotfix_130503to130504.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_hotfix_130504to130513.exe
C:\Users\User's files\AppData\Local\Temp\PH_306_patch_130412to130503.exe
C:\Users\User's files\AppData\Local\Temp\PH_308_130606to130618v4.exe
C:\Users\User's files\AppData\Local\Temp\PH_310_130718to130802.exe
C:\Users\User's files\AppData\Local\Temp\PH_311_130827to130911_3.exe
C:\Users\User's files\AppData\Local\Temp\PH_311_130911to130913.exe
C:\Users\User's files\AppData\Local\Temp\PH_313hotfix_131104to131114.exe
C:\Users\User's files\AppData\Local\Temp\PH_313_131016to131104v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_hotfix_130522to130529_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_hotfix_130529to130606_307.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch304_130307to130321.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch304_130321to130322.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_120924to121031.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121115to121213_172_2.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121219to121221_hotfix.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_121221to130124_174.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_130124to130221v2.exe
C:\Users\User's files\AppData\Local\Temp\PH_patch_171_121031to121115.exe
C:\Users\User's files\AppData\Local\Temp\RunWizards.exe
C:\Users\User's files\AppData\Local\Temp\svd_dap.exe
C:\Users\User's files\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\User's files\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\User's files\AppData\Local\Temp\tbedrs.dll
C:\Users\User's files\AppData\Local\Temp\uninst1.exe
C:\Users\User's files\AppData\Local\Temp\uttD688.tmp.exe
C:\Users\User's files\AppData\Local\Temp\vcredist_x86.exe
C:\Users\User's files\AppData\Local\Temp\zbqciscz.exe
 End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Users\User's files\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\drm_dialogs.dll => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\GUninstaller.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\install_reader10_en_mssd_aih.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\install_reader11_en_mssd_aih.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\oi_{B42980EF-19C1-4AB3-B333-CAD541CE137F}.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062200.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062301.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062401.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062402.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062500.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062600.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062700.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062800.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2062901.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2063000.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2063100.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2063301.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2063400.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\patch_2063500.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH173_patch_121213to121219.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH303_patch_130221to130307.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH305_balance_patch_130404to130412.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH305_patch_130322to130404.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_130513to130522_307.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_130608to130717_309v2.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_130717to130718_309v2.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_130802to130827_310_hotfix.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_130913to131016_312.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_306_hotfix_130503to130504.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_306_hotfix_130504to130513.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_306_patch_130412to130503.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_308_130606to130618v4.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_310_130718to130802.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_311_130827to130911_3.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_311_130911to130913.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_313hotfix_131104to131114.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_313_131016to131104v2.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_hotfix_130522to130529_307.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_hotfix_130529to130606_307.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_patch304_130307to130321.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_patch304_130321to130322.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_patch_120924to121031.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_patch_121115to121213_172_2.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_patch_121219to121221_hotfix.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_patch_121221to130124_174.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_patch_130124to130221v2.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\PH_patch_171_121031to121115.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\RunWizards.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\svd_dap.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\tbedrs.dll => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\uttD688.tmp.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\User's files\AppData\Local\Temp\zbqciscz.exe => Moved successfully.
 
==== End of Fixlog ====


#12 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 08 December 2013 - 12:27 AM

############################## | UsbFix V 7.152 | [Deletion]
 
User: User's files (Administrator) # USERSFILES-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 13:20:08 | 08/12/2013
 
 
PC: Intel Corporation (DH61WW)
CPU: Intel® Core™ i3-2120 CPU @ 3.30GHz
RAM -> [Total : 3494 | Free : 1869]
Bios: Intel Corp.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 19.0.2
WB: Safari : 534.57.2
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (107 Mb free - 46%) [] # NTFS
D:\ -> Fixed drive # 233 Gb (171 Mb free - 74%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (671 Mb free - 17%) [GERALD] # FAT32
 
################## | Stopped processes |
 
Stopped! C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 860 |ParentID: 556)
Stopped! C:\Windows\UnsignedThemesSvc.exe (ID: 1056 |ParentID: 556)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 1644 |ParentID: 556)
Stopped! C:\Windows\system32\taskhost.exe (ID: 1772 |ParentID: 556)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1928 |ParentID: 556)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2024 |ParentID: 556)
Stopped! C:\Windows\Explorer.EXE (ID: 2044 |ParentID: 1988)
Stopped! C:\Windows\system32\taskeng.exe (ID: 460 |ParentID: 1020)
Stopped! C:\Windows\system32\taskeng.exe (ID: 672 |ParentID: 1020)
Stopped! C:\Program Files\Garena Plus\ggdllhost.exe (ID: 1120 |ParentID: 672)
Stopped! C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe (ID: 1496 |ParentID: 556)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1516 |ParentID: 556)
Stopped! C:\Windows\system32\IProsetMonitor.exe (ID: 1712 |ParentID: 556)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1548 |ParentID: 556)
Stopped! C:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 2148 |ParentID: 556)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 2248 |ParentID: 556)
Stopped! C:\Program Files\USB Disk Security\USBGuard.exe (ID: 2700 |ParentID: 2044)
Stopped! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 2824 |ParentID: 2044)
Stopped! C:\Windows\System32\igfxpers.exe (ID: 2856 |ParentID: 2044)
Stopped! C:\Windows\System32\hkcmd.exe (ID: 2876 |ParentID: 2044)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 2884 |ParentID: 2044)
Stopped! C:\Program Files\HP\HP Software Update\hpwuschd2.exe (ID: 3004 |ParentID: 2044)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3580 |ParentID: 556)
Stopped! C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ID: 3792 |ParentID: 2044)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3808 |ParentID: 2044)
Stopped! C:\Program Files\Microsoft Security Client\msseces.exe (ID: 3824 |ParentID: 2044)
Stopped! C:\Program Files\iTunes\iTunesHelper.exe (ID: 3840 |ParentID: 2044)
Stopped! C:\Program Files\DAP\DAP.exe (ID: 3852 |ParentID: 2044)
Stopped! C:\Program Files\Garena Plus\GarenaMessenger.exe (ID: 3988 |ParentID: 2044)
Stopped! C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (ID: 2064 |ParentID: 556)
Stopped! C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe (ID: 2748 |ParentID: 2044)
Stopped! C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3680 |ParentID: 2044)
Stopped! C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 3576 |ParentID: 2044)
Stopped! C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3648 |ParentID: 3680)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (ID: 3804 |ParentID: 556)
Stopped! C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2956 |ParentID: 3680)
Stopped! C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4880 |ParentID: 3680)
Stopped! C:\Windows\system32\DllHost.exe (ID: 5180 |ParentID: 716)
Stopped! C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5524 |ParentID: 3680)
Stopped! C:\Users\User's files\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5816 |ParentID: 3680)
Stopped! C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID: 5436 |ParentID: 556)
Stopped! C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID: 5164 |ParentID: 556)
Stopped! C:\Windows\System32\WUDFHost.exe (ID: 2556 |ParentID: 992)
Stopped! C:\Windows\system32\wuauclt.exe (ID: 3596 |ParentID: 1020)
 
################## | Regedit Run |
 
04 - HKLM\SOFTWARE | Run : [USB Security] - C:\Program Files\USB Disk Security\USBGuard.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [UX Launcher] - C:\Program Files\UX Pack\uxlaunch.exe
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [DownloadAccelerator] - "C:\Program Files\DAP\DAP.EXE" /STARTUP
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Messenger (Yahoo!)] - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [GarenaPlus] - "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Google Update] - "C:\Users\User's files\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Rim.DesktopHelper.exe] - "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [Steam] - "C:\Program Files\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2917163984-75659229-3925815574-1000\SOFTWARE | Run : [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Deleted ! D:\ArcInstall_v20130810a.exe
Deleted ! D:\DNClientVer101_20130716.exe
Deleted ! D:\FLv19_TOR_setup.exe
Deleted ! D:\ROEP25setup.exe
Deleted ! D:\Union Ragnarok Online (CursorLock).lnk
Deleted ! F:\MANAGEMENT CONTROL SYSTEM.lnk
Deleted ! F:\hospitality info tech by pearson.lnk
Deleted ! F:\instruction.lnk
Deleted ! F:\RESUME.lnk
Deleted ! F:\RESUME 2.lnk
Deleted ! F:\Vids .lnk
Deleted ! F:\Pics .lnk
Deleted ! F:\Thumbs.lnk
Deleted ! F:\Thumbs   .lnk
Deleted ! F:\_ .lnk
Deleted ! F:\Pics.lnk
Deleted ! F:\Vids.lnk
Deleted ! F:\_.lnk
 
(!) Temporary files deleted.
 
################## | Registry |
 
 
################## | Listing |
 
[09/10/2012 - 15:16:49 | SHD ] C:\$Recycle.Bin
[08/10/2013 - 08:40:00 | D ] C:\ArcTemp
[11/06/2009 - 05:42:20 | N | 24] C:\autoexec.bat
[23/10/2013 - 09:02:41 | D ] C:\CherryDeGames
[11/06/2009 - 05:42:20 | N | 10] C:\config.sys
[14/07/2009 - 12:53:55 | SHD ] C:\Documents and Settings
[06/02/2013 - 01:33:02 | D ] C:\Fraps
[08/12/2013 - 10:34:35 | D ] C:\FRST
[09/10/2012 - 23:58:42 | D ] C:\GarenaDownload
[05/01/2013 - 09:23:21 | D ] C:\gravity
[08/12/2013 - 13:15:02 | ASH | 2748108800] C:\hiberfil.sys
[09/10/2012 - 15:19:44 | D ] C:\Intel
[06/04/2013 - 02:26:32 | D ] C:\Level Up Games
[09/10/2012 - 15:38:32 | RHD ] C:\MSOCache
[08/12/2013 - 13:15:04 | ASH | 3664146432] C:\pagefile.sys
[14/07/2009 - 10:37:05 | D ] C:\PerfLogs
[05/01/2013 - 09:12:44 | D ] C:\PlayPark
[10/10/2012 - 23:24:09 | D ] C:\Process Monitor
[21/11/2013 - 14:09:09 | D ] C:\Program Files
[21/11/2013 - 14:09:08 | HD ] C:\ProgramData
[09/10/2012 - 15:20:33 | N | 206] C:\Realtek.log
[09/10/2012 - 15:16:35 | SHD ] C:\Recovery
[09/10/2012 - 15:20:33 | N | 2073] C:\RHDSetup.log
[07/12/2013 - 23:49:53 | SHD ] C:\System Volume Information
[09/10/2012 - 15:28:54 | D ] C:\TempEI4
[08/12/2013 - 13:21:48 | D ] C:\UsbFix
[08/12/2013 - 13:25:48 | A | 10216] C:\UsbFix [Clean 1] USERSFILES-PC.txt
[08/12/2013 - 00:03:20 | N | 7022] C:\UsbFix [Listing 1 ] USERSFILES-PC.txt
[08/12/2013 - 00:04:05 | N | 7100] C:\UsbFix [Listing 2 ] USERSFILES-PC.txt
[08/12/2013 - 00:04:35 | N | 8343] C:\UsbFix [Listing 3 ] USERSFILES-PC.txt
[08/12/2013 - 10:29:34 | N | 8610] C:\UsbFix [Listing 4 ] USERSFILES-PC.txt
[08/12/2013 - 11:13:10 | N | 8640] C:\UsbFix [Listing 5 ] USERSFILES-PC.txt
[08/12/2013 - 11:14:07 | N | 8650] C:\UsbFix [Listing 6 ] USERSFILES-PC.txt
[07/12/2013 - 23:41:26 | N | 10188] C:\UsbFix [Scan 1] USERSFILES-PC.txt
[07/12/2013 - 23:42:40 | N | 7022] C:\UsbFix [Scan 2] USERSFILES-PC.txt
[08/12/2013 - 00:25:18 | N | 10526] C:\UsbFix [Scan 3] USERSFILES-PC.txt
[08/12/2013 - 10:23:08 | N | 10560] C:\UsbFix [Scan 4] USERSFILES-PC.txt
[08/12/2013 - 11:10:34 | N | 8751] C:\UsbFix [Scan 5] USERSFILES-PC.txt
[09/10/2012 - 15:16:40 | RD ] C:\Users
[08/12/2013 - 00:05:45 | D ] C:\Windows
[09/10/2012 - 15:57:19 | SHD ] D:\$RECYCLE.BIN
[23/10/2013 - 01:03:08 | N | 111971450] D:\54303.flv
[25/04/2013 - 09:54:14 | N | 1298117] D:\Acknowledgement.docx
[20/05/2013 - 08:51:51 | N | 67994631] D:\Amateur porn with a young slut.mp4
[25/04/2013 - 10:23:48 | N | 231770] D:\cert.jpg
[24/04/2013 - 21:53:21 | N | 43156] D:\claw1.docx
[23/04/2013 - 15:26:53 | N | 2103594] D:\claw2.docx
[25/04/2013 - 10:11:18 | N | 10966] D:\Cover.docx
[12/02/2013 - 01:21:38 | D ] D:\Culinary Etc
[06/03/2013 - 02:40:56 | D ] D:\Dr.Seuss.The.Lorax.2012.DVDRip.LiNE.XviD.AC3.HQ.Hive-CM8
[22/11/2013 - 12:53:31 | D ] D:\Dragnest
[22/11/2013 - 12:43:54 | N | 4286517146] D:\DragnestFullSetupVer106.zip
[25/04/2013 - 10:53:15 | N | 465193] D:\eval1.jpg
[25/04/2013 - 10:57:06 | N | 510213] D:\eval2.jpg
[25/03/2013 - 03:16:05 | N | 10827510] D:\Franco Reyes - Blame.flv
[10/03/2013 - 03:56:02 | D ] D:\Ice Age 4 Continental Drift (2012) [1080p]
[14/06/2013 - 08:24:53 | N | 89928] D:\id.jpg
[01/01/2013 - 01:38:43 | D ] D:\iPod Photo Cache
[29/08/2013 - 13:49:47 | D ] D:\Iron Man 3 (2013) [1080p]
[29/08/2013 - 15:50:53 | N | 700593354] D:\Iron.Man.3.2013.1080p.BluRay.x264.YIFY.avi
[23/06/2013 - 02:33:41 |  | 1242173] D:\J2BKfRRHTqMg.128.mp3.dap
[27/05/2013 - 00:25:03 | N | 130322334] D:\League of Legends Cinematic_ A Twist of Fate.mp4
[25/06/2013 - 07:23:10 | D ] D:\Leanna Decker
[22/08/2013 - 03:46:00 | N | 268481] D:\LiAoi 20130808.jpg
[14/08/2013 - 03:11:10 | N | 76877078] D:\LiAoi 20130808.mp4
[07/11/2013 - 08:39:38 | N | 77145686] D:\LiAoi-20130808.rar
[12/11/2013 - 14:44:44 | N | 458] D:\Local Disk © - Shortcut.lnk
[22/05/2013 - 22:02:03 | D ] D:\movies
[05/12/2013 - 15:08:20 | N | 14921] D:\mp.jpg
[06/02/2013 - 01:50:16 | D ] D:\msdownld.tmp
[06/12/2013 - 06:10:08 | D ] D:\music
[13/04/2013 - 08:58:18 | N | 1368274] D:\new orleans practicum.pdf
[25/04/2013 - 10:07:12 | N | 21896203] D:\OJT Docu.docx
[25/04/2013 - 08:39:48 | N | 123185] D:\Org chart.jpg
[22/05/2013 - 22:02:23 | D ] D:\pics
[21/02/2013 - 04:01:51 |  | 6288559] D:\Premiere vixens 3D.zip
[27/05/2013 - 04:50:02 | N | 99049057] D:\putapepe eyes 4Nia.mp4
[06/06/2013 - 09:26:22 | N | 574075] D:\ret1.jpg
[06/06/2013 - 09:27:47 | N | 232829] D:\ret2.jpg
[23/06/2013 - 02:33:35 |  | 3096240] D:\rJHpo658pDf8.128.mp3.dap
[18/01/2013 - 01:11:22 | N | 0] D:\rpe_log.log
[17/04/2013 - 02:40:59 | N | 75959628] D:\Sachie_Sanders_-_VIVA_HB_GONE_WILD__2007_.wmv
[19/06/2013 - 15:00:11 |  | 96196560] D:\slut wife.wmv
[19/06/2013 - 14:47:51 | N | 84151] D:\slutwife.wmv#
[16/03/2013 - 03:05:15 | D ] D:\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
[22/05/2013 - 22:10:31 | N | 16105101] D:\Sora Aoi.mp4
[14/04/2013 - 03:20:08 | D ] D:\Step Up Revolution (2012) [1080p]
[22/03/2013 - 02:46:32 | D ] D:\Strat
[09/10/2012 - 15:55:58 | SHD ] D:\System Volume Information
[13/04/2013 - 08:58:16 | N | 191658] D:\table of contents.pdf
[02/03/2013 - 02:04:10 | D ] D:\Taken 2 (2012) [1080p]
[01/03/2013 - 01:37:28 | D ] D:\Ted 2012 [R6 movie]
[03/03/2013 - 05:10:31 | D ] D:\The Avengers (2012)
[28/08/2013 - 22:13:43 | D ] D:\The Conjuring 2013 R6 WEBRiP XviD-Acesan8s
[06/03/2013 - 04:30:29 | D ] D:\The Hunger Games (2012)
[25/04/2013 - 10:25:28 | N | 579980] D:\time1.jpg
[25/04/2013 - 10:26:58 | N | 607299] D:\time2.jpg
[25/04/2013 - 10:35:38 | N | 167047] D:\time3.jpg
[25/04/2013 - 10:07:50 | N | 1299331] D:\title page.docx
[05/12/2013 - 23:15:50 | D ] D:\Torrent
[12/11/2013 - 15:26:35 | D ] D:\Verniece Enciso
[23/11/2013 - 02:29:57 | D ] D:\VRO
[01/03/2013 - 03:57:17 | D ] D:\Wreck-It Ralph (2012) [1080p]
[22/05/2013 - 22:29:27 | N | 15540504] D:\YouPorn - sora aoi nice.mp4
[31/07/2012 - 00:14:28 | D ] F:\Vids
[24/01/2013 - 14:53:18 | N | 875520] F:\MANAGEMENT CONTROL SYSTEM.ppt
[21/11/2011 - 22:36:48 | N | 655360] F:\hospitality info tech by pearson.ppt
[02/02/2013 - 09:06:32 | N | 27136] F:\instruction.doc
[04/12/2013 - 16:07:12 | N | 132688] F:\RESUME.docx
[05/12/2013 - 15:23:48 | N | 140636] F:\RESUME 2.docx
[05/12/2013 - 16:46:32 | D ] F:\_
 
################## | Vaccin |
 
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Edited by geraldsantarin, 08 December 2013 - 12:28 AM.


#13 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 08 December 2013 - 12:30 AM

Well the shortcuts are removed and the almost all the files are not hidden anymore. There is still one left hidden tho :/



#14 geraldsantarin

geraldsantarin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 08 December 2013 - 12:33 AM

Oh nevermind, I made a solution to that. Everything looks normal now on my USB flash drive :) I'm not sure though if my computer is also infected :|



#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:47 PM

Posted 08 December 2013 - 12:45 AM

Let’s focus on both your computer and the pen drives, so have it connected.

 

Please run Malwarebytes Anti-Malware:

Download: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Save to the Desktop

Double-click the downloaded MBAM file to run it.

 

When the installation begins, follow the prompts in the setup process.

DO NOT make any changes to default settings and when the program has finished installing, make sure only the following options are checked:

>Update Malwarebytes’ Anti-Malware

>Launch Malwarebytes’ Anti-Malware

Uncheck:

>Enable free trial of Malwarebytes Anti-Malware PRO

Click on the Finish button.

 

If an update is found, the program automatically updates itself.

At the program console, on the Scanner tab, and select: Perform Full Scan

 

When the Select the Drives to scan prompt appears, make sure all drives (except: CD-Rom/DVD) are selected.

Next, click on the Scan button.

 

When the Malwarebytes scan is completed, click on: Show Results

When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

When removal is completed, a report opens in Notepad.

 

>> Please copy/paste the entire contents of the MBAM report in your reply.

 

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

 

 

Also, please run the ESET Online Scanner

It is implemented as an ActiveX control, so it is best run on Internet Explorer.

Right click the IE shortcut and select: Run as Administrator

 

Next, download: http://www.eset.com/us/online-scanner/

On the ESET website, click on: Run ESET Online Scanner

Click: Start

When asked, allow the add-on to be installed

Click: Start, again

 

On the next prompt, Computer Scan Settings, check: Remove found threats

Next, click on: Advanced Settings

Make sure the following options are checked:

>Scan for potentially unwanted applications

>Scan for potentially unsafe applications

>Enable Anti-Stealth Technology

 

By Current Scan Targets, Operating memory, Local drives, press: Change

In selection of scan targets, Local drives, select the USB drive in question.

Click: OK

Click: Start

Follow the prompts.

 

When the scan completes, if threats are found, in the Scan Results prompt, click on: List of threats found

Click on: Export to text file

Save to the Desktop and name it:  ESET Scan Results

Click on: Back

Place a check on: Uninstall application on close

Click on: Finish, and close the program.

 

>> If anything is found, please provide the ESET report in your reply to determine what further action is necessary.

 


Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users