Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How can i uninstall PileWire and oxy ? :(


  • This topic is locked This topic is locked
41 replies to this topic

#1 Blatch

Blatch

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 02 April 2014 - 12:01 AM

Hello,

 

I decided to try and download a movie online and accidently downloaded this program called pilefile reminder or oxy.

 

I scanned my computer with Malware bytes and it found like 10 PUP and quartined them but did not delete the programs.

 

I tried to uninstall them using add or remove programs but when I click uninstall it does nothing and something pops up to run the program and says "You dont have sufficient access to uninstall pilefile. Please contact your administrator.".

 

I just want this gone off my computer.

 

It was playing random sounds and advertisements before but somehow I got that to stop.

 

Please help and let me know if I am in the wrong forum.

 

Thanks.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 02 April 2014 - 06:43 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 02 April 2014 - 08:08 AM

hi thank so much for helping me i dont know what to do until i met this forum :)

 

FRST.txt

 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by user (administrator) on USER-PC on 02-04-2014 12:30:15
Running from D:\
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Razer Inc.) D:\Gameboost\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() D:\Garena Plus\ggdllhost.exe
(Wondershare) C:\Program Files\Wondershare\Wondershare Application Center\WACService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(337 Technology Limited.) C:\Program Files\Desk 365\deskSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\S-1-5-21-607481587-205909089-1653279136-1000\...\Run: [GarenaPlus] - D:\Garena Plus\GarenaMessenger.exe [9899312 2014-02-26] ()
HKU\S-1-5-21-607481587-205909089-1653279136-1000\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3825232 2014-02-21] (Tonec Inc.)
HKU\S-1-5-21-607481587-205909089-1653279136-1000\...\Run: [Desk 365] - C:\Program Files\Desk 365\desk365.exe [1017904 2014-04-02] (337 Technology Limited.)
HKU\S-1-5-21-607481587-205909089-1653279136-1000\...\MountPoints2: {90a44cce-9066-11e1-b88b-00e0b60c52b9} - F:\LaunchU3.exe -a
HKU\S-1-5-21-607481587-205909089-1653279136-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-607481587-205909089-1653279136-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
URLSearchHook: HKLM - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
URLSearchHook: HKCU - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D&q={searchTerms}
SearchScopes: HKCU - {7FC79DEE-E2A1-4F11-BD61-B21606070E33} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877
FF NewTab: hxxp://start.qone8.com/newtab/?type=nt&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
FF DefaultSearchEngine: qone8
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: qone8
FF Homepage: hxxp://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll ()
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @t.garena.com/garenatalk - D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qone8.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Quick Start - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877\Extensions\quick_start@gmail.com [2014-04-02]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-10-15]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012-04-29]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-25]
FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877\extensions\quick_start@gmail.com [2014-04-02]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-02-21]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-02-21]
 
Chrome: 
=======
CHR HomePage: hxxp://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
CHR RestoreOnStartup: "hxxp://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D"
CHR DefaultSearchKeyword: qone8
CHR DefaultSearchProvider: qone8
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Garena Talk Plugin) - D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - D:\sldog\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - D:\sldog\Netscape6\nprpplugin.dll No File
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-21]
CHR Extension: (Quick Start) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-04-02]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\user\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-01]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://start.qone8.com/?type=sc&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
 
========================== Services (Whitelisted) =================
 
R2 desksvc; C:\Program Files\Desk 365\deskSvc.exe [425008 2014-04-02] (337 Technology Limited.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [688240 2014-03-31] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 RzKLService; D:\Gameboost\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 WACService; C:\Program Files\Wondershare\Wondershare Application Center\WACService.exe [103272 2012-11-09] (Wondershare)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2012-04-26] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-04-02] (Cherished Technololgy LIMITED)
 
==================== Drivers (Whitelisted) ====================
 
S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34216 2013-05-11] (Google Inc)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-09] (AVG Technologies)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43088 2013-04-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1265216 2011-09-09] (Ralink Technology Corp.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2011-12-09] (Wondershare)
R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2011-12-09] (Wondershare)
R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2011-12-09] (Wondershare)
R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2011-12-09] (Wondershare)
R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2011-12-09] (Wondershare)
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\D:\Gameboost\Driver\WinRing0.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-02 12:29 - 2014-04-02 12:30 - 00000000 ____D () C:\FRST
2014-04-02 12:12 - 2014-04-02 12:13 - 00000000 ____D () C:\Users\user\AppData\Roaming\Desk 365
2014-04-02 12:12 - 2014-04-02 12:13 - 00000000 ____D () C:\Program Files\Desk 365
2014-04-02 12:12 - 2014-04-02 12:12 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-02 12:12 - 2014-04-02 12:12 - 00000000 ____D () C:\Program Files\SupTab
2014-04-02 12:07 - 2014-04-02 12:07 - 00038404 _____ () C:\Windows\PFRO.log
2014-04-02 10:44 - 2014-04-02 12:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\SupTab
2014-04-02 10:43 - 2014-04-02 12:12 - 00000000 ____D () C:\ProgramData\WPM
2014-04-02 10:42 - 2014-04-02 12:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\qone8
2014-04-02 10:39 - 2014-04-02 10:44 - 00000000 ____D () C:\Users\user\AppData\Local\Oxy
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2014-04-02 10:22 - 2014-04-02 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-04-02 10:20 - 2014-04-02 10:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Oxy
2014-04-01 11:49 - 2014-04-02 03:10 - 00000000 ____D () C:\Users\user\Downloads\Street.Fighter.IV - SKIDROW
2014-03-31 14:56 - 2014-03-31 14:56 - 00000628 _____ () C:\Users\user\Desktop\Player ZhyperMU S6 EP3.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000955 _____ () C:\Users\UpdatusUser\Desktop\Metal Slug Saga.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000921 _____ () C:\Users\user\Desktop\Metal Slug Saga.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metal Slug Saga PC Collection
2014-03-30 18:44 - 2010-08-08 20:53 - 301303485 _____ () C:\Users\user\Desktop\MetalSlugPC.exe
2014-03-30 14:05 - 2014-03-11 13:24 - 00000000 ____D () C:\Users\user\Desktop\ss
2014-03-30 13:45 - 2014-04-01 13:28 - 00000000 ____D () C:\Users\user\Desktop\CCIS4B webdev
2014-03-30 12:09 - 2012-08-01 21:49 - 00001323 _____ () C:\Users\user\Desktop\post.php
2014-03-28 19:39 - 2014-03-28 19:39 - 00000000 ____D () C:\Users\user\Desktop\ppsspp_win
2014-03-28 19:38 - 2014-03-28 19:39 - 12648182 _____ () C:\Users\user\Desktop\ppsspp_win.zip
2014-03-25 21:24 - 2014-03-25 21:24 - 00655563 _____ () C:\Users\user\Desktop\Slam-Dunk.jpeg
2014-03-25 19:14 - 2012-04-27 21:41 - 00000983 _____ () C:\Users\user\Desktop\GarenaMessenger - Shortcut.lnk
2014-03-25 15:56 - 2014-03-25 15:59 - 30104270 _____ () C:\Users\user\Desktop\Ps2 Bios.rar
2014-03-25 15:52 - 2014-03-25 15:55 - 15127264 _____ () C:\Users\user\Desktop\pcsx2-1.2.1-r5875-setup.exe
2014-03-24 17:41 - 2014-03-25 06:49 - 00000000 ____D () C:\Users\user\Desktop\sdsdsd
2014-03-24 17:03 - 2014-03-24 17:04 - 12719556 _____ () C:\Users\user\Desktop\NBA 2k14 Crack.rar
2014-03-23 19:30 - 2014-03-23 19:42 - 00000000 ____D () C:\Users\user\Desktop\lumibao
2014-03-20 23:17 - 2014-03-20 23:17 - 00001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-03-18 19:34 - 2014-03-17 22:12 - 00092672 _____ () C:\Users\user\Documents\Publication1.pub
2014-03-18 18:59 - 2014-04-01 23:10 - 00000000 ____D () C:\Users\user\Desktop\dont delete
2014-03-16 16:02 - 2014-03-16 16:02 - 00001023 _____ () C:\Users\Public\Desktop\Windows Movie Maker.lnk
2014-03-08 00:06 - 2014-04-02 12:07 - 00008734 _____ () C:\Windows\setupact.log
2014-03-08 00:06 - 2014-03-08 00:06 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
2014-04-02 12:30 - 2014-04-02 12:29 - 00000000 ____D () C:\FRST
2014-04-02 12:27 - 2012-04-26 20:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 12:13 - 2014-04-02 12:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\Desk 365
2014-04-02 12:13 - 2014-04-02 12:12 - 00000000 ____D () C:\Program Files\Desk 365
2014-04-02 12:12 - 2014-04-02 12:12 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-02 12:12 - 2014-04-02 12:12 - 00000000 ____D () C:\Program Files\SupTab
2014-04-02 12:12 - 2014-04-02 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\SupTab
2014-04-02 12:12 - 2014-04-02 10:43 - 00000000 ____D () C:\ProgramData\WPM
2014-04-02 12:10 - 2014-04-02 10:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\qone8
2014-04-02 12:10 - 2014-02-16 15:57 - 01613154 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 12:10 - 2013-10-11 07:18 - 00001233 _____ () C:\Users\user\Desktop\firefox - Shortcut.lnk
2014-04-02 12:07 - 2014-04-02 12:07 - 00038404 _____ () C:\Windows\PFRO.log
2014-04-02 12:07 - 2014-03-08 00:06 - 00008734 _____ () C:\Windows\setupact.log
2014-04-02 12:07 - 2013-11-11 21:58 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-02 12:07 - 2013-06-08 08:40 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-04-02 12:07 - 2013-06-03 19:18 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-04-02 12:07 - 2012-07-31 19:47 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-02 12:07 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-02 12:05 - 2013-11-23 07:27 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-04-02 11:50 - 2012-07-31 19:47 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-02 11:24 - 2012-07-02 23:13 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-607481587-205909089-1653279136-1000UA.job
2014-04-02 10:44 - 2014-04-02 10:39 - 00000000 ____D () C:\Users\user\AppData\Local\Oxy
2014-04-02 10:44 - 2014-04-02 10:22 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2014-04-02 10:23 - 2014-04-02 10:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Oxy
2014-04-02 08:52 - 2013-01-25 21:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2014-04-02 08:52 - 2012-05-05 19:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-04-02 07:45 - 2012-04-26 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-02 03:10 - 2014-04-01 11:49 - 00000000 ____D () C:\Users\user\Downloads\Street.Fighter.IV - SKIDROW
2014-04-02 03:06 - 2012-07-24 19:59 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-04-01 23:10 - 2014-03-18 18:59 - 00000000 ____D () C:\Users\user\Desktop\dont delete
2014-04-01 16:24 - 2013-12-03 19:00 - 00000655 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-01 14:45 - 2012-04-26 20:05 - 00783096 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 13:28 - 2014-03-30 13:45 - 00000000 ____D () C:\Users\user\Desktop\CCIS4B webdev
2014-04-01 13:27 - 2013-12-02 21:05 - 00000000 ____D () C:\Users\user\Desktop\New folder
2014-03-31 15:02 - 2009-07-14 12:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 15:02 - 2009-07-14 12:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 14:56 - 2014-03-31 14:56 - 00000628 _____ () C:\Users\user\Desktop\Player ZhyperMU S6 EP3.lnk
2014-03-31 12:15 - 2012-04-27 21:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\GarenaPlus
2014-03-31 12:15 - 2012-04-27 21:40 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-03-30 20:48 - 2014-02-26 23:48 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2014-03-30 20:24 - 2012-07-02 23:13 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-607481587-205909089-1653279136-1000Core.job
2014-03-30 19:17 - 2013-10-28 19:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2014-03-30 18:48 - 2014-03-30 18:48 - 00000955 _____ () C:\Users\UpdatusUser\Desktop\Metal Slug Saga.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000921 _____ () C:\Users\user\Desktop\Metal Slug Saga.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metal Slug Saga PC Collection
2014-03-30 11:18 - 2013-12-01 11:59 - 00000000 ____D () C:\Program Files\Virtual Router
2014-03-29 23:22 - 2013-11-15 15:55 - 00001251 _____ () C:\Users\user\Desktop\php tutorials.txt
2014-03-29 15:59 - 2013-01-21 19:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-03-28 19:43 - 2013-03-21 17:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-28 19:39 - 2014-03-28 19:39 - 00000000 ____D () C:\Users\user\Desktop\ppsspp_win
2014-03-28 19:39 - 2014-03-28 19:38 - 12648182 _____ () C:\Users\user\Desktop\ppsspp_win.zip
2014-03-25 21:24 - 2014-03-25 21:24 - 00655563 _____ () C:\Users\user\Desktop\Slam-Dunk.jpeg
2014-03-25 15:59 - 2014-03-25 15:56 - 30104270 _____ () C:\Users\user\Desktop\Ps2 Bios.rar
2014-03-25 15:55 - 2014-03-25 15:52 - 15127264 _____ () C:\Users\user\Desktop\pcsx2-1.2.1-r5875-setup.exe
2014-03-25 06:49 - 2014-03-24 17:41 - 00000000 ____D () C:\Users\user\Desktop\sdsdsd
2014-03-24 19:31 - 2013-12-03 18:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\EurekaLog
2014-03-24 17:04 - 2014-03-24 17:03 - 12719556 _____ () C:\Users\user\Desktop\NBA 2k14 Crack.rar
2014-03-23 19:42 - 2014-03-23 19:30 - 00000000 ____D () C:\Users\user\Desktop\lumibao
2014-03-20 23:17 - 2014-03-20 23:17 - 00001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-03-18 11:27 - 2012-04-26 20:10 - 00112328 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 11:27 - 2009-07-14 12:33 - 00438320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 22:12 - 2014-03-18 19:34 - 00092672 _____ () C:\Users\user\Documents\Publication1.pub
2014-03-17 08:52 - 2012-05-04 17:50 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-16 21:19 - 2014-01-26 08:33 - 00035840 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-03-16 20:55 - 2012-04-26 20:01 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-03-16 16:02 - 2014-03-16 16:02 - 00001023 _____ () C:\Users\Public\Desktop\Windows Movie Maker.lnk
2014-03-16 16:02 - 2013-04-27 13:14 - 00000000 ____D () C:\Program Files\Windows Movie Maker
2014-03-16 15:43 - 2013-11-29 20:27 - 00000000 ____D () C:\Users\user\Downloads\Video
2014-03-12 18:27 - 2012-04-26 20:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 18:27 - 2012-04-26 20:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 13:24 - 2014-03-30 14:05 - 00000000 ____D () C:\Users\user\Desktop\ss
2014-03-08 00:06 - 2014-03-08 00:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 15:07 - 2012-04-27 18:51 - 00000000 ____D () C:\Users\user\AppData\Local\Google
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\htmlayout.dll
C:\Users\user\AppData\Local\Temp\PH_140306to140307.exe
C:\Users\user\AppData\Local\Temp\PH_140307to140325.exe
C:\Users\user\AppData\Local\Temp\setup.exe
C:\Users\user\AppData\Local\Temp\tmp10DE.exe
C:\Users\user\AppData\Local\Temp\tmp6748.exe
C:\Users\user\AppData\Local\Temp\tmp89F8.exe
C:\Users\user\AppData\Local\Temp\tmpB065.exe
C:\Users\user\AppData\Local\Temp\tmpC77D.exe
C:\Users\user\AppData\Local\Temp\tmpE115.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-31 13:26
 
==================== End Of Log ============================
 
 
 
ADDITION.TXT
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by user at 2014-04-02 12:31:09
Running from D:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30596 - BitTorrent Inc.)
Acala 3GP Movies Free 4.2.6 (HKLM\...\Acala 3GP Movies Free_is1) (Version:  - Acala Software)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Audition CS6 (HKLM\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Any Audio Converter 4.0.3 (HKLM\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
AVS Video Editor 6 (HKLM\...\AVS Video Editor_is1) (Version: 6.4.2.241 - Online Media Technologies Ltd.)
Bing Bar Platform (Version: 5.0.1449.0 - Microsoft Corporation) Hidden
bl (Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crossfire PH version 1095 (HKLM\...\{C77F0C18-A135-4204-8BEA-30390B18F988}_is1) (Version: 1095 - Gameclub)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
Desk 365 (HKLM\...\Desk 365) (Version: 1.15.13 - 337 Technology Limited.) <==== ATTENTION
Dota 2 (HKLM\...\Steam App 570) (Version:  - )
Dota 2 Test (HKLM\...\Steam App 205790) (Version:  - )
DriverIdentifier 4.2.7 (HKLM\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
GameClub Launcher PH (Remove only) (HKLM\...\{BBD9FAD7-F782-4548-B00F-E612322950F6}) (Version: 20111202 - GameClub)
Garena - League of Legends PH (HKLM\...\LoLPH) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 24.0.1312.57 - Google Inc.)
Google Earth Plug-in (HKLM\...\{33286280-8617-11E1-8FF6-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{08528F0F-B95E-431C-A240-76194E12D72E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM\...\{8E17BF51-4636-4057-8380-F7BE664C27BE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet Ink Adv 2060 K110 Product Improvement Study (HKLM\...\{82B7B85C-2492-4F7C-9965-79B0E680CC9D}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
iWisoft Free Video Downloader 2.1 (HKLM\...\iWisoft Free Video Downloader_is1) (Version: 2.1 - www.iwisoft.com)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
JCreator LE 5.00 (HKLM\...\JCreator LE_is1) (Version:  - Xinox Software)
JetClean (HKLM\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Macromedia Dreamweaver 8 (HKLM\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Metal Slug Saga PC Collection (HKLM\...\Metal Slug Saga PC Collection) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 2.0.271.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (32-bit) (HKLM\...\{59A385E2-3454-4CDF-B3E6-C9CF9D099F1B}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 en-GB) (HKCU\...\Mozilla Firefox 23.0.1 (x86 en-GB)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 27.0.1 (x86 en-GB) (HKCU\...\Mozilla Firefox 27.0.1 (x86 en-GB)) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MUPH S6EP3 (HKLM\...\{7A853A72-3EF3-41F6-8769-413EDBFFE91D}) (Version: 1.0.0 - MUPH)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA Control Panel 306.23 (Version: 306.23 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Oxy (HKCU\...\{9AAF2503-6CD5-414A-B5BA-37639B76C91F}) (Version:  - LADY'S WOOD 2013 LIMITED)
PaintTool SAI Ver.1 (HKLM\...\PaintToolSAI) (Version:  - )
ph (Version: 1.0.0 - Your Company Name) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PileFile downloader (HKCU\...\{2A4641B4-EDDB-46D1-B34B-F93E19A8B3DB}) (Version:  - LADY'S WOOD 2013 LIMITED)
PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - LADY'S WOOD 2013 LIMITED)
qone8 uninstaller (HKLM\...\qone8 uninstaller) (Version:  - qone8)
QuickSolutions (HKLM\...\{8225BAEB-4C64-4881-8229-E5BBCD076E37}) (Version: 1.0.0.0 - QuickSolutions)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.14.0 - Ralink)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reshade 2.0 RC1 (HKLM\...\Reshade 2.0) (Version: 2.0 - Reshade)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.7.201306141231 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.165 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.165 - Sony)
Ss.Helper 1.74 (HKLM\...\SP_e77c81ae) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.29 - NCH Software)
Virtual Router Plus (HKLM\...\{0AEE4D51-3657-4F40-A689-533429CAEE0C}) (Version: 2.6.0 - Runxia Electronics)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Movie Maker 6.1 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version:  - windows-movie-maker.org)
Windows Movie Maker 6.1 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version:  - win-movie-maker-free)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wondershare Application Center 1.0.0.58 (HKLM\...\{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1) (Version: 1.0.0.58 - Wondershare)
WPM17.8.0.3442 (HKLM\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION
XAMPP (HKLM\...\xampp) (Version: 1.8.2-2 - BitNami)
XSplit (HKLM\...\{64029508-2587-4D39-AB83-2AC722FBFCC2}) (Version: 1.0.1204.1301 - SplitMediaLabs)
YTD Toolbar v7.6 (HKLM\...\{C3E2B404-EF69-4C60-A7C1-CF116D2C3267}) (Version: 7.6 - Spigot, Inc.)
YTD Video Downloader 4.7.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)
ZhyperMU Season 6 Episode 3 6.30 (HKLM\...\ZhyperMU Season 6 Episode 3 6.30) (Version: 6.30 - Zhyper Network)
ZhyperMU Season 6 Small Client No Sound and Music 6.00 (HKLM\...\ZhyperMU Season 6 Small Client No Sound and Music 6.00) (Version: 6.00 - Zhyper Networks)
 
==================== Restore Points  =========================
 
31-03-2014 06:56:56 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {094946F8-ECA3-4B4C-99FB-0AAA8A0530BD} - System32\Tasks\RunAsStdUser Task => C:\Users\user\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {0D227A33-5E22-451D-B551-4BFEF3919B71} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-607481587-205909089-1653279136-1000Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {12E18D17-BD44-4A37-B1B9-7D09CA81E871} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-26] ()
Task: {290DFAA1-F7D0-4850-8605-821611EFCA0A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-607481587-205909089-1653279136-1000UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {30DF4DD7-FCC0-43EF-AA4C-885CBFE58ABD} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {38595974-0092-4DB0-81A7-5D6B63A44E2D} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {3A11797B-19FA-4056-B143-A61970C1FF13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3FCB139E-B9F4-4F21-BEEF-CFCE1F9BE9C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {42F8606A-5B50-48FF-8580-CF4B8DE6C130} - System32\Tasks\gg_uac_daemon_user => D:\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {4D6A3768-92D4-47F2-BBD3-DBA1C79456AB} - System32\Tasks\Razer_Game_Booster_AutoUpdate => D:\Gameboost\AutoUpdate.exe
Task: {571439FD-4A9C-4AC9-8FBC-B6034EB543D2} - System32\Tasks\PileFile reminder => C:\Users\user\AppData\Local\Temp\WinRAR Password Remover V5.2Download_D8AA\WinRAR_Password_Remover_V5.2_Downloader.exe [2014-04-02] () <==== ATTENTION
Task: {68D4EDDB-08D6-4C2D-813A-C92F4EE217D0} - System32\Tasks\Oxy => C:\Users\user\AppData\Roaming\Oxy\Updater.exe [2014-04-02] () <==== ATTENTION
Task: {77FCAF00-1143-4377-98CD-652424897C89} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-607481587-205909089-1653279136-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {7B050D15-3A0D-40F0-9A59-3530C4E7C17F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-607481587-205909089-1653279136-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {821979DB-3AB5-4397-8922-34E12B1EB0B9} - System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {86DDF705-2560-4CA1-85C4-9266AD4473F8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-607481587-205909089-1653279136-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {9D698217-57DB-4571-922E-71B4A43CBE7D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-607481587-205909089-1653279136-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {B03106BD-9088-4B6F-8B88-CFC9734AC13F} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {B154FE44-0B71-400F-87C8-E2D9AF2D1DCA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-607481587-205909089-1653279136-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {BE8E2484-0B0E-4503-A06C-2F65753F3AB1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E669F281-DC7C-48B5-97A1-1DE39EE0DEFE}.exe
Task: {C71D1442-89F2-4E24-9932-147753DC7601} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {C8673CA4-368E-4053-92F9-BE84122AD16C} - System32\Tasks\HPCustParticipation HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe
Task: {CEED98E0-62A5-44E0-87C6-63C66E4F252B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe [2014-04-02] (337 Technology Limited.) <==== ATTENTION
Task: {DF605F92-9EC9-43CC-A9F6-CC4CFA8445EF} - System32\Tasks\NCH Software\DebutDowngrade => D:\webcam\NCH Software\Debut\debut.exe [2013-03-07] (NCH Software)
Task: {E00DFADA-A6A0-48E2-9E15-808AC6E6DA3A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EBEA5F2F-0748-43B9-A63A-98978386B6E7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{B1CD00E3-830C-407D-854E-22B150F02C29}.exe
Task: {EEFE0CEC-6E10-4605-AB31-ECEA5DB84BA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {F293A32D-228F-46D7-99B9-3DDDAD4FF635} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F4C7CDB7-B457-4E44-827A-40D4656E69AC} - System32\Tasks\PileFile logon => C:\Users\user\AppData\Local\Temp\WinRAR Password Remover V5.2Download_D8AA\WinRAR_Password_Remover_V5.2_Downloader.exe [2014-04-02] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{B1CD00E3-830C-407D-854E-22B150F02C29}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E669F281-DC7C-48B5-97A1-1DE39EE0DEFE}.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-607481587-205909089-1653279136-1000Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-607481587-205909089-1653279136-1000UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-02 15:00 - 2012-08-30 23:57 - 00079208 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-04-27 22:55 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-07-12 17:58 - 2013-07-10 19:54 - 00049456 _____ () D:\Garena Plus\ggdllhost.exe
2012-04-10 16:48 - 2013-08-23 17:10 - 00553776 _____ () D:\Garena Plus\ggspawn.dll
2013-05-11 12:04 - 2012-11-09 15:59 - 00016744 _____ () C:\Program Files\Wondershare\Wondershare Application Center\HttpRequest.dll
2013-05-11 12:04 - 2012-10-29 16:22 - 00270336 _____ () C:\Program Files\Wondershare\Wondershare Application Center\libcurl.dll
2013-02-01 18:55 - 2013-01-26 10:34 - 00597968 _____ () C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
2013-02-01 18:55 - 2013-01-26 10:34 - 00124368 _____ () C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
2013-02-01 18:55 - 2013-01-26 10:35 - 04012496 _____ () C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
2013-02-01 18:55 - 2013-01-26 10:35 - 00460240 _____ () C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
2013-02-01 18:55 - 2013-01-26 10:34 - 01552848 _____ () C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
2013-02-13 17:23 - 2013-02-13 17:23 - 12638576 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
2014-04-02 12:12 - 2014-04-02 12:12 - 00612400 _____ () C:\Program Files\Desk 365\sqlite3.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:96D0C06F
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bing Bar => "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaMessenger => "D:\Garena Plus\GarenaMessenger.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => 
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Steam => "D:\steam\steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "D:\utorrent\uTorrent.exe"  /MINIMIZED
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/02/2014 03:36:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/02/2014 03:30:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
 
Error: (04/02/2014 03:06:44 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (04/01/2014 04:08:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
 
Error: (04/01/2014 00:18:28 PM) (Source: Application Hang) (User: )
Description: The program uTorrent.exe version 3.4.0.30660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1498
 
Start Time: 01cf4d60f9711290
 
Termination Time: 42307
 
Application Path: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
 
Report Id: 8f2bf161-b954-11e3-b823-00e0b60c52b9
 
Error: (04/01/2014 09:21:34 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (03/31/2014 01:55:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/31/2014 01:49:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
 
Error: (03/31/2014 11:12:05 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (03/30/2014 07:09:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: LoL.exe, version: 1.0.0.29, time stamp: 0x4d002eb2
Faulting module name: launcher.maestro.dll, version: 1.0.0.29, time stamp: 0x4cb8d434
Exception code: 0xc0000005
Fault offset: 0x00011289
Faulting process id: 0x16c8
Faulting application start time: 0xLoL.exe0
Faulting application path: LoL.exe1
Faulting module path: LoL.exe2
Report Id: LoL.exe3
 
 
System errors:
=============
Error: (04/01/2014 09:09:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (04/01/2014 04:24:25 PM) (Source: ipnathlp) (User: )
Description: 
 
Error: (04/01/2014 04:15:39 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (04/01/2014 04:12:20 PM) (Source: ipnathlp) (User: )
Description: 
 
Error: (04/01/2014 03:34:37 PM) (Source: ipnathlp) (User: )
Description: 
 
Error: (04/01/2014 03:22:30 PM) (Source: ipnathlp) (User: )
Description: 
 
Error: (04/01/2014 03:12:53 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (04/01/2014 02:44:48 PM) (Source: ipnathlp) (User: )
Description: 
 
Error: (04/01/2014 02:32:41 PM) (Source: ipnathlp) (User: )
Description: 
 
Error: (04/01/2014 01:55:06 PM) (Source: ipnathlp) (User: )
Description: 
 
 
Microsoft Office Sessions:
=========================
Error: (10/06/2013 00:33:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3341 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (09/28/2013 03:40:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9809 seconds with 1560 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 89%
Total physical RAM: 1791.37 MB
Available physical RAM: 184.16 MB
Total Pagefile: 3582.73 MB
Available Pagefile: 1327.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.73 GB) (Free:7.31 GB) NTFS
Drive d: () (Fixed) (Total:100.22 GB) (Free:12.7 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 4E8F99D3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 02 April 2014 - 08:15 AM

this is the tdss file

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 02 April 2014 - 09:00 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 02 April 2014 - 09:13 AM

ok sir . which one should i delete sir? i dont know what are cracked programs im just a newbie in computer. 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 03 April 2014 - 03:15 AM

At least these two files contain illegal software:

 

 C:\Users\user\Desktop\NBA 2k14 Crack.rar
 C:\Users\user\Downloads\Street.Fighter.IV - SKIDROW

 

If the programs have been installed, please uninstall them as well as any other cracked software product.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 03 April 2014 - 03:16 AM

At least these two files contain illegal software:

 

 C:\Users\user\Desktop\NBA 2k14 Crack.rar
 C:\Users\user\Downloads\Street.Fighter.IV - SKIDROW

 

If the programs have been installed, please uninstall them as well as any other cracked software product.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 03 April 2014 - 07:15 AM

ok sir i already deleted it :) sorry for that.

shall we continue to clean my computer? im so excited :D



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 04 April 2014 - 02:23 AM

Scan with CKScanner

Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

 

 

when finished, please create and post new logs with FRST


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 04 April 2014 - 10:03 AM

here it is sir




CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\adwcleaner\quarantine\c\program files\softwareupdater\keygen.dll.vir
c:\windows\system32\slmgr.vbs.removewat
scanner sequence 3.AA.11.VSLBN0
 ----- EOF ----- 


#12 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 04 April 2014 - 10:06 AM

i scan again with FRST.



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by user (administrator) on USER-PC on 04-04-2014 23:04:36
Running from D:\
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() D:\Garena Plus\ggdllhost.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Razer Inc.) D:\Gameboost\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Wondershare\Wondershare Application Center\WACService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files\Virtual Router Plus\VirtualRouterPlus.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-607481587-205909089-1653279136-1000\...\Run: [GarenaPlus] - D:\Garena Plus\GarenaMessenger.exe [9899312 2014-02-26] ()
HKU\S-1-5-21-607481587-205909089-1653279136-1000\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3825232 2014-02-21] (Tonec Inc.)
HKU\S-1-5-21-607481587-205909089-1653279136-1000\...\MountPoints2: {90a44cce-9066-11e1-b88b-00e0b60c52b9} - F:\LaunchU3.exe -a
HKU\S-1-5-21-607481587-205909089-1653279136-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-607481587-205909089-1653279136-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
URLSearchHook: HKLM - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
URLSearchHook: HKCU - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D&q={searchTerms}
SearchScopes: HKCU - {7FC79DEE-E2A1-4F11-BD61-B21606070E33} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877
FF NewTab: hxxp://start.qone8.com/newtab/?type=nt&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
FF DefaultSearchEngine: qone8
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: qone8
FF Homepage: hxxp://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll ()
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @t.garena.com/garenatalk - D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qone8.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Quick Start - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877\Extensions\quick_start@gmail.com [2014-04-02]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-10-15]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012-04-29]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-25]
FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0h0mtgkr.default-1381155070877\extensions\quick_start@gmail.com [2014-04-02]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-02-21]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-02-21]
 
Chrome: 
=======
CHR HomePage: hxxp://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D
CHR RestoreOnStartup: "hxxp://start.qone8.com/?type=hp&ts=1396411804&from=mp3&uid=395049983_1052514_ECA2657D", "https://www.google.com.ph/"
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Garena Talk Plugin) - D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - D:\sldog\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - D:\sldog\Netscape6\nprpplugin.dll No File
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-21]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\user\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-01]
 
========================== Services (Whitelisted) =================
 
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [688240 2014-03-31] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 RzKLService; D:\Gameboost\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 WACService; C:\Program Files\Wondershare\Wondershare Application Center\WACService.exe [103272 2012-11-09] (Wondershare)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2012-04-26] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34216 2013-05-11] (Google Inc)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-09] (AVG Technologies)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43088 2013-04-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1265216 2011-09-09] (Ralink Technology Corp.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2011-12-09] (Wondershare)
R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2011-12-09] (Wondershare)
R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2011-12-09] (Wondershare)
R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2011-12-09] (Wondershare)
R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2011-12-09] (Wondershare)
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\D:\Gameboost\Driver\WinRing0.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-04 18:45 - 2014-04-04 21:55 - 00000334 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-04-04 18:45 - 2014-04-04 18:47 - 00000000 ____D () C:\Users\user\AppData\Local\Mobogenie
2014-04-04 18:45 - 2014-04-04 18:45 - 00000000 ____D () C:\Users\user\Documents\Mobogenie
2014-04-04 18:45 - 2014-04-04 18:45 - 00000000 ____D () C:\Users\user\AppData\Local\cache
2014-04-04 18:45 - 2014-04-04 18:45 - 00000000 ____D () C:\Users\user\AppData\Local\41
2014-04-04 18:45 - 2014-04-04 18:45 - 00000000 _____ () C:\Users\user\daemonprocess.txt
2014-04-02 12:40 - 2014-04-02 12:40 - 00000000 ____D () C:\Program Files\ESET
2014-04-02 12:35 - 2014-03-24 09:09 - 00000000 ____D () C:\Users\user\Desktop\TDSSKiller
2014-04-02 12:34 - 2014-03-24 09:09 - 00000000 ____D () C:\TDSSKiller
2014-04-02 12:29 - 2014-04-04 23:04 - 00000000 ____D () C:\FRST
2014-04-02 12:12 - 2014-04-02 12:12 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-02 12:12 - 2014-04-02 12:12 - 00000000 ____D () C:\Program Files\SupTab
2014-04-02 12:07 - 2014-04-04 18:30 - 00038934 _____ () C:\Windows\PFRO.log
2014-04-02 10:44 - 2014-04-02 12:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\SupTab
2014-04-02 10:43 - 2014-04-03 20:26 - 00000000 ____D () C:\ProgramData\WPM
2014-04-02 10:42 - 2014-04-02 13:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\qone8
2014-04-02 10:39 - 2014-04-02 10:44 - 00000000 ____D () C:\Users\user\AppData\Local\Oxy
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2014-04-02 10:20 - 2014-04-04 18:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Oxy
2014-03-31 14:56 - 2014-03-31 14:56 - 00000628 _____ () C:\Users\user\Desktop\Player ZhyperMU S6 EP3.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000955 _____ () C:\Users\UpdatusUser\Desktop\Metal Slug Saga.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000921 _____ () C:\Users\user\Desktop\Metal Slug Saga.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metal Slug Saga PC Collection
2014-03-30 18:44 - 2010-08-08 20:53 - 301303485 _____ () C:\Users\user\Desktop\MetalSlugPC.exe
2014-03-30 14:05 - 2014-03-11 13:24 - 00000000 ____D () C:\Users\user\Desktop\ss
2014-03-30 13:45 - 2014-04-01 13:28 - 00000000 ____D () C:\Users\user\Desktop\CCIS4B webdev
2014-03-30 12:09 - 2012-08-01 21:49 - 00001323 _____ () C:\Users\user\Desktop\post.php
2014-03-28 19:39 - 2014-03-28 19:39 - 00000000 ____D () C:\Users\user\Desktop\ppsspp_win
2014-03-28 19:38 - 2014-03-28 19:39 - 12648182 _____ () C:\Users\user\Desktop\ppsspp_win.zip
2014-03-25 19:14 - 2012-04-27 21:41 - 00000983 _____ () C:\Users\user\Desktop\GarenaMessenger - Shortcut.lnk
2014-03-25 15:56 - 2014-03-25 15:59 - 30104270 _____ () C:\Users\user\Desktop\Ps2 Bios.rar
2014-03-25 15:52 - 2014-03-25 15:55 - 15127264 _____ () C:\Users\user\Desktop\pcsx2-1.2.1-r5875-setup.exe
2014-03-24 17:41 - 2014-03-25 06:49 - 00000000 ____D () C:\Users\user\Desktop\sdsdsd
2014-03-23 19:30 - 2014-03-23 19:42 - 00000000 ____D () C:\Users\user\Desktop\lumibao
2014-03-20 23:17 - 2014-03-20 23:17 - 00001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-03-18 19:34 - 2014-03-17 22:12 - 00092672 _____ () C:\Users\user\Documents\Publication1.pub
2014-03-18 18:59 - 2014-04-01 23:10 - 00000000 ____D () C:\Users\user\Desktop\dont delete
2014-03-16 16:02 - 2014-03-16 16:02 - 00001023 _____ () C:\Users\Public\Desktop\Windows Movie Maker.lnk
2014-03-08 00:06 - 2014-04-04 18:30 - 00009126 _____ () C:\Windows\setupact.log
2014-03-08 00:06 - 2014-03-08 00:06 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
2014-04-04 23:04 - 2014-04-02 12:29 - 00000000 ____D () C:\FRST
2014-04-04 22:50 - 2012-07-31 19:47 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 22:27 - 2012-04-26 20:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 21:55 - 2014-04-04 18:45 - 00000334 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-04-04 20:26 - 2012-04-26 20:05 - 00783096 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 20:24 - 2012-07-02 23:13 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-607481587-205909089-1653279136-1000UA.job
2014-04-04 20:24 - 2012-07-02 23:13 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-607481587-205909089-1653279136-1000Core.job
2014-04-04 20:23 - 2013-12-03 19:00 - 00000650 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-04 18:54 - 2012-04-27 21:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\GarenaPlus
2014-04-04 18:54 - 2012-04-27 21:40 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-04-04 18:50 - 2014-04-02 10:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Oxy
2014-04-04 18:47 - 2014-04-04 18:45 - 00000000 ____D () C:\Users\user\AppData\Local\Mobogenie
2014-04-04 18:45 - 2014-04-04 18:45 - 00000000 ____D () C:\Users\user\Documents\Mobogenie
2014-04-04 18:45 - 2014-04-04 18:45 - 00000000 ____D () C:\Users\user\AppData\Local\cache
2014-04-04 18:45 - 2014-04-04 18:45 - 00000000 ____D () C:\Users\user\AppData\Local\41
2014-04-04 18:45 - 2014-04-04 18:45 - 00000000 _____ () C:\Users\user\daemonprocess.txt
2014-04-04 18:40 - 2012-07-24 19:59 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-04-04 18:30 - 2014-04-02 12:07 - 00038934 _____ () C:\Windows\PFRO.log
2014-04-04 18:30 - 2014-03-08 00:06 - 00009126 _____ () C:\Windows\setupact.log
2014-04-04 18:30 - 2013-06-08 08:40 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-04-04 18:30 - 2013-06-03 19:18 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-04-04 18:30 - 2012-07-31 19:47 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 18:30 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 00:25 - 2014-02-16 15:57 - 01648891 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 00:25 - 2013-01-25 21:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2014-04-03 20:26 - 2014-04-02 10:43 - 00000000 ____D () C:\ProgramData\WPM
2014-04-03 20:19 - 2009-07-14 12:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 20:19 - 2009-07-14 12:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 22:29 - 2013-11-15 15:55 - 00001511 _____ () C:\Users\user\Desktop\php tutorials.txt
2014-04-02 13:20 - 2014-04-02 10:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\qone8
2014-04-02 13:20 - 2013-10-11 07:18 - 00001061 _____ () C:\Users\user\Desktop\firefox - Shortcut.lnk
2014-04-02 12:40 - 2014-04-02 12:40 - 00000000 ____D () C:\Program Files\ESET
2014-04-02 12:12 - 2014-04-02 12:12 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-02 12:12 - 2014-04-02 12:12 - 00000000 ____D () C:\Program Files\SupTab
2014-04-02 12:12 - 2014-04-02 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\SupTab
2014-04-02 12:07 - 2013-11-11 21:58 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-02 12:05 - 2013-11-23 07:27 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-04-02 10:44 - 2014-04-02 10:39 - 00000000 ____D () C:\Users\user\AppData\Local\Oxy
2014-04-02 10:39 - 2014-04-02 10:39 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2014-04-02 08:52 - 2012-05-05 19:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-04-02 07:45 - 2012-04-26 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-01 23:10 - 2014-03-18 18:59 - 00000000 ____D () C:\Users\user\Desktop\dont delete
2014-04-01 13:28 - 2014-03-30 13:45 - 00000000 ____D () C:\Users\user\Desktop\CCIS4B webdev
2014-04-01 13:27 - 2013-12-02 21:05 - 00000000 ____D () C:\Users\user\Desktop\New folder
2014-03-31 14:56 - 2014-03-31 14:56 - 00000628 _____ () C:\Users\user\Desktop\Player ZhyperMU S6 EP3.lnk
2014-03-30 20:48 - 2014-02-26 23:48 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2014-03-30 19:17 - 2013-10-28 19:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2014-03-30 18:48 - 2014-03-30 18:48 - 00000955 _____ () C:\Users\UpdatusUser\Desktop\Metal Slug Saga.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000921 _____ () C:\Users\user\Desktop\Metal Slug Saga.lnk
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metal Slug Saga PC Collection
2014-03-30 11:18 - 2013-12-01 11:59 - 00000000 ____D () C:\Program Files\Virtual Router
2014-03-29 15:59 - 2013-01-21 19:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-03-28 19:43 - 2013-03-21 17:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-28 19:39 - 2014-03-28 19:39 - 00000000 ____D () C:\Users\user\Desktop\ppsspp_win
2014-03-28 19:39 - 2014-03-28 19:38 - 12648182 _____ () C:\Users\user\Desktop\ppsspp_win.zip
2014-03-25 15:59 - 2014-03-25 15:56 - 30104270 _____ () C:\Users\user\Desktop\Ps2 Bios.rar
2014-03-25 15:55 - 2014-03-25 15:52 - 15127264 _____ () C:\Users\user\Desktop\pcsx2-1.2.1-r5875-setup.exe
2014-03-25 06:49 - 2014-03-24 17:41 - 00000000 ____D () C:\Users\user\Desktop\sdsdsd
2014-03-24 19:31 - 2013-12-03 18:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\EurekaLog
2014-03-24 09:09 - 2014-04-02 12:35 - 00000000 ____D () C:\Users\user\Desktop\TDSSKiller
2014-03-24 09:09 - 2014-04-02 12:34 - 00000000 ____D () C:\TDSSKiller
2014-03-23 19:42 - 2014-03-23 19:30 - 00000000 ____D () C:\Users\user\Desktop\lumibao
2014-03-20 23:17 - 2014-03-20 23:17 - 00001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-03-18 11:27 - 2012-04-26 20:10 - 00112328 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 11:27 - 2009-07-14 12:33 - 00438320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 22:12 - 2014-03-18 19:34 - 00092672 _____ () C:\Users\user\Documents\Publication1.pub
2014-03-17 08:52 - 2012-05-04 17:50 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-16 21:19 - 2014-01-26 08:33 - 00035840 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-03-16 20:55 - 2012-04-26 20:01 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-03-16 16:02 - 2014-03-16 16:02 - 00001023 _____ () C:\Users\Public\Desktop\Windows Movie Maker.lnk
2014-03-16 16:02 - 2013-04-27 13:14 - 00000000 ____D () C:\Program Files\Windows Movie Maker
2014-03-16 15:43 - 2013-11-29 20:27 - 00000000 ____D () C:\Users\user\Downloads\Video
2014-03-12 18:27 - 2012-04-26 20:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 18:27 - 2012-04-26 20:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 13:24 - 2014-03-30 14:05 - 00000000 ____D () C:\Users\user\Desktop\ss
2014-03-08 00:06 - 2014-03-08 00:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-07 15:07 - 2012-04-27 18:51 - 00000000 ____D () C:\Users\user\AppData\Local\Google
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\htmlayout.dll
C:\Users\user\AppData\Local\Temp\PH_140306to140307.exe
C:\Users\user\AppData\Local\Temp\PH_140307to140325.exe
C:\Users\user\AppData\Local\Temp\PH_140325to140401v2.exe
C:\Users\user\AppData\Local\Temp\setup.exe
C:\Users\user\AppData\Local\Temp\setup__4177.exe
C:\Users\user\AppData\Local\Temp\tmp10DE.exe
C:\Users\user\AppData\Local\Temp\tmp52.exe
C:\Users\user\AppData\Local\Temp\tmp6308.exe
C:\Users\user\AppData\Local\Temp\tmp6748.exe
C:\Users\user\AppData\Local\Temp\tmp74D3.exe
C:\Users\user\AppData\Local\Temp\tmp78C9.exe
C:\Users\user\AppData\Local\Temp\tmp7F01.exe
C:\Users\user\AppData\Local\Temp\tmp89F8.exe
C:\Users\user\AppData\Local\Temp\tmpB065.exe
C:\Users\user\AppData\Local\Temp\tmpBC10.exe
C:\Users\user\AppData\Local\Temp\tmpC77D.exe
C:\Users\user\AppData\Local\Temp\tmpE115.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-31 13:26
 
==================== End Of Log ============================


#13 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 06 April 2014 - 09:07 AM

sir any reply? :(



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 07 April 2014 - 03:41 AM

Sorry, I was off for the weekend.

 

 

Please download this tool and save it to your desktop: http://go.microsoft.com/fwlink/?linkid=52012

Run the file by double click and press the "Continue" button.

When the tool is finished, click the "Copy" button in the lower right corner.

Reply to your topic here, right click into the reply box and select paste.

Post up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Blatch

Blatch
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 07 April 2014 - 05:57 AM

oh, i see sir. sorry for being impatient because the pilefile downloads random file in my pc.
 
 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {5AC207AF-02D4-461C-92E7-FD595264ED76}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120305-1505
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070005]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070005]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070005]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070005]
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5AC207AF-02D4-461C-92E7-FD595264ED76}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-607481587-205909089-1653279136</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080015 </Version><SMBIOSVersion major="2" minor="6"/><Date>20110120000000.000000+000</Date></BIOS><HWID>6FC93307018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65925</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7601.0000-3272013
Installation ID: 002436462923831311626072501080225934042211861183372385
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 4/7/2014 6:56:00 PM
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80070005
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: PAAAAAEAAgABAAEAAQAGAAAAAwABAAEAJJQmUWxDAjWSAOa9INwIc+AE1COmGKiNEqnSDHh662UdGhh5
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC 012011 APIC0947
  FACP 012011 FACP0947
  SRAT AMD   FAM_F_10
  HPET 012011 OEMHPET0
  MCFG 012011 OEMMCFG 
  WDRT 012011 NV-WDRT 
  OEMB 012011 OEMB0947
  SSDT A M I POWERNOW
  SLIC ACRSYS ACRPRDCT





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users