Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avg 2014 won't start "blocked by group policy"


  • This topic is locked This topic is locked
12 replies to this topic

#1 chitrahadi

chitrahadi

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 14 June 2014 - 03:24 AM

Yesterday I noticed avg icon not on the tray, so i tried to run it but i got "this program is blocked by group policy. For more information, contact your system administrator". Please Help me.



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 14 June 2014 - 06:22 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 chitrahadi

chitrahadi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 15 June 2014 - 10:18 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by Sales02 (ATTENTION: The logged in user is not administrator) on SALES02-HP on 16-06-2014 10:09:19
Running from C:\Users\Sales02\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [RemoveDir] - cmd.exe /c rmdir /q "c:\Program Files (x86)\Hewlett-Packard\DeviceAccessManager\"
HKLM\...\RunOnce: [MfeEpeHb.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpeHb.sys [13256 2011-07-13] (McAfee, Inc.)
HKLM\...\RunOnce: [MfeEpePc.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpePc.sys [158280 2011-07-13] (McAfee, Inc.)
HKLM\...\RunOnce: [MfeEpeOpal.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpeOpal.sys [91080 2011-07-13] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [SymSilent] - "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service [762296 2011-05-09] (Symantec Corporation)
HKLM-x32\...\RunOnce: [BrUrl] - rundll32 url.dll,FileProtocolHandler http://www.brother.com/rd/productreserch/eng/ [232960 2013-10-09] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [AVG] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] ( (AVG Technologies CZ, s.r.o.))
HKLM\...\Policies\Explorer\Run: [Brother] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] ( (Brother Industries, Ltd.))
HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Sales02\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=77fa9091452047d3a3bffd0dbbe9626a-2f9c7eabf23d52a3354edb03cd6b83f15e9c6b28 /CMPID=1213b
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\MountPoints2: {14924638-532d-11e3-a031-2c44fd0d8b99} - F:\iLinker.exe
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-360307259-2332166340-3667939215-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://archright.dyndns.biz:3829/desknow/index.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/89
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://archright.dyndns.biz:8888/DVRemoteAx.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://archright.dyndns.biz:81/WebClient.exe
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sales02\AppData\Roaming\Mozilla\Firefox\Profiles\z0s3iifi.default
FF Homepage: hxxp://archright.dyndns.biz:8080/admin
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @EDVR/WebClient - C:\windows\system32\WebClient\npwebclient.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

Chrome:
=======
CHR DefaultSearchKeyword: google.co.id
CHR Extension: (Google Docs) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-14]
CHR Extension: (YouTube) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-13]
CHR Extension: (Google Search) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-06-13]
CHR Extension: (Skype Click to Call) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-13]
CHR Extension: (Gmail) - C:\Users\Sales02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\35.0.1916.52\remoting_host.exe [51016 2014-04-17] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-28] (Hewlett-Packard Company) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-06-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-06-13] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-10-10] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 10:09 - 2014-06-16 10:09 - 00015933 _____ () C:\Users\Sales02\Desktop\FRST.txt
2014-06-16 10:08 - 2014-06-16 10:08 - 00000000 ____D () C:\Users\Sales02\Desktop\FRST-OlderVersion
2014-06-14 16:27 - 2014-06-14 16:40 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-14 16:27 - 2014-06-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-14 16:27 - 2014-06-14 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 15:41 - 2014-06-14 15:41 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Sales02\Downloads\SkypeSetup.exe
2014-06-14 15:10 - 2014-06-14 15:10 - 02081792 _____ (Farbar) C:\Users\Sales02\Downloads\FRST64.exe
2014-06-14 14:44 - 2014-06-14 14:44 - 00688992 ____R (Swearware) C:\Users\Sales02\Downloads\dds.com
2014-06-14 11:51 - 2014-06-14 11:51 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-14 11:24 - 2014-06-14 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 11:13 - 2014-06-16 10:09 - 00000000 ____D () C:\FRST
2014-06-14 11:11 - 2014-06-14 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sales02\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 11:04 - 2014-06-16 10:08 - 02081280 _____ (Farbar) C:\Users\Sales02\Desktop\FRST64.exe
2014-06-14 09:49 - 2014-06-14 11:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 09:49 - 2014-06-14 11:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 09:46 - 2014-06-14 09:48 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Sales02\Downloads\spybot-2.3.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Google
2014-06-13 17:58 - 2014-06-13 17:58 - 07475200 _____ () C:\Users\Sales02\Downloads\chromeremotedesktophost.msi
2014-06-13 17:53 - 2014-06-13 17:53 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 17:53 - 2014-06-13 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-13 17:52 - 2014-06-16 09:57 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 17:52 - 2014-06-16 09:47 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 17:52 - 2014-06-13 17:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-13 17:52 - 2014-06-13 17:53 - 00000000 ____D () C:\Users\Sales02\AppData\Local\Google
2014-06-13 13:18 - 2014-06-13 13:18 - 00096318 _____ () C:\Users\Sales02\Desktop\FP JOY JORDAN 140613.tif
2014-06-11 11:24 - 2014-06-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-02 11:51 - 2014-06-02 11:51 - 00000000 ____D () C:\Program1
2014-06-02 11:49 - 2014-06-02 11:49 - 00001360 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-06-02 11:49 - 2014-06-02 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

==================== One Month Modified Files and Folders =======

2014-06-16 10:09 - 2014-06-16 10:09 - 00015933 _____ () C:\Users\Sales02\Desktop\FRST.txt
2014-06-16 10:09 - 2014-06-14 11:13 - 00000000 ____D () C:\FRST
2014-06-16 10:09 - 2013-11-22 09:32 - 00000000 ____D () C:\Users\Sales02\AppData\Local\Temp
2014-06-16 10:08 - 2014-06-16 10:08 - 00000000 ____D () C:\Users\Sales02\Desktop\FRST-OlderVersion
2014-06-16 10:08 - 2014-06-14 11:04 - 02081280 _____ (Farbar) C:\Users\Sales02\Desktop\FRST64.exe
2014-06-16 09:57 - 2014-06-13 17:52 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 09:51 - 2009-07-14 11:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 09:51 - 2009-07-14 11:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 09:49 - 2013-11-22 09:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-16 09:47 - 2014-06-13 17:52 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-16 09:45 - 2013-11-22 09:34 - 01164225 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 09:44 - 2014-01-29 10:00 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-06-16 09:44 - 2014-01-29 10:00 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-16 09:44 - 2013-11-22 16:50 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-16 09:43 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-16 09:43 - 2009-07-14 11:51 - 00077199 _____ () C:\Windows\setupact.log
2014-06-14 17:28 - 2014-03-25 17:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 16:40 - 2014-06-14 16:27 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-14 16:40 - 2014-06-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-14 16:40 - 2014-01-22 15:15 - 00000000 ____D () C:\ProgramData\Skype
2014-06-14 16:30 - 2014-02-05 15:16 - 00000000 ____D () C:\Chitrahadi
2014-06-14 16:27 - 2014-06-14 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 16:27 - 2014-01-22 15:15 - 00000000 ____D () C:\Users\Sales02\AppData\Roaming\Skype
2014-06-14 15:41 - 2014-06-14 15:41 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Sales02\Downloads\SkypeSetup.exe
2014-06-14 15:10 - 2014-06-14 15:10 - 02081792 _____ (Farbar) C:\Users\Sales02\Downloads\FRST64.exe
2014-06-14 14:44 - 2014-06-14 14:44 - 00688992 ____R (Swearware) C:\Users\Sales02\Downloads\dds.com
2014-06-14 11:52 - 2014-06-14 09:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 11:52 - 2010-11-21 10:47 - 00356844 _____ () C:\Windows\PFRO.log
2014-06-14 11:51 - 2014-06-14 11:51 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-14 11:51 - 2014-06-14 09:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 11:24 - 2014-06-14 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 11:12 - 2014-06-14 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sales02\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 09:48 - 2014-06-14 09:46 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Sales02\Downloads\spybot-2.3.exe
2014-06-13 19:07 - 2013-12-02 11:11 - 00000000 ____D () C:\Users\Sales02\Desktop\Service FootPrint
2014-06-13 18:29 - 2013-11-22 10:55 - 00000000 ____D () C:\Users\Administrator
2014-06-13 18:07 - 2013-11-22 09:45 - 00001712 __RSH () C:\Users\Sales02\ntuser.pol
2014-06-13 18:07 - 2013-11-22 09:32 - 00000000 ____D () C:\Users\Sales02
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Google
2014-06-13 17:59 - 2014-06-13 17:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-13 17:58 - 2014-06-13 17:58 - 07475200 _____ () C:\Users\Sales02\Downloads\chromeremotedesktophost.msi
2014-06-13 17:53 - 2014-06-13 17:53 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 17:53 - 2014-06-13 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-13 17:53 - 2014-06-13 17:52 - 00000000 ____D () C:\Users\Sales02\AppData\Local\Google
2014-06-13 13:18 - 2014-06-13 13:18 - 00096318 _____ () C:\Users\Sales02\Desktop\FP JOY JORDAN 140613.tif
2014-06-12 15:20 - 2009-07-14 12:13 - 00775032 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 09:54 - 2013-11-22 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 11:24 - 2014-06-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 18:29 - 2014-02-27 21:57 - 00000000 ____D () C:\Users\Sales02\Desktop\JOHAN FILE
2014-06-09 19:55 - 2013-12-02 10:45 - 00000000 ___RD () C:\Users\Sales02\Desktop\Customer Photo Surabaya
2014-06-07 09:50 - 2013-11-23 14:38 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-02 19:31 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-02 11:51 - 2014-06-02 11:51 - 00000000 ____D () C:\Program1
2014-06-02 11:49 - 2014-06-02 11:49 - 00001360 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-06-02 11:49 - 2014-06-02 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-31 12:50 - 2014-02-27 21:57 - 00000000 ____D () C:\Users\Sales02\Desktop\DODDY FILE
2014-05-31 09:37 - 2013-11-23 14:38 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2014-05-24 09:50 - 2013-11-22 09:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-22 10:40 - 2014-02-27 21:59 - 00000000 ____D () C:\Users\Sales02\Desktop\CHITRA FILE

Some content of TEMP:
====================
C:\Users\Sales02\AppData\Local\Temp\_is451B.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by Sales02 at 2014-06-16 10:09:58
Running from C:\Users\Sales02\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.20.2217.13859 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.20.2217.13859 - Alcor Micro Corp.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3964 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brava! Reader 7.2 (HKLM-x32\...\{F692A3C3-8718-448C-9BBF-0186CBB7B7A4}) (Version: 7.2.0.72 - IGC)
Brother MFL-Pro Suite DCP-J140W (HKLM-x32\...\{2FF959E3-FFE4-46C4-96DA-03F26BCFEFCC}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Chrome Remote Desktop Host (HKLM-x32\...\{7027908B-573C-4C77-84D4-C488679BCD6F}) (Version: 35.0.1916.52 - Google Inc.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
FotoSlate 4 (HKLM-x32\...\{BBA1B6EB-7AB4-4EC3-8B80-2E38BDC09FE1}) (Version: 4.0.146 - ACD Systems International Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 4.5.12120 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Network Print Monitor for Windows (HKLM-x32\...\Network Print Monitor) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TOSHIBA e-STUDIO File Downloader (HKLM-x32\...\{3A7FCD04-8197-4C59-A0F2-7461307FCD2F}) (Version: 1.24.000 - TOSHIBA TEC CORPORATION)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebClient (HKLM-x32\...\WebClient) (Version:  - )
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 09:34 - 2014-04-09 17:12 - 00003190 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.dm5.com
127.0.0.1 www.facebook.com
127.0.0.1 www.kuaibo.com
127.0.0.1 site.baidu.com
127.0.0.1 tieba.baidu.com
127.0.0.1 image.baidu.com
127.0.0.1 v.baidu.com
127.0.0.1 music.baidu.com
127.0.0.1 www.baidu.com
127.0.0.1 cforum.cari.com.my
127.0.0.1 www.cari.com.my
127.0.0.1 mbox.kuwo.cn
127.0.0.1 www.youtube.com
127.0.0.1 www.spotify.com
127.0.0.1 www.kugou.com
127.0.0.1 http://playinfo.gomlab.com/eng.html
127.0.0.1 4shared.com
127.0.0.1 http://q.gs/59Ahp
127.0.0.1 blogspot.com
127.0.0.1 http://www.filehippo.com/
127.0.0.1 http://ganool.com/
127.0.0.1 http://www.bet365.com/home/FlashGen4/WebConsoleApp.asp?affiliate=365_064791&cb=1088062010
127.0.0.1 http://vube.com/trending?t=s
127.0.0.1 http://www.filesfrog.com/
127.0.0.1 http://www.kaskus.co.id/
127.0.0.1 http://fileunlckr.com/
127.0.0.1 http://learni.st/
127.0.0.1 http://www.bhinneka.com/aspx/bhindexpc.aspx
127.0.0.1 http://www.emuparadise.me/

There are 39 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2014-05-24 09:47 - 2014-05-24 09:47 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-22 09:52 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-11-22 09:52 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: File Sanitizer => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2014 05:05:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x454
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 04:42:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x1380
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 04:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x10d8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 04:25:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sales02-HP)
Description: Application or service 'Skype Click to Call PNR Service' could not be restarted.

Error: (06/14/2014 04:25:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sales02-HP)
Description: Application or service 'Skype Click to Call Updater' could not be restarted.

Error: (06/14/2014 03:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x8d8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 03:56:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x46c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 03:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x1560
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 03:46:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x1554
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 03:44:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x1248
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3


System errors:
=============
Error: (06/14/2014 09:36:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/14/2014 09:36:21 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/13/2014 05:25:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/13/2014 05:25:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/13/2014 00:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/12/2014 11:01:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/12/2014 11:01:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/11/2014 10:04:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/11/2014 10:04:15 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/10/2014 10:28:57 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{4DAA4C29-2130-4BE8-B011-49B59EB7F2D7}.
The backup browser is stopping.


Microsoft Office Sessions:
=========================
Error: (06/14/2014 05:05:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f45401cf87b526bd2cbeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll6036fbca-f3ab-11e3-b1a3-2c44fd0d8b99

Error: (06/14/2014 04:42:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f138001cf87b4ba60dd55C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll2b16a46a-f3a8-11e3-b1a3-2c44fd0d8b99

Error: (06/14/2014 04:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f10d801cf87b2d20569f5C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll43133bfd-f3a6-11e3-a22b-2c44fd0d8b99

Error: (06/14/2014 04:25:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sales02-HP)
Description: 0SkypeC2CPNRSvc.exeSkype Click to Call PNR Service03026217819600

Error: (06/14/2014 04:25:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sales02-HP)
Description: 0SkypeC2CAutoUpdateSvc.exeSkype Click to Call Updater03026217818440

Error: (06/14/2014 03:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f8d801cf87aea78f4e32C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll1d2c18d0-f3a2-11e3-a22b-2c44fd0d8b99

Error: (06/14/2014 03:56:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f46c01cf87ae5bb386a1C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dlld79c292a-f3a1-11e3-a22b-2c44fd0d8b99

Error: (06/14/2014 03:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f156001cf87ad9e4a881bC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll50b20564-f3a1-11e3-94a2-2c44fd0d8b99

Error: (06/14/2014 03:46:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f155401cf87acf1404898C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll62490694-f3a0-11e3-94a2-2c44fd0d8b99

Error: (06/14/2014 03:44:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f124801cf87ac9cad5af7C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll0daf6d5c-f3a0-11e3-94a2-2c44fd0d8b99


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3981.22 MB
Available physical RAM: 1806.49 MB
Total Pagefile: 7960.64 MB
Available Pagefile: 6052 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.68 GB) (Free:408.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.88 GB) (Free:0.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive p: (Share Folder) (Network) (Total:683.59 GB) (Free:681 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#4 chitrahadi

chitrahadi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 15 June 2014 - 10:27 PM

Dear aharonov, now i can't sign in to skype.

details :

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    Skype.exe
  Application Version:    6.16.0.105
  Application Timestamp:    536b4342
  Fault Module Name:    KERNELBASE.dll
  Fault Module Version:    6.1.7601.18015
  Fault Module Timestamp:    50b83c8a
  Exception Code:    e0fafafa
  Exception Offset:    0000c41f
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    3081
  Additional Information 1:    0a9e
  Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
  Additional Information 3:    0a9e
  Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
 



#5 chitrahadi

chitrahadi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 01 July 2014 - 10:25 PM

Dear all,

Please help me to solve this problem :(



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 02 July 2014 - 01:40 AM

Sorry I missed your reply.
Please repeat the scan with FRST, but this time run it with administrator privileges (you have to enter the admin password for that).


Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#7 chitrahadi

chitrahadi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 02 July 2014 - 01:58 AM

dear aharonov

below is the scan result

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Administrator (administrator) on SALES02-HP on 02-07-2014 13:53:56
Running from C:\Users\Sales02\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [RemoveDir] - cmd.exe /c rmdir /q "c:\Program Files (x86)\Hewlett-Packard\DeviceAccessManager\"
HKLM\...\RunOnce: [MfeEpeHb.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpeHb.sys [13256 2011-07-13] (McAfee, Inc.)
HKLM\...\RunOnce: [MfeEpePc.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpePc.sys [158280 2011-07-13] (McAfee, Inc.)
HKLM\...\RunOnce: [MfeEpeOpal.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpeOpal.sys [91080 2011-07-13] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [SymSilent] - "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service [762296 2011-05-09] (Symantec Corporation)
HKLM-x32\...\RunOnce: [BrUrl] - rundll32 url.dll,FileProtocolHandler http://www.brother.com/rd/productreserch/eng/ [232960 2013-10-09] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [AVG] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] ( (AVG Technologies CZ, s.r.o.))
HKLM\...\Policies\Explorer\Run: [Brother] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] ( (Brother Industries, Ltd.))
HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Sales02\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=77fa9091452047d3a3bffd0dbbe9626a-2f9c7eabf23d52a3354edb03cd6b83f15e9c6b28 /CMPID=1213b
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\MountPoints2: {14924638-532d-11e3-a031-2c44fd0d8b99} - F:\iLinker.exe
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Run: [kfwqfaok] => regsvr32.exe "C:\ProgramData\kfwqfaok.dat"
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\MountPoints2: {28b934cb-538c-11e3-ae96-806e6f6e6963} - E:\DLSELECT.EXE
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-360307259-2332166340-3667939215-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/89
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/89
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://archright.dyndns.biz:8888/DVRemoteAx.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://archright.dyndns.biz:81/WebClient.exe
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\eltf152a.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @EDVR/WebClient - C:\windows\system32\WebClient\npwebclient.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

Chrome:
=======
CHR DefaultSearchKeyword: google.co.id
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Skype Click to Call) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe [51016 2014-06-09] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-28] (Hewlett-Packard Company) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-06-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-06-13] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-10-10] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-02 13:53 - 2014-07-02 13:54 - 00019339 _____ () C:\Users\Sales02\Desktop\FRST.txt
2014-07-02 11:11 - 2014-07-02 11:32 - 00000000 ____D () C:\Users\Sales02\Desktop\4 theme song
2014-06-30 17:11 - 2014-06-30 17:11 - 00015273 _____ () C:\Users\Sales02\Desktop\Payment Without Proof 25.06.2014.xlsx
2014-06-16 10:08 - 2014-07-02 13:53 - 00000000 ____D () C:\Users\Sales02\Desktop\FRST-OlderVersion
2014-06-14 16:27 - 2014-06-14 16:40 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-14 16:27 - 2014-06-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-14 16:27 - 2014-06-14 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 15:41 - 2014-06-14 15:41 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Sales02\Downloads\SkypeSetup.exe
2014-06-14 15:10 - 2014-06-14 15:10 - 02081792 _____ (Farbar) C:\Users\Sales02\Downloads\FRST64.exe
2014-06-14 15:03 - 2014-06-14 15:48 - 00016351 _____ () C:\Users\Administrator\Documents\DDS.txt
2014-06-14 15:03 - 2014-06-14 15:48 - 00003054 _____ () C:\Users\Administrator\Documents\Attach.txt
2014-06-14 14:45 - 2014-06-14 15:47 - 00016351 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-06-14 14:45 - 2014-06-14 15:47 - 00003054 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-06-14 14:44 - 2014-06-14 14:44 - 00688992 ____R (Swearware) C:\Users\Sales02\Downloads\dds.com
2014-06-14 11:51 - 2014-06-14 11:51 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-14 11:24 - 2014-06-14 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 11:13 - 2014-07-02 13:53 - 00000000 ____D () C:\FRST
2014-06-14 11:11 - 2014-06-14 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sales02\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 11:04 - 2014-07-02 13:53 - 02083840 _____ (Farbar) C:\Users\Sales02\Desktop\FRST64.exe
2014-06-14 09:50 - 2014-06-14 09:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-14 09:49 - 2014-06-14 11:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 09:49 - 2014-06-14 11:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 09:46 - 2014-06-14 09:48 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Sales02\Downloads\spybot-2.3.exe
2014-06-13 18:13 - 2014-06-13 18:13 - 00070872 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Google
2014-06-13 17:58 - 2014-06-13 17:58 - 07475200 _____ () C:\Users\Sales02\Downloads\chromeremotedesktophost.msi
2014-06-13 17:53 - 2014-06-13 17:53 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 17:53 - 2014-06-13 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-13 17:52 - 2014-07-02 13:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 17:52 - 2014-07-02 13:02 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 17:52 - 2014-06-23 14:57 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-13 17:52 - 2014-06-23 14:57 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-13 17:52 - 2014-06-19 09:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-13 17:52 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-13 17:52 - 2014-06-13 17:53 - 00000000 ____D () C:\Users\Sales02\AppData\Local\Google
2014-06-13 13:18 - 2014-06-13 13:18 - 00096318 _____ () C:\Users\Sales02\Desktop\FP JOY JORDAN 140613.tif
2014-06-11 11:24 - 2014-06-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-02 11:51 - 2014-06-02 11:51 - 00000000 ____D () C:\Program1
2014-06-02 11:49 - 2014-06-02 11:49 - 00001360 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-06-02 11:49 - 2014-06-02 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

==================== One Month Modified Files and Folders =======

2014-07-02 13:54 - 2014-07-02 13:53 - 00019339 _____ () C:\Users\Sales02\Desktop\FRST.txt
2014-07-02 13:53 - 2014-06-16 10:08 - 00000000 ____D () C:\Users\Sales02\Desktop\FRST-OlderVersion
2014-07-02 13:53 - 2014-06-14 11:13 - 00000000 ____D () C:\FRST
2014-07-02 13:53 - 2014-06-14 11:04 - 02083840 _____ (Farbar) C:\Users\Sales02\Desktop\FRST64.exe
2014-07-02 13:52 - 2013-11-27 12:27 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sales02-HP-Sales02 Sales02-HP
2014-07-02 13:51 - 2014-06-13 17:52 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 13:28 - 2014-03-25 17:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 13:02 - 2014-06-13 17:52 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 11:32 - 2014-07-02 11:11 - 00000000 ____D () C:\Users\Sales02\Desktop\4 theme song
2014-07-02 10:53 - 2013-11-22 09:34 - 01958114 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 09:46 - 2009-07-14 11:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-02 09:46 - 2009-07-14 11:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-02 09:44 - 2013-11-22 09:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-02 09:39 - 2014-01-29 10:00 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-02 09:39 - 2014-01-29 10:00 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-02 09:39 - 2013-11-22 16:50 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-02 09:38 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 09:38 - 2009-07-14 11:51 - 00078431 _____ () C:\Windows\setupact.log
2014-07-01 18:34 - 2013-12-02 11:11 - 00000000 ____D () C:\Users\Sales02\Desktop\Service FootPrint
2014-06-30 17:11 - 2014-06-30 17:11 - 00015273 _____ () C:\Users\Sales02\Desktop\Payment Without Proof 25.06.2014.xlsx
2014-06-28 16:38 - 2013-12-02 10:45 - 00000000 ___RD () C:\Users\Sales02\Desktop\Customer Photo Surabaya
2014-06-24 19:31 - 2009-07-14 12:13 - 00775032 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 14:57 - 2014-06-13 17:52 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 14:57 - 2014-06-13 17:52 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 17:51 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-20 09:41 - 2010-11-21 10:47 - 00362368 _____ () C:\Windows\PFRO.log
2014-06-19 15:53 - 2014-02-05 15:16 - 00000000 ____D () C:\Chitrahadi
2014-06-19 10:17 - 2013-11-22 09:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 09:58 - 2014-06-13 17:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-19 09:53 - 2014-04-01 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-18 17:22 - 2013-11-22 09:52 - 00002005 _____ () C:\Users\Public\Desktop\Brava! Reader.lnk
2014-06-18 17:22 - 2013-11-22 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brava! Reader
2014-06-17 17:19 - 2014-02-27 21:57 - 00000000 ____D () C:\Users\Sales02\Desktop\JOHAN FILE
2014-06-16 10:24 - 2014-01-22 15:15 - 00000000 ____D () C:\Users\Sales02\AppData\Roaming\Skype
2014-06-14 16:40 - 2014-06-14 16:27 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-14 16:40 - 2014-06-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-14 16:40 - 2014-01-22 15:15 - 00000000 ____D () C:\ProgramData\Skype
2014-06-14 16:27 - 2014-06-14 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 15:48 - 2014-06-14 15:03 - 00016351 _____ () C:\Users\Administrator\Documents\DDS.txt
2014-06-14 15:48 - 2014-06-14 15:03 - 00003054 _____ () C:\Users\Administrator\Documents\Attach.txt
2014-06-14 15:47 - 2014-06-14 14:45 - 00016351 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-06-14 15:47 - 2014-06-14 14:45 - 00003054 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-06-14 15:41 - 2014-06-14 15:41 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Sales02\Downloads\SkypeSetup.exe
2014-06-14 15:10 - 2014-06-14 15:10 - 02081792 _____ (Farbar) C:\Users\Sales02\Downloads\FRST64.exe
2014-06-14 14:44 - 2014-06-14 14:44 - 00688992 ____R (Swearware) C:\Users\Sales02\Downloads\dds.com
2014-06-14 11:52 - 2014-06-14 09:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 11:51 - 2014-06-14 11:51 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-14 11:51 - 2014-06-14 09:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 11:24 - 2014-06-14 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 11:12 - 2014-06-14 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sales02\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 09:50 - 2014-06-14 09:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-14 09:48 - 2014-06-14 09:46 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Sales02\Downloads\spybot-2.3.exe
2014-06-13 18:29 - 2014-06-13 17:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-13 18:29 - 2013-11-22 10:55 - 00001330 __RSH () C:\Users\Administrator\ntuser.pol
2014-06-13 18:29 - 2013-11-22 10:55 - 00000000 ____D () C:\Users\Administrator
2014-06-13 18:13 - 2014-06-13 18:13 - 00070872 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 18:07 - 2013-11-22 09:45 - 00001712 __RSH () C:\Users\Sales02\ntuser.pol
2014-06-13 18:07 - 2013-11-22 09:32 - 00000000 ____D () C:\Users\Sales02
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Google
2014-06-13 17:58 - 2014-06-13 17:58 - 07475200 _____ () C:\Users\Sales02\Downloads\chromeremotedesktophost.msi
2014-06-13 17:53 - 2014-06-13 17:53 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 17:53 - 2014-06-13 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-13 17:53 - 2014-06-13 17:52 - 00000000 ____D () C:\Users\Sales02\AppData\Local\Google
2014-06-13 13:18 - 2014-06-13 13:18 - 00096318 _____ () C:\Users\Sales02\Desktop\FP JOY JORDAN 140613.tif
2014-06-12 09:54 - 2013-11-22 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 11:24 - 2014-06-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-07 09:50 - 2013-11-23 14:38 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-02 11:51 - 2014-06-02 11:51 - 00000000 ____D () C:\Program1
2014-06-02 11:49 - 2014-06-02 11:49 - 00001360 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-06-02 11:49 - 2014-06-02 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\CountInstallation.exe
C:\Users\Administrator\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Sales02\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Sales02\AppData\Local\Temp\_is451B.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 10:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
Ran by Administrator at 2014-07-02 13:54:26
Running from C:\Users\Sales02\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.20.2217.13859 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.20.2217.13859 - Alcor Micro Corp.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brava! Reader 7.2 (HKLM-x32\...\{F692A3C3-8718-448C-9BBF-0186CBB7B7A4}) (Version: 7.2.0.96 - IGC)
Brother MFL-Pro Suite DCP-J140W (HKLM-x32\...\{2FF959E3-FFE4-46C4-96DA-03F26BCFEFCC}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Chrome Remote Desktop Host (HKLM-x32\...\{E64DFAE4-63F1-4795-88E6-5BE209B78849}) (Version: 36.0.1985.62 - Google Inc.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
FotoSlate 4 (HKLM-x32\...\{BBA1B6EB-7AB4-4EC3-8B80-2E38BDC09FE1}) (Version: 4.0.146 - ACD Systems International Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 4.5.12120 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Network Print Monitor for Windows (HKLM-x32\...\Network Print Monitor) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TOSHIBA e-STUDIO File Downloader (HKLM-x32\...\{3A7FCD04-8197-4C59-A0F2-7461307FCD2F}) (Version: 1.24.000 - TOSHIBA TEC CORPORATION)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebClient (HKLM-x32\...\WebClient) (Version:  - )
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)

==================== Restore Points  =========================

09-06-2014 03:52:07 Scheduled Checkpoint
13-06-2014 10:59:10 Installed Chrome Remote Desktop Host
14-06-2014 08:40:05 Removed Skype™ 6.16
14-06-2014 09:20:28 Removed Skype™ 6.16
14-06-2014 09:24:35 Removed Skype Click to Call
23-06-2014 03:40:17 Scheduled Checkpoint
01-07-2014 03:21:59 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 09:34 - 2014-04-09 17:12 - 00003190 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.dm5.com
127.0.0.1 www.facebook.com
127.0.0.1 www.kuaibo.com
127.0.0.1 site.baidu.com
127.0.0.1 tieba.baidu.com
127.0.0.1 image.baidu.com
127.0.0.1 v.baidu.com
127.0.0.1 music.baidu.com
127.0.0.1 www.baidu.com
127.0.0.1 cforum.cari.com.my
127.0.0.1 www.cari.com.my
127.0.0.1 mbox.kuwo.cn
127.0.0.1 www.youtube.com
127.0.0.1 www.spotify.com
127.0.0.1 www.kugou.com
127.0.0.1 http://playinfo.gomlab.com/eng.html
127.0.0.1 4shared.com
127.0.0.1 http://q.gs/59Ahp
127.0.0.1 blogspot.com
127.0.0.1 http://www.filehippo.com/
127.0.0.1 http://ganool.com/
127.0.0.1 http://www.bet365.com/home/FlashGen4/WebConsoleApp.asp?affiliate=365_064791&cb=1088062010
127.0.0.1 http://vube.com/trending?t=s
127.0.0.1 http://www.filesfrog.com/
127.0.0.1 http://www.kaskus.co.id/
127.0.0.1 http://fileunlckr.com/
127.0.0.1 http://learni.st/
127.0.0.1 http://www.bhinneka.com/aspx/bhindexpc.aspx
127.0.0.1 http://www.emuparadise.me/

There are 39 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {09658AAD-99B6-4100-8389-1D0B86A83011} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-06] (Hewlett-Packard Company)
Task: {2BAD2424-D5F5-4D75-99F1-C8F81A3BC23E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-24] (CyberLink)
Task: {31067AEB-D50E-46CE-B0D3-F902B6D3F573} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {347BBC69-7FDC-49BD-B1DC-577590134227} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-09-28] (Hewlett-Packard Company)
Task: {78E5D2EC-D91F-4F5B-BFCB-2F248CC4911E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Sales02-HP-Sales02 Sales02-HP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation)
Task: {9F0793DB-BF2D-4735-A508-02B03A8DF2FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-13] (Google Inc.)
Task: {A5253D05-A3B2-42AC-9DA4-F577C3A2AB79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-28] (Hewlett-Packard Company)
Task: {BE0CE30D-8374-4C8C-B285-0D395F6789B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-28] (Hewlett-Packard Company)
Task: {D46C4483-D301-44F0-89D6-E22435B79DAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {EA5B5B35-E8CC-47F8-AF80-11648ED0008D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {FA0772DE-A184-4001-B552-5462FAD81568} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-13] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 10:13 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-09 17:08 - 2012-06-13 11:39 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-11-22 10:27 - 2005-04-22 11:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2014-06-19 10:14 - 2014-06-19 10:14 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-22 09:52 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-11-22 10:27 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-10-09 17:08 - 2012-06-13 11:42 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-06-19 10:06 - 2014-06-19 10:06 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: File Sanitizer => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2014 05:05:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BravaReader.exe version 7.2.0.48 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f8c

Start Time: 01cf8c6f081db523

Termination Time: 0

Application Path: C:\Program Files (x86)\IGC\Brava! Reader\BravaReader.exe

Report Id: 59c5ad31-f862-11e3-aba0-2c44fd0d8b99

Error: (06/16/2014 10:25:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x11ac
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 05:05:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x454
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 04:42:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x1380
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 04:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x10d8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 04:25:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sales02-HP)
Description: Application or service 'Skype Click to Call PNR Service' could not be restarted.

Error: (06/14/2014 04:25:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sales02-HP)
Description: Application or service 'Skype Click to Call Updater' could not be restarted.

Error: (06/14/2014 03:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x8d8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 03:56:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x46c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (06/14/2014 03:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 6.16.0.105, time stamp: 0x536b4342
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe0fafafa
Fault offset: 0x0000c41f
Faulting process id: 0x1560
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3


System errors:
=============
Error: (07/01/2014 05:07:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {00020827-0000-0000-C000-000000000046}

Error: (06/27/2014 07:25:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {84F66100-FF7C-4FB4-B0C0-02CD7FB668FE}

Error: (06/23/2014 11:47:27 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{4DAA4C29-2130-4BE8-B011-49B59EB7F2D7}.
The backup browser is stopping.

Error: (06/20/2014 09:41:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:23:50 PM on ‎19/‎06/‎2014 was unexpected.

Error: (06/14/2014 09:36:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/14/2014 09:36:21 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/13/2014 05:25:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/13/2014 05:25:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/13/2014 00:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/12/2014 11:01:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (06/20/2014 05:05:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BravaReader.exe7.2.0.48f8c01cf8c6f081db5230C:\Program Files (x86)\IGC\Brava! Reader\BravaReader.exe59c5ad31-f862-11e3-aba0-2c44fd0d8b99

Error: (06/16/2014 10:25:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f11ac01cf891280a71f1fC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dlledb6b2d9-f505-11e3-93c2-2c44fd0d8b99

Error: (06/14/2014 05:05:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f45401cf87b526bd2cbeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll6036fbca-f3ab-11e3-b1a3-2c44fd0d8b99

Error: (06/14/2014 04:42:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f138001cf87b4ba60dd55C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll2b16a46a-f3a8-11e3-b1a3-2c44fd0d8b99

Error: (06/14/2014 04:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f10d801cf87b2d20569f5C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll43133bfd-f3a6-11e3-a22b-2c44fd0d8b99

Error: (06/14/2014 04:25:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sales02-HP)
Description: 0SkypeC2CPNRSvc.exeSkype Click to Call PNR Service03026217819600

Error: (06/14/2014 04:25:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sales02-HP)
Description: 0SkypeC2CAutoUpdateSvc.exeSkype Click to Call Updater03026217818440

Error: (06/14/2014 03:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f8d801cf87aea78f4e32C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll1d2c18d0-f3a2-11e3-a22b-2c44fd0d8b99

Error: (06/14/2014 03:56:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f46c01cf87ae5bb386a1C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dlld79c292a-f3a1-11e3-a22b-2c44fd0d8b99

Error: (06/14/2014 03:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342KERNELBASE.dll6.1.7601.1801550b83c8ae0fafafa0000c41f156001cf87ad9e4a881bC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll50b20564-f3a1-11e3-94a2-2c44fd0d8b99


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3981.22 MB
Available physical RAM: 2368.57 MB
Total Pagefile: 7960.64 MB
Available Pagefile: 6445.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.68 GB) (Free:405.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.88 GB) (Free:0.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E12D4E58)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 02 July 2014 - 06:06 AM

Alright. You had a banking trojan running on your system that also steals passwords. So change your credentials when we're done.


Step 1

Please download this attached Attached File  fixlist.txt   452bytes   19 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.



Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.

Edited by aharonov, 02 July 2014 - 06:06 AM.


#9 chitrahadi

chitrahadi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 03 July 2014 - 06:24 AM

dear aharonov,

 

eset scan result

 

C:\Users\Administrator\AppData\Local\Temp\is-GBS7C.tmp\OpenCandy.exe    a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Sales02\Desktop\cdbxp_setup_4.5.2.4291.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Sales02\Downloads\SlipGAJI1.exe    a variant of Win32/4Shared.R potentially unwanted application
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Administrator (administrator) on SALES02-HP on 03-07-2014 18:23:23
Running from C:\Users\Sales02\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [RemoveDir] - cmd.exe /c rmdir /q "c:\Program Files (x86)\Hewlett-Packard\DeviceAccessManager\"
HKLM\...\RunOnce: [MfeEpeHb.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpeHb.sys [13256 2011-07-13] (McAfee, Inc.)
HKLM\...\RunOnce: [MfeEpePc.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpePc.sys [158280 2011-07-13] (McAfee, Inc.)
HKLM\...\RunOnce: [MfeEpeOpal.sys] - CMD /C DEL /F C:\Windows\system32\drivers\MfeEpeOpal.sys [91080 2011-07-13] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [SymSilent] - "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service [762296 2011-05-09] (Symantec Corporation)
HKLM-x32\...\RunOnce: [BrUrl] - rundll32 url.dll,FileProtocolHandler http://www.brother.com/rd/productreserch/eng/ [232960 2013-10-09] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [AVG] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] ( (AVG Technologies CZ, s.r.o.))
HKLM\...\Policies\Explorer\Run: [Brother] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] ( (Brother Industries, Ltd.))
HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Sales02\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=77fa9091452047d3a3bffd0dbbe9626a-2f9c7eabf23d52a3354edb03cd6b83f15e9c6b28 /CMPID=1213b
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-1001\...\MountPoints2: {14924638-532d-11e3-a031-2c44fd0d8b99} - F:\iLinker.exe
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-360307259-2332166340-3667939215-500\...\MountPoints2: {28b934cb-538c-11e3-ae96-806e6f6e6963} - E:\DLSELECT.EXE
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-360307259-2332166340-3667939215-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/89
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/89
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/89
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://archright.dyndns.biz:8888/DVRemoteAx.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://archright.dyndns.biz:81/WebClient.exe
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\eltf152a.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @EDVR/WebClient - C:\windows\system32\WebClient\npwebclient.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

Chrome:
=======
CHR DefaultSearchKeyword: google.co.id
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Skype Click to Call) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.62\remoting_host.exe [51016 2014-06-09] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-28] (Hewlett-Packard Company) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-06-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-06-13] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-10-10] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 18:23 - 2014-07-03 18:23 - 00019734 _____ () C:\Users\Sales02\Desktop\FRST.txt
2014-07-03 18:19 - 2014-07-03 18:19 - 00000336 _____ () C:\Users\Sales02\Desktop\eset.txt
2014-07-03 10:57 - 2014-07-03 10:57 - 00025145 _____ () C:\Users\Sales02\Downloads\GA rank under IN (2).xlsx
2014-07-03 10:47 - 2014-07-03 10:47 - 00000336 _____ () C:\Users\Sales02\Desktop\ESETSCANRESULT.txt
2014-07-03 10:17 - 2014-07-03 10:17 - 00000000 ____D () C:\Users\Sales02\Desktop\New folder
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-02 18:22 - 2014-07-02 18:22 - 02347384 _____ (ESET) C:\Users\Sales02\Desktop\esetsmartinstaller_enu.exe
2014-07-02 11:11 - 2014-07-02 11:32 - 00000000 ____D () C:\Users\Sales02\Desktop\4 theme song
2014-06-30 17:11 - 2014-06-30 17:11 - 00015273 _____ () C:\Users\Sales02\Desktop\Payment Without Proof 25.06.2014.xlsx
2014-06-16 10:08 - 2014-07-02 13:53 - 00000000 ____D () C:\Users\Sales02\Desktop\FRST-OlderVersion
2014-06-14 16:27 - 2014-06-14 16:40 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-14 16:27 - 2014-06-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-14 16:27 - 2014-06-14 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 15:41 - 2014-06-14 15:41 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Sales02\Downloads\SkypeSetup.exe
2014-06-14 15:10 - 2014-06-14 15:10 - 02081792 _____ (Farbar) C:\Users\Sales02\Downloads\FRST64.exe
2014-06-14 15:03 - 2014-06-14 15:48 - 00016351 _____ () C:\Users\Administrator\Documents\DDS.txt
2014-06-14 15:03 - 2014-06-14 15:48 - 00003054 _____ () C:\Users\Administrator\Documents\Attach.txt
2014-06-14 14:45 - 2014-06-14 15:47 - 00016351 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-06-14 14:45 - 2014-06-14 15:47 - 00003054 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-06-14 14:44 - 2014-06-14 14:44 - 00688992 ____R (Swearware) C:\Users\Sales02\Downloads\dds.com
2014-06-14 11:51 - 2014-06-14 11:51 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-14 11:24 - 2014-06-14 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 11:13 - 2014-07-03 18:23 - 00000000 ____D () C:\FRST
2014-06-14 11:11 - 2014-06-14 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sales02\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 11:04 - 2014-07-02 13:53 - 02083840 _____ (Farbar) C:\Users\Sales02\Desktop\FRST64.exe
2014-06-14 09:50 - 2014-06-14 09:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-14 09:49 - 2014-06-14 11:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 09:49 - 2014-06-14 11:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 09:46 - 2014-06-14 09:48 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Sales02\Downloads\spybot-2.3.exe
2014-06-13 18:13 - 2014-06-13 18:13 - 00070872 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Google
2014-06-13 17:58 - 2014-06-13 17:58 - 07475200 _____ () C:\Users\Sales02\Downloads\chromeremotedesktophost.msi
2014-06-13 17:53 - 2014-06-13 17:53 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 17:53 - 2014-06-13 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-13 17:52 - 2014-07-03 18:02 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 17:52 - 2014-07-03 15:02 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 17:52 - 2014-06-23 14:57 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-13 17:52 - 2014-06-23 14:57 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-13 17:52 - 2014-06-19 09:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-13 17:52 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-13 17:52 - 2014-06-13 17:53 - 00000000 ____D () C:\Users\Sales02\AppData\Local\Google
2014-06-13 13:18 - 2014-06-13 13:18 - 00096318 _____ () C:\Users\Sales02\Desktop\FP JOY JORDAN 140613.tif
2014-06-11 11:24 - 2014-06-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-03 18:23 - 2014-07-03 18:23 - 00019734 _____ () C:\Users\Sales02\Desktop\FRST.txt
2014-07-03 18:23 - 2014-06-14 11:13 - 00000000 ____D () C:\FRST
2014-07-03 18:19 - 2014-07-03 18:19 - 00000336 _____ () C:\Users\Sales02\Desktop\eset.txt
2014-07-03 18:02 - 2014-06-13 17:52 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 17:46 - 2014-01-22 15:15 - 00000000 ____D () C:\Users\Sales02\AppData\Roaming\Skype
2014-07-03 17:29 - 2013-11-27 12:27 - 00004988 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sales02-HP-Sales02 Sales02-HP
2014-07-03 17:28 - 2014-03-25 17:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 15:02 - 2014-06-13 17:52 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 11:18 - 2009-07-14 12:13 - 00775032 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 11:13 - 2009-07-14 11:51 - 00078599 _____ () C:\Windows\setupact.log
2014-07-03 10:58 - 2013-11-22 09:34 - 02055547 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 10:57 - 2014-07-03 10:57 - 00025145 _____ () C:\Users\Sales02\Downloads\GA rank under IN (2).xlsx
2014-07-03 10:47 - 2014-07-03 10:47 - 00000336 _____ () C:\Users\Sales02\Desktop\ESETSCANRESULT.txt
2014-07-03 10:17 - 2014-07-03 10:17 - 00000000 ____D () C:\Users\Sales02\Desktop\New folder
2014-07-03 10:10 - 2014-07-03 10:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-03 10:04 - 2009-07-14 11:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 10:04 - 2009-07-14 11:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 10:02 - 2013-11-22 09:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-03 09:57 - 2014-01-29 10:00 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-03 09:57 - 2014-01-29 10:00 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-03 09:57 - 2013-11-22 16:50 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-03 09:57 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 19:07 - 2013-12-02 11:11 - 00000000 ____D () C:\Users\Sales02\Desktop\Service FootPrint
2014-07-02 18:22 - 2014-07-02 18:22 - 02347384 _____ (ESET) C:\Users\Sales02\Desktop\esetsmartinstaller_enu.exe
2014-07-02 17:03 - 2013-12-02 10:45 - 00000000 ___RD () C:\Users\Sales02\Desktop\Customer Photo Surabaya
2014-07-02 16:27 - 2014-02-27 21:57 - 00000000 ____D () C:\Users\Sales02\Desktop\JOHAN FILE
2014-07-02 13:53 - 2014-06-16 10:08 - 00000000 ____D () C:\Users\Sales02\Desktop\FRST-OlderVersion
2014-07-02 13:53 - 2014-06-14 11:04 - 02083840 _____ (Farbar) C:\Users\Sales02\Desktop\FRST64.exe
2014-07-02 11:32 - 2014-07-02 11:11 - 00000000 ____D () C:\Users\Sales02\Desktop\4 theme song
2014-06-30 17:11 - 2014-06-30 17:11 - 00015273 _____ () C:\Users\Sales02\Desktop\Payment Without Proof 25.06.2014.xlsx
2014-06-23 14:57 - 2014-06-13 17:52 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 14:57 - 2014-06-13 17:52 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 17:51 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-20 09:41 - 2010-11-21 10:47 - 00362368 _____ () C:\Windows\PFRO.log
2014-06-19 15:53 - 2014-02-05 15:16 - 00000000 ____D () C:\Chitrahadi
2014-06-19 10:17 - 2013-11-22 09:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 09:58 - 2014-06-13 17:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-19 09:53 - 2014-04-01 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-18 17:22 - 2013-11-22 09:52 - 00002005 _____ () C:\Users\Public\Desktop\Brava! Reader.lnk
2014-06-18 17:22 - 2013-11-22 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brava! Reader
2014-06-14 16:40 - 2014-06-14 16:27 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-14 16:40 - 2014-06-14 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-14 16:40 - 2014-01-22 15:15 - 00000000 ____D () C:\ProgramData\Skype
2014-06-14 16:27 - 2014-06-14 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 15:48 - 2014-06-14 15:03 - 00016351 _____ () C:\Users\Administrator\Documents\DDS.txt
2014-06-14 15:48 - 2014-06-14 15:03 - 00003054 _____ () C:\Users\Administrator\Documents\Attach.txt
2014-06-14 15:47 - 2014-06-14 14:45 - 00016351 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-06-14 15:47 - 2014-06-14 14:45 - 00003054 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-06-14 15:41 - 2014-06-14 15:41 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Sales02\Downloads\SkypeSetup.exe
2014-06-14 15:10 - 2014-06-14 15:10 - 02081792 _____ (Farbar) C:\Users\Sales02\Downloads\FRST64.exe
2014-06-14 14:44 - 2014-06-14 14:44 - 00688992 ____R (Swearware) C:\Users\Sales02\Downloads\dds.com
2014-06-14 11:52 - 2014-06-14 09:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 11:51 - 2014-06-14 11:51 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-14 11:51 - 2014-06-14 09:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 11:24 - 2014-06-14 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 11:12 - 2014-06-14 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sales02\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 09:50 - 2014-06-14 09:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-14 09:48 - 2014-06-14 09:46 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Sales02\Downloads\spybot-2.3.exe
2014-06-13 18:29 - 2014-06-13 17:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-13 18:29 - 2013-11-22 10:55 - 00001330 __RSH () C:\Users\Administrator\ntuser.pol
2014-06-13 18:29 - 2013-11-22 10:55 - 00000000 ____D () C:\Users\Administrator
2014-06-13 18:13 - 2014-06-13 18:13 - 00070872 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 18:07 - 2013-11-22 09:45 - 00001712 __RSH () C:\Users\Sales02\ntuser.pol
2014-06-13 18:07 - 2013-11-22 09:32 - 00000000 ____D () C:\Users\Sales02
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Google
2014-06-13 17:58 - 2014-06-13 17:58 - 07475200 _____ () C:\Users\Sales02\Downloads\chromeremotedesktophost.msi
2014-06-13 17:53 - 2014-06-13 17:53 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 17:53 - 2014-06-13 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-13 17:53 - 2014-06-13 17:52 - 00000000 ____D () C:\Users\Sales02\AppData\Local\Google
2014-06-13 13:18 - 2014-06-13 13:18 - 00096318 _____ () C:\Users\Sales02\Desktop\FP JOY JORDAN 140613.tif
2014-06-12 09:54 - 2013-11-22 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 11:24 - 2014-06-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-07 09:50 - 2013-11-23 14:38 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-07 09:50 - 2013-11-23 14:38 - 00000000 ____D () C:\Program Files (x86)\LogMeIn

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\CountInstallation.exe
C:\Users\Administrator\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Sales02\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Sales02\AppData\Local\Temp\_is451B.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 10:51

==================== End Of Log ===========================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 03 July 2014 - 10:55 AM

Looking better. How is your computer running? Which problems or symptoms are still present?

#11 chitrahadi

chitrahadi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 03 July 2014 - 09:53 PM

Dear Aharonov, now everthing runs smoothly. There's no preset problems. Thank you very much for your help.

Is there any programs i should install to prevent such problem ?



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 04 July 2014 - 01:38 AM

Great, this is good to hear!


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java 7 Update 55




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 03 September 2014 - 06:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users