Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Slow net speed, but ok in speed test


  • This topic is locked This topic is locked
13 replies to this topic

#1 icebloodvs

icebloodvs

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 28 March 2014 - 09:09 PM

DDS logs
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.45.2
Run by Aldrin Domingo at 10:05:49 on 2014-03-29
Microsoft Windows 7 Professional   6.1.7601.1.1252.65.1033.18.8156.4329 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\vmsnap3.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
C:\Users\Aldrin Domingo\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Aldrin Domingo\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Software602\Print2PDF\PrnPack.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\CherryDeGames\Dragon Nest\DragonNest.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\Aldrin Domingo\AppData\Local\Akamai\netsession_win.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [AdobeBridge] <no file>
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [PrintPack dispatcher] "C:\Program Files (x86)\Software602\Print2PDF\PrnPack.exe" /server
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {0f420c1e-9ed6-4da5-8b91-eddde887a1dc} - C:\Windows\SysWOW64\Print602.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6BE9B75D-262E-41AD-A8BB-38B0D7606527} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CDE4DCC1-60AD-49A4-8A05-91BAF9A47614} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\assist~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [VMSnap3] C:\Windows\VMSnap3.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\
FF - prefs.js: Keyword.Enabled - true
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Aldrin Domingo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Aldrin Domingo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\extensions\{73d50225-04ec-4493-93c8-bf88be8dd196}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\extensions\{73d50225-04ec-4493-93c8-bf88be8dd196}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Aldrin Domingo\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - ExtSQL: 2014-02-13 20:52; mozilla_cc@internetdownloadmanager.com; C:\Users\Aldrin Domingo\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2014-02-13 20:57; faqhss@kpab-.net; C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\extensions\faqhss@kpab-.net
FF - ExtSQL: 2014-03-26 21:18; li8eiy@xerjx-.co.uk; C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\extensions\li8eiy@xerjx-.co.uk
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-3-20 203888]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-4-30 21616]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-5 175480]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 701512]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-19 16941856]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-7-25 1326176]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-7-25 681056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-29 411936]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-30 2655768]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-12 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-29 39200]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-30 565352]
S2 1a34a8e0;Install Supporter;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-2-8 108856]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-4-30 25640]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-4-30 30528]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 98688]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-2-8 206136]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 vvftav303;vvftav303;C:\Windows\System32\drivers\vvftav303.sys [2012-5-4 308096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-30 1255736]
S3 ZSMC0303;A4 TECH PC Camera H;C:\Windows\System32\drivers\usbVM303.sys [2012-5-4 1494656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 9\PortraitProfessionalStudio.exe" /P "%1"
.
=============== Created Last 30 ================
.
2014-03-28 22:33:57 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-28 15:24:59 -------- d-----w- C:\Users\Aldrin Domingo\AppData\Roaming\Easeware
2014-03-28 15:24:56 -------- d-----w- C:\Program Files\Easeware
2014-03-28 15:04:35 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42692722-642B-49B5-A426-56CD14908CEB}\mpengine.dll
2014-03-27 15:50:27 -------- d-----w- C:\Windows\System32\catroot2
2014-03-27 15:27:40 -------- d-----w- C:\Program Files (x86)\ESET
2014-03-27 15:26:12 10521840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-27 15:19:22 -------- d-----w- C:\Windows\ERUNT
2014-03-27 15:14:42 -------- d-----w- C:\AdwCleaner
2014-03-27 14:22:54 -------- d-----w- C:\Windows\System32\wbem\repository
2014-03-27 14:22:39 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-03-27 14:19:48 -------- d-----w- C:\RegBackup
2014-03-27 13:41:30 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-03-27 12:31:41 -------- d-----w- C:\ComboFix
2014-03-17 12:40:53 -------- d-----w- C:\Program Files\Sandboxie
2014-03-14 14:28:26 -------- d-----w- C:\Program Files (x86)\RaidCall
2014-03-07 13:19:17 -------- d-----w- C:\ProgramData\CHEapiMe
.
==================== Find3M  ====================
.
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-02-05 09:31:00 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-02-05 09:30:41 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-23 10:31:12 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2014-01-23 10:31:12 330240 ----a-w- C:\Windows\MASetupCaller.dll
2014-01-23 10:31:12 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2014-01-23 10:31:06 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2014-01-23 10:23:16 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-13 15:00:24 2759168 ----a-w- C:\Program Files (x86)\Assistant_x64.dll
2014-01-13 15:00:24 146768 ----a-w- C:\Program Files (x86)\AssistantSvc.dll
2014-01-13 15:00:23 3041792 ----a-w- C:\Program Files (x86)\Assistant.dll
2012-07-12 08:28:44 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
.
============= FINISH: 10:06:10.06 ===============



MOD EDIT: moved CF log from AII topic to here.

http://www.bleepingcomputer.com/forums/t/528972/net-speed-decreased-but-ok-in-speed-test/#entry3331130

 

 

ComboFix 14-03-24.01 - Aldrin Domingo 02/04/2014 5:15.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.65.1033.18.8156.5781 [GMT 8:00]

Running from: c:\users\Aldrin Domingo\Downloads\Programs\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2014-03-01 to 2014-04-01 )))))))))))))))))))))))))))))))

.

.

2014-04-01 21:18 . 2014-04-01 21:18 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-04-01 21:18 . 2014-04-01 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-04-01 11:12 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1A85920-D604-4259-A5CD-ECB08ABFC12D}\mpengine.dll

2014-03-30 21:26 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-03-29 14:17 . 2014-03-29 14:17 -------- d-----w- c:\programdata\IsuaveR

2014-03-28 22:34 . 2014-03-28 22:34 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2014-03-28 22:33 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2014-03-28 22:25 . 2014-03-28 22:27 -------- d-----w- c:\program files (x86)\Google

2014-03-28 15:24 . 2014-03-28 15:24 -------- d-----w- c:\users\Aldrin Domingo\AppData\Roaming\Easeware

2014-03-28 15:24 . 2014-03-28 15:24 -------- d-----w- c:\program files\Easeware

2014-03-27 15:50 . 2014-03-28 22:32 -------- d-----w- c:\windows\system32\catroot2

2014-03-27 15:27 . 2014-03-27 15:27 -------- d-----w- c:\program files (x86)\ESET

2014-03-27 15:19 . 2014-03-27 15:19 -------- d-----w- c:\windows\ERUNT

2014-03-27 15:14 . 2014-03-27 15:15 -------- d-----w- C:\AdwCleaner

2014-03-27 14:22 . 2014-04-01 21:03 -------- d-----w- c:\windows\system32\wbem\repository

2014-03-27 14:22 . 2014-03-27 14:22 -------- d-----w- c:\windows\SysWow64\wbem\Performance

2014-03-27 14:20 . 2014-03-27 14:28 181064 ----a-w- c:\windows\PSEXESVC.EXE

2014-03-27 14:19 . 2014-03-27 14:19 -------- d-----w- C:\RegBackup

2014-03-27 13:41 . 2014-03-27 13:41 -------- d-----w- c:\program files (x86)\Tweaking.com

2014-03-27 12:39 . 2014-03-27 12:39 -------- d-----w- c:\users\UpdatusUser

2014-03-17 12:40 . 2014-03-27 12:47 -------- d-----w- c:\program files\Sandboxie

2014-03-14 14:28 . 2014-03-27 12:47 -------- d-----w- c:\program files (x86)\RaidCall

2014-03-12 21:19 . 2014-03-27 12:47 -------- d-----w- c:\program files\Microsoft Silverlight

2014-03-07 13:19 . 2014-03-27 12:47 -------- d-----w- c:\programdata\CHEapiMe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-04 14:35 . 2013-11-19 13:31 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll

2014-03-04 14:35 . 2012-07-10 13:33 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll

2014-03-04 14:35 . 2012-07-10 13:33 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2014-03-04 14:35 . 2012-04-30 08:14 947808 ----a-w- c:\windows\system32\nvumdshimx.dll

2014-03-04 14:35 . 2012-04-30 06:30 3093280 ----a-w- c:\windows\system32\nvapi64.dll

2014-03-04 13:06 . 2012-04-30 06:33 6714312 ----a-w- c:\windows\system32\nvcpl.dll

2014-03-04 13:06 . 2012-04-30 06:33 3497816 ----a-w- c:\windows\system32\nvsvc64.dll

2014-03-04 13:05 . 2012-04-30 06:33 922968 ----a-w- c:\windows\system32\nvvsvc.exe

2014-03-04 13:05 . 2012-04-30 06:33 64968 ----a-w- c:\windows\system32\nvshext.dll

2014-03-04 13:05 . 2012-04-30 06:33 386336 ----a-w- c:\windows\system32\nvmctray.dll

2014-03-04 13:05 . 2012-04-30 08:14 3649185 ----a-w- c:\windows\system32\nvcoproc.bin

2014-02-05 09:31 . 2013-11-19 13:35 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll

2014-02-05 09:30 . 2013-11-19 13:35 1179576 ----a-w- c:\windows\system32\nvspcap64.dll

2014-01-23 10:31 . 2014-01-23 10:31 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2014-01-23 10:31 . 2014-01-23 10:31 330240 ----a-w- c:\windows\MASetupCaller.dll

2014-01-23 10:31 . 2014-01-23 10:31 30568 ----a-w- c:\windows\MusiccityDownload.exe

2014-01-23 10:31 . 2014-02-07 23:23 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2014-01-23 10:23 . 2012-08-11 02:36 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-01-13 15:00 . 2014-01-13 15:00 2759168 ----a-w- c:\program files (x86)\Assistant_x64.dll

2014-01-13 15:00 . 2014-01-13 15:00 146768 ----a-w- c:\program files (x86)\AssistantSvc.dll

2014-01-13 15:00 . 2014-01-13 15:00 3041792 ----a-w- c:\program files (x86)\Assistant.dll

2012-07-12 08:28 . 2012-07-12 08:28 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{333BBED6-4936-7725-9BD5-788E36F81CFA}]

2014-03-29 14:17 425472 ----a-w- c:\programdata\IsuaveR\Loa.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Aldrin Domingo\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-04-30 879984]

"AdobeBridge"="" [BU]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-03 1564992]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-02-13 3825232]

"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2014-02-21 9899312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"PrintPack dispatcher"="c:\program files (x86)\Software602\Print2PDF\PrnPack.exe" [2007-06-10 2756608]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-03 311616]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"RequireSignedAppInit_DLLs"=0 (0x0)

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 1a34a8e0;Install Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]

R3 ncvet.dll;ncvet.dll;c:\windows\Temp\ncvet.dll;c:\windows\Temp\ncvet.dll [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys;c:\windows\SYSNATIVE\drivers\vvftav303.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys;c:\windows\SYSNATIVE\Drivers\usbVM303.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-28 22:27 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-03-28 c:\windows\Tasks\DriverEasy Scheduled Scan.job

- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2014-03-28 15:33]

.

2014-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1411974016-386534107-1247840307-1000Core.job

- c:\users\Aldrin Domingo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-30 23:12]

.

2014-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1411974016-386534107-1247840307-1000UA.job

- c:\users\Aldrin Domingo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-30 23:12]

.

2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28 22:25]

.

2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28 22:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{333BBED6-4936-7725-9BD5-788E36F81CFA}]

2014-03-29 14:17 474112 ----a-w- c:\programdata\IsuaveR\Loa.x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\

FF - prefs.js: Keyword.Enabled - true

FF - ExtSQL: 2014-02-13 20:52; mozilla_cc@internetdownloadmanager.com; c:\users\Aldrin Domingo\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2014-02-13 20:57; faqhss@kpab-.net; c:\users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\extensions\faqhss@kpab-.net

FF - ExtSQL: 2014-03-26 21:18; li8eiy@xerjx-.co.uk; c:\users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\extensions\li8eiy@xerjx-.co.uk

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1411974016-386534107-1247840307-1000\Software\SecuROM\License information*]

"datasecu"=hex:c3,10,cd,e8,14,8d,86,ee,2e,b0,35,30,c4,01,ed,23,88,53,49,1c,92,

92,de,e6,08,3c,7b,c9,bb,b7,46,a9,90,b8,c3,1c,8e,68,16,58,9c,2a,3d,0c,6d,ea,\

"rkeysecu"=hex:fb,21,6f,73,0f,f4,06,be,3c,82,5e,f4,21,7d,af,7c

.

Completion time: 2014-04-02 05:19:53

ComboFix-quarantined-files.txt 2014-04-01 21:19

ComboFix2.txt 2014-03-27 12:39

ComboFix3.txt 2012-07-26 11:07

.

Pre-Run: 237,750,128,640 bytes free

Post-Run: 237,316,378,624 bytes free

.

- - End Of File - - 293164728702DEDAF81FDF99EFDCCDBD

A36C5E4F47E84449FF07ED3517B43A31

Attached Files


Edited by boopme, 01 April 2014 - 09:33 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:53 PM

Posted 02 April 2014 - 08:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 icebloodvs

icebloodvs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 02 April 2014 - 04:36 PM

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aldrin Domingo [Admin rights]
Mode : Remove -- Date : 04/03/2014 05:35:49
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] vmsnap3.exe -- C:\Windows\vmsnap3.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : VMSnap3 (C:\Windows\VMSnap3.exe [7]) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] dc7021e5f2bc3543363fa8837c31f3c1
[BSP] 9b2bcc5feb42b95ee148a046e90d94c4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 350000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 717006848 | Size: 300000 MB
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1331406848 | Size: 303767 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) StoreJet Transcend USB Device +++++
--- User ---
[MBR] b12e604f6c9d9f8c5df41aafc84dea28
[BSP] 13e9c26a6613078affb3c15225d03bbd : Empty MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 250003 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 512023680 | Size: 226925 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_D_04032014_053549.txt >>
RKreport[0]_S_04032014_053342.txt;RKreport[0]_S_04032014_053444.txt


#4 icebloodvs

icebloodvs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 02 April 2014 - 04:42 PM

# AdwCleaner v3.023 - Report created 03/04/2014 at 05:39:27
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Aldrin Domingo - ALDRINDOMINGO
# Running from : C:\Users\Aldrin Domingo\Downloads\Programs\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\CHEapiMe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16448
 
 
-\\ Mozilla Firefox v15.0 (en-US)
 
[ File : C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Aldrin Domingo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [70427 octets] - [27/03/2014 23:14:49]
AdwCleaner[R1].txt - [1856 octets] - [03/04/2014 05:38:49]
AdwCleaner[S0].txt - [70764 octets] - [27/03/2014 23:15:30]
AdwCleaner[S1].txt - [1787 octets] - [03/04/2014 05:39:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1847 octets] ##########


#5 icebloodvs

icebloodvs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 02 April 2014 - 04:45 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Aldrin Domingo (administrator) on ALDRINDOMINGO on 03-04-2014 05:43:05
Running from C:\Users\Aldrin Domingo\Downloads\Programs
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Akamai Technologies, Inc.) C:\Users\Aldrin Domingo\AppData\Local\Akamai\netsession_win.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Aldrin Domingo\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Software602) C:\Program Files (x86)\Software602\Print2PDF\PrnPack.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PrintPack dispatcher] - C:\Program Files (x86)\Software602\Print2PDF\PrnPack.exe [2756608 2007-06-11] (Software602)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Aldrin Domingo\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [879984 2012-04-30] (BitTorrent, Inc.)
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-03] (Samsung)
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-02-13] (Tonec Inc.)
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\...\Run: [GarenaPlus] - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9899312 2014-02-21] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA93BEE4D9D26CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-sg
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page Before = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: IsuaveR - {333BBED6-4936-7725-9BD5-788E36F81CFA} - C:\ProgramData\IsuaveR\Loa.x64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Aldrin Domingo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\searchplugins\express-files-customized-web-search.xml
FF SearchPlugin: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\searchplugins\gmgofree.xml
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Aldrin Domingo\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Aldrin Domingo\AppData\Roaming\IDM\idmmzcc5 [2014-02-13]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Aldrin Domingo\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Aldrin Domingo\AppData\Roaming\IDM\idmmzcc5 [2014-02-13]
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.ph
CHR Extension: (Google Docs) - C:\Users\Aldrin Domingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-29]
CHR Extension: (Google Drive) - C:\Users\Aldrin Domingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-29]
CHR Extension: (YouTube) - C:\Users\Aldrin Domingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-29]
CHR Extension: (Google Search) - C:\Users\Aldrin Domingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-29]
CHR Extension: (Google Wallet) - C:\Users\Aldrin Domingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-29]
CHR Extension: (Gmail) - C:\Users\Aldrin Domingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-29]
CHR HKCU\...\Chrome\Extension: [bbjhkdmplcjgfanmmlengfnnebkoigea] - C:\Users\Aldrin Domingo\AppData\Local\CRE\bbjhkdmplcjgfanmmlengfnnebkoigea.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [bbjhkdmplcjgfanmmlengfnnebkoigea] - C:\Users\Aldrin Domingo\AppData\Local\CRE\bbjhkdmplcjgfanmmlengfnnebkoigea.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-02-05]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 1a34a8e0; C:\Program Files (x86)\AssistantSvc.dll [146768 2014-01-13] ()
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5131672 2013-11-19] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2012-05-12] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
 
==================== Drivers (Whitelisted) ====================
 
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-06-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-03 05:42 - 2014-04-03 05:43 - 00000000 ____D () C:\FRST
2014-04-03 05:35 - 2014-04-03 05:35 - 00002751 _____ () C:\Users\Aldrin Domingo\Desktop\RKreport[0]_D_04032014_053549.txt
2014-04-03 05:34 - 2014-04-03 05:34 - 00002646 _____ () C:\Users\Aldrin Domingo\Desktop\RKreport[0]_S_04032014_053444.txt
2014-04-03 05:33 - 2014-04-03 05:33 - 00002613 _____ () C:\Users\Aldrin Domingo\Desktop\RKreport[0]_S_04032014_053342.txt
2014-04-03 05:31 - 2014-04-03 05:36 - 00000000 ____D () C:\Users\Aldrin Domingo\Desktop\RK_Quarantine
2014-04-02 05:19 - 2014-04-02 05:19 - 00016077 _____ () C:\ComboFix.txt
2014-04-01 22:18 - 2014-04-03 05:40 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Aldrin Domingo
2014-03-29 22:17 - 2014-04-02 19:16 - 00000000 ____D () C:\ProgramData\IsuaveR
2014-03-29 18:52 - 2014-03-29 18:55 - 00000000 ____D () C:\Users\Aldrin Domingo\Desktop\wew
2014-03-29 10:08 - 2014-03-29 10:08 - 00003067 _____ () C:\Users\Aldrin Domingo\Desktop\attach.zip
2014-03-29 10:06 - 2014-03-29 10:06 - 00018889 _____ () C:\Users\Aldrin Domingo\Desktop\dds.txt
2014-03-29 10:06 - 2014-03-29 10:06 - 00008910 _____ () C:\Users\Aldrin Domingo\Desktop\attach.txt
2014-03-29 07:40 - 2014-03-29 07:40 - 00001679 _____ () C:\Users\Public\Desktop\Dragon Nest.lnk
2014-03-29 06:34 - 2014-03-29 06:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-29 06:33 - 2014-03-04 19:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-29 06:30 - 2014-03-04 22:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-29 06:30 - 2014-03-04 22:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-29 06:30 - 2014-03-04 22:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-29 06:30 - 2013-12-28 02:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-29 06:30 - 2013-12-28 02:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-29 06:27 - 2014-03-29 06:27 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-29 06:25 - 2014-04-03 05:40 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-29 06:25 - 2014-04-03 05:30 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 06:25 - 2014-03-29 06:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-29 06:25 - 2014-03-29 06:25 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 06:25 - 2014-03-29 06:25 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 23:24 - 2014-03-29 06:23 - 00000424 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2014-03-28 23:24 - 2014-03-28 23:24 - 00003846 _____ () C:\Windows\System32\Tasks\DriverEasy Scheduled Scan
2014-03-28 23:24 - 2014-03-28 23:24 - 00000967 _____ () C:\Users\Public\Desktop\DriverEasy.lnk
2014-03-28 23:24 - 2014-03-28 23:24 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\Easeware
2014-03-28 23:24 - 2014-03-28 23:24 - 00000000 ____D () C:\Program Files\Easeware
2014-03-27 23:27 - 2014-03-27 23:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-27 23:24 - 2014-03-27 23:24 - 00002616 _____ () C:\Users\Aldrin Domingo\Desktop\JRT.txt
2014-03-27 23:19 - 2014-03-27 23:19 - 00000000 ____D () C:\Windows\ERUNT
2014-03-27 23:14 - 2014-04-03 05:39 - 00000000 ____D () C:\AdwCleaner
2014-03-27 22:20 - 2014-03-27 22:28 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-27 22:20 - 2014-03-27 22:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALDRINDOMINGO-Microsoft-Windows-7-Professional-(64-bit).dat
2014-03-27 22:19 - 2014-03-27 22:19 - 00000000 ____D () C:\RegBackup
2014-03-27 21:41 - 2014-03-27 21:41 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-27 20:57 - 2014-04-03 05:40 - 00004323 _____ () C:\Windows\setupact.log
2014-03-27 20:57 - 2014-04-02 19:26 - 00036854 _____ () C:\Windows\PFRO.log
2014-03-27 20:57 - 2014-03-27 20:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-26 19:52 - 2014-03-26 19:52 - 00012967 _____ () C:\Users\Aldrin Domingo\Downloads\[kickass.to]milfs.like.it.big.devon.mia.malkova.i.spy.with.my.little.eye.one.huge.cock.january.17.2014.sd (1).torrent
2014-03-26 19:34 - 2014-03-26 19:34 - 00016983 _____ () C:\Users\Aldrin Domingo\Downloads\[kickass.to]brazzers.milfs.like.it.big.charlee.chase.eva.karera.a.milf.role.model.new.march.21.2014.new.sparrow.torrent
2014-03-26 19:34 - 2014-03-26 19:34 - 00012967 _____ () C:\Users\Aldrin Domingo\Downloads\[kickass.to]milfs.like.it.big.devon.mia.malkova.i.spy.with.my.little.eye.one.huge.cock.january.17.2014.sd.torrent
2014-03-26 05:16 - 2014-03-26 05:16 - 00017917 _____ () C:\Users\Aldrin Domingo\Downloads\[kickass.to]sitti.navarro.my.bossanovafull.album.2007.ghostretired.torrent
2014-03-18 20:22 - 2014-03-18 20:22 - 00113652 _____ () C:\Users\Aldrin Domingo\Downloads\Resource00-oldloadingvid.pak
2014-03-17 20:40 - 2014-03-27 20:47 - 00000000 ____D () C:\Program Files\Sandboxie
2014-03-14 22:28 - 2014-03-27 20:47 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-03-14 22:28 - 2014-03-14 22:28 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-03-13 05:19 - 2014-03-27 20:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-09 07:31 - 2014-03-09 07:31 - 00034816 _____ () C:\Users\Aldrin Domingo\Downloads\album prices.xls
 
==================== One Month Modified Files and Folders =======
 
2014-04-03 05:43 - 2014-04-03 05:42 - 00000000 ____D () C:\FRST
2014-04-03 05:40 - 2014-04-01 22:18 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Aldrin Domingo
2014-04-03 05:40 - 2014-03-29 06:25 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 05:40 - 2014-03-27 20:57 - 00004323 _____ () C:\Windows\setupact.log
2014-04-03 05:40 - 2013-06-09 14:06 - 01289790 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 05:40 - 2012-04-30 16:32 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\uTorrent
2014-04-03 05:40 - 2012-04-30 14:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 05:40 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 05:39 - 2014-03-27 23:14 - 00000000 ____D () C:\AdwCleaner
2014-04-03 05:36 - 2014-04-03 05:31 - 00000000 ____D () C:\Users\Aldrin Domingo\Desktop\RK_Quarantine
2014-04-03 05:35 - 2014-04-03 05:35 - 00002751 _____ () C:\Users\Aldrin Domingo\Desktop\RKreport[0]_D_04032014_053549.txt
2014-04-03 05:34 - 2014-04-03 05:34 - 00002646 _____ () C:\Users\Aldrin Domingo\Desktop\RKreport[0]_S_04032014_053444.txt
2014-04-03 05:33 - 2014-04-03 05:33 - 00002613 _____ () C:\Users\Aldrin Domingo\Desktop\RKreport[0]_S_04032014_053342.txt
2014-04-03 05:31 - 2012-08-19 20:30 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\DMCache
2014-04-03 05:30 - 2014-03-29 06:25 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 05:25 - 2009-07-14 12:45 - 00024128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 05:25 - 2009-07-14 12:45 - 00024128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 05:24 - 2012-04-30 23:45 - 00000000 ____D () C:\Users\Aldrin Domingo\Documents\DragonNest
2014-04-03 05:24 - 2009-07-14 13:13 - 00781650 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 05:23 - 2014-02-15 17:22 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\GarenaPlus
2014-04-03 05:23 - 2014-02-15 17:14 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-04-02 21:22 - 2014-02-13 20:52 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\IDM
2014-04-02 19:26 - 2014-03-27 20:57 - 00036854 _____ () C:\Windows\PFRO.log
2014-04-02 19:17 - 2012-04-30 15:40 - 00000964 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1411974016-386534107-1247840307-1000UA.job
2014-04-02 19:16 - 2014-03-29 22:17 - 00000000 ____D () C:\ProgramData\IsuaveR
2014-04-02 05:19 - 2014-04-02 05:19 - 00016077 _____ () C:\ComboFix.txt
2014-04-02 05:19 - 2012-07-26 18:58 - 00000000 ____D () C:\Qoobox
2014-04-02 05:18 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-02 00:58 - 2012-04-30 16:33 - 00000000 ____D () C:\Users\Aldrin Domingo\Downloads\Torrents
2014-04-01 22:14 - 2012-04-30 15:28 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\vlc
2014-03-30 07:17 - 2012-04-30 15:40 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1411974016-386534107-1247840307-1000Core.job
2014-03-29 22:17 - 2014-01-13 22:58 - 00000000 ____D () C:\ProgramData\5eb6f49735bc15e1
2014-03-29 18:55 - 2014-03-29 18:52 - 00000000 ____D () C:\Users\Aldrin Domingo\Desktop\wew
2014-03-29 10:08 - 2014-03-29 10:08 - 00003067 _____ () C:\Users\Aldrin Domingo\Desktop\attach.zip
2014-03-29 10:06 - 2014-03-29 10:06 - 00018889 _____ () C:\Users\Aldrin Domingo\Desktop\dds.txt
2014-03-29 10:06 - 2014-03-29 10:06 - 00008910 _____ () C:\Users\Aldrin Domingo\Desktop\attach.txt
2014-03-29 07:40 - 2014-03-29 07:40 - 00001679 _____ () C:\Users\Public\Desktop\Dragon Nest.lnk
2014-03-29 07:29 - 2012-04-30 14:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-29 06:34 - 2014-03-29 06:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-29 06:34 - 2012-04-30 14:33 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-29 06:27 - 2014-03-29 06:27 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-29 06:27 - 2014-03-29 06:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-29 06:27 - 2012-04-30 14:55 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Local\Google
2014-03-29 06:25 - 2014-03-29 06:25 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 06:25 - 2014-03-29 06:25 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 06:23 - 2014-03-28 23:24 - 00000424 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2014-03-29 06:23 - 2012-04-30 14:15 - 00001260 _____ () C:\Users\Aldrin Domingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-28 23:24 - 2014-03-28 23:24 - 00003846 _____ () C:\Windows\System32\Tasks\DriverEasy Scheduled Scan
2014-03-28 23:24 - 2014-03-28 23:24 - 00000967 _____ () C:\Users\Public\Desktop\DriverEasy.lnk
2014-03-28 23:24 - 2014-03-28 23:24 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\Easeware
2014-03-28 23:24 - 2014-03-28 23:24 - 00000000 ____D () C:\Program Files\Easeware
2014-03-28 23:09 - 2012-08-19 20:30 - 00000000 ____D () C:\Users\Aldrin Domingo\Downloads\Compressed
2014-03-27 23:27 - 2014-03-27 23:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-27 23:24 - 2014-03-27 23:24 - 00002616 _____ () C:\Users\Aldrin Domingo\Desktop\JRT.txt
2014-03-27 23:19 - 2014-03-27 23:19 - 00000000 ____D () C:\Windows\ERUNT
2014-03-27 22:32 - 2012-04-30 14:50 - 00112968 _____ () C:\Users\Aldrin Domingo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 22:32 - 2010-11-21 15:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-27 22:32 - 2009-07-14 12:45 - 04977552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-27 22:28 - 2014-03-27 22:20 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-27 22:25 - 2009-07-14 10:34 - 00000788 _____ () C:\Windows\win.ini
2014-03-27 22:20 - 2014-03-27 22:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ALDRINDOMINGO-Microsoft-Windows-7-Professional-(64-bit).dat
2014-03-27 22:19 - 2014-03-27 22:19 - 00000000 ____D () C:\RegBackup
2014-03-27 21:52 - 2014-02-13 20:55 - 00000000 ____D () C:\Users\Aldrin Domingo\Downloads\impostor
2014-03-27 21:41 - 2014-03-27 21:41 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-27 21:38 - 2014-01-12 19:20 - 00000000 ____D () C:\Program Files (x86)\Mass Effect 3
2014-03-27 21:36 - 2013-08-30 22:23 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-03-27 20:57 - 2014-03-27 20:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-27 20:49 - 2012-04-30 14:14 - 00000000 ____D () C:\Users\Aldrin Domingo
2014-03-27 20:47 - 2014-03-17 20:40 - 00000000 ____D () C:\Program Files\Sandboxie
2014-03-27 20:47 - 2014-03-14 22:28 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-03-27 20:47 - 2014-03-13 05:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-27 20:47 - 2014-02-13 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 20:47 - 2012-07-28 20:23 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Local\Akamai
2014-03-27 20:47 - 2012-07-26 18:57 - 00000000 ____D () C:\Windows\erdnt
2014-03-27 20:47 - 2012-07-24 19:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-27 20:47 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-03-27 20:47 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-27 20:43 - 2013-04-02 21:35 - 00000000 ___RD () C:\Sandbox
2014-03-27 20:42 - 2013-08-30 22:21 - 00000000 ____D () C:\CherryDeGames
2014-03-26 19:52 - 2014-03-26 19:52 - 00012967 _____ () C:\Users\Aldrin Domingo\Downloads\[kickass.to]milfs.like.it.big.devon.mia.malkova.i.spy.with.my.little.eye.one.huge.cock.january.17.2014.sd (1).torrent
2014-03-26 19:34 - 2014-03-26 19:34 - 00016983 _____ () C:\Users\Aldrin Domingo\Downloads\[kickass.to]brazzers.milfs.like.it.big.charlee.chase.eva.karera.a.milf.role.model.new.march.21.2014.new.sparrow.torrent
2014-03-26 19:34 - 2014-03-26 19:34 - 00012967 _____ () C:\Users\Aldrin Domingo\Downloads\[kickass.to]milfs.like.it.big.devon.mia.malkova.i.spy.with.my.little.eye.one.huge.cock.january.17.2014.sd.torrent
2014-03-26 05:16 - 2014-03-26 05:16 - 00017917 _____ () C:\Users\Aldrin Domingo\Downloads\[kickass.to]sitti.navarro.my.bossanovafull.album.2007.ghostretired.torrent
2014-03-18 20:22 - 2014-03-18 20:22 - 00113652 _____ () C:\Users\Aldrin Domingo\Downloads\Resource00-oldloadingvid.pak
2014-03-16 15:15 - 2012-07-24 19:21 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Local\Windows Live
2014-03-14 22:28 - 2014-03-14 22:28 - 00000000 ____D () C:\Users\Aldrin Domingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-03-09 07:31 - 2014-03-09 07:31 - 00034816 _____ () C:\Users\Aldrin Domingo\Downloads\album prices.xls
2014-03-04 22:35 - 2014-03-29 06:30 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 22:35 - 2014-03-29 06:30 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-04 22:35 - 2014-03-29 06:30 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-04 22:35 - 2013-11-19 21:31 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 22:35 - 2012-07-10 21:33 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 22:35 - 2012-07-10 21:33 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 22:35 - 2012-04-30 16:14 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-04 22:35 - 2012-04-30 14:32 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 22:35 - 2012-04-30 14:30 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 21:06 - 2012-04-30 14:33 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 21:06 - 2012-04-30 14:33 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 21:05 - 2012-04-30 16:14 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-04 21:05 - 2012-04-30 14:33 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 21:05 - 2012-04-30 14:33 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 21:05 - 2012-04-30 14:33 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-04 19:32 - 2014-03-29 06:33 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
 
Some content of TEMP:
====================
C:\Users\Aldrin Domingo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Aldrin Domingo\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Aldrin Domingo\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-30 00:08
 
==================== End Of Log ============================


#6 icebloodvs

icebloodvs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 02 April 2014 - 04:48 PM

Attachment

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:53 PM

Posted 03 April 2014 - 07:36 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [879984 2012-04-30] (BitTorrent, Inc.)
BHO: IsuaveR - {333BBED6-4936-7725-9BD5-788E36F81CFA} - C:\ProgramData\IsuaveR\Loa.x64.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\searchplugins\express-files-customized-web-search.xml
CHR HKCU\...\Chrome\Extension: [bbjhkdmplcjgfanmmlengfnnebkoigea] - C:\Users\Aldrin Domingo\AppData\Local\CRE\bbjhkdmplcjgfanmmlengfnnebkoigea.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [bbjhkdmplcjgfanmmlengfnnebkoigea] - C:\Users\Aldrin Domingo\AppData\Local\CRE\bbjhkdmplcjgfanmmlengfnnebkoigea.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 1a34a8e0; C:\Program Files (x86)\AssistantSvc.dll [146768 2014-01-13] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
C:\Users\Aldrin Domingo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Aldrin Domingo\AppData\Local\Temp\ntdll_dump.dll

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

====


Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

How is the computer performing now?

#8 icebloodvs

icebloodvs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 04 April 2014 - 08:00 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Aldrin Domingo at 2014-04-05 09:00:37 Run:1
Running from C:\Users\Aldrin Domingo\Downloads\Programs
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [879984 2012-04-30] (BitTorrent, Inc.)
BHO: IsuaveR - {333BBED6-4936-7725-9BD5-788E36F81CFA} - C:\ProgramData\IsuaveR\Loa.x64.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\searchplugins\express-files-customized-web-search.xml
CHR HKCU\...\Chrome\Extension: [bbjhkdmplcjgfanmmlengfnnebkoigea] - C:\Users\Aldrin Domingo\AppData\Local\CRE\bbjhkdmplcjgfanmmlengfnnebkoigea.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [bbjhkdmplcjgfanmmlengfnnebkoigea] - C:\Users\Aldrin Domingo\AppData\Local\CRE\bbjhkdmplcjgfanmmlengfnnebkoigea.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 1a34a8e0; C:\Program Files (x86)\AssistantSvc.dll [146768 2014-01-13] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
C:\Users\Aldrin Domingo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Aldrin Domingo\AppData\Local\Temp\ntdll_dump.dll
 
end
*****************
 
[2092] C:\Program Files (x86)\uTorrent\uTorrent.exe => Process closed successfully.
HKU\S-1-5-21-1411974016-386534107-1247840307-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{333BBED6-4936-7725-9BD5-788E36F81CFA} => Key deleted successfully.
HKCR\CLSID\{333BBED6-4936-7725-9BD5-788E36F81CFA} => Key deleted successfully.
HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc => Key deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
C:\Users\Aldrin Domingo\AppData\Roaming\Mozilla\Firefox\Profiles\ks097q88.default\searchplugins\express-files-customized-web-search.xml => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\bbjhkdmplcjgfanmmlengfnnebkoigea => Key deleted successfully.
"C:\Users\Aldrin Domingo\AppData\Local\CRE\bbjhkdmplcjgfanmmlengfnnebkoigea.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjhkdmplcjgfanmmlengfnnebkoigea => Key deleted successfully.
"C:\Users\Aldrin Domingo\AppData\Local\CRE\bbjhkdmplcjgfanmmlengfnnebkoigea.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Key deleted successfully.
"C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
1a34a8e0 => Service deleted successfully.
catchme => Service deleted successfully.
gdrv => Service deleted successfully.
ncvet.dll => Service deleted successfully.
netr28ux => Service deleted successfully.
C:\Users\Aldrin Domingo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Aldrin Domingo\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
 
==== End of Fixlog ====


#9 icebloodvs

icebloodvs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 04 April 2014 - 08:08 PM

Download Security Check by screen317 from here. <--- cant DL



#10 nasdaq

nasdaq

  • Malware Response Team
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:53 PM

Posted 05 April 2014 - 09:16 AM

Just tried it and it worked.

Try again. If if fails right click on the link "Here" on the previous post.

#11 icebloodvs

icebloodvs
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 06 April 2014 - 07:58 PM

I even tried the PC in my office, i just cant DL it using the link "here"



#12 nasdaq

nasdaq

  • Malware Response Team
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:53 PM

Posted 07 April 2014 - 08:51 AM

Can you download this SecurityCheck.txt

If you can then rename it SecurityCheck.exe AND RUN IT.

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:53 PM

Posted 13 April 2014 - 10:00 AM

Are you still with me?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:53 PM

Posted 20 April 2014 - 09:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users