Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying browser keeps redirecting


  • This topic is locked This topic is locked
16 replies to this topic

#1 hadugen82

hadugen82

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 24 April 2015 - 08:16 AM

Every time I click something anywhere on a webpage, I am being redirected to an advert page.
I have to click back many times and this is annoying. Ran Malwarebytes and many registry keys affected.
Haven't remove anything yet.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Administrator (administrator) on ADIB-ASUS on 24-04-2015 21:10:36
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Nisha & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
() C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}\MiPhoneManagerSetup-2.1.0.10221.zip.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-10] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {c66f9b57-c3b3-11e3-90c5-f46d04325438} - E:\SISetup.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {d4f63321-9407-11e4-b416-f46d04325438} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {e2336c8e-12ce-11df-b806-0025d3ac9fa9} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MiPhoneManagerSetup-2.1.0.10221.zip.lnk [2015-04-10]
ShortcutTarget: MiPhoneManagerSetup-2.1.0.10221.zip.lnk -> C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}\MiPhoneManagerSetup-2.1.0.10221.zip.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-01-25]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY&q={searchTerms}
HKU\S-1-5-21-4094388179-336663474-334905840-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY
HKU\S-1-5-21-4094388179-336663474-334905840-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY
URLSearchHook: HKU\S-1-5-21-4094388179-336663474-334905840-500 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY&q={searchTerms}
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} http://webmail.muis.gov.sg/iNotes6W.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-31] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\searchplugins\mystartsearch.xml [2015-04-21]
FF Extension: SAlePlus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\6g@fQdf.edu [2015-04-10]
FF Extension: bestadblocker - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\Lc@BL0gFXSD.org [2015-04-10]
FF Extension: EnJoyCOupon - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\lQ@z2UFgrTfd.net [2015-04-19]
FF Extension: Search Enginer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\searchengine@gmail.com [2015-04-10]
FF Extension: AdPunisher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\_ujhgwpvtlbfu@sdmclslismpbssrwx.edu [2015-04-19]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\extensions\searchengine@gmail.com
FF HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://sg.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-12]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-12]
CHR Extension: (GeoSurf) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcojommnmjppaaaoigokgoohdhbfhlf [2015-04-10]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-12]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 ce0aaa3b; c:\Program Files (x86)\SystemPreserve\SystemPreserve.dll [1683968 2015-04-10] () [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2014-05-18] (Macromedia) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-25] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 AmUStor; system32\drivers\AmUStor.SYS [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 SliceDisk5; \??\C:\Users\ADMINI~1\AppData\Local\Temp\slicedisk-x64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 21:10 - 2015-04-24 21:11 - 00021356 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-04-24 21:10 - 2015-04-24 21:10 - 00000000 ____D () C:\FRST
2015-04-24 21:06 - 2015-04-24 21:06 - 02099712 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-04-24 20:45 - 2015-04-24 20:45 - 00000422 _____ () C:\Users\Administrator\Desktop\impian advert.txt
2015-04-18 06:44 - 2015-04-18 06:44 - 00509440 _____ (Tech Support Guy System) C:\Users\Administrator\Downloads\SysInfo.exe
2015-04-17 20:54 - 2015-04-17 20:54 - 00000079 _____ () C:\Program Files (x86)\prefs.js
2015-04-17 20:53 - 2015-04-17 20:53 - 00000000 ____D () C:\Program Files (x86)\SaveeNewaAPpz
2015-04-17 20:32 - 2015-04-22 20:59 - 00000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-17 20:32 - 2015-04-17 20:32 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2015-04-16 19:58 - 2015-04-16 20:01 - 14777047 _____ () C:\Users\Administrator\Desktop\Canon Rock - Sungha Jung.flv
2015-04-16 19:55 - 2015-04-16 19:58 - 13555872 _____ () C:\Users\Administrator\Desktop\Disney Pixar Cars Lighnting McQueen dreams helping Sally Batman Robin Spider-Man Toy story Imaginext.flv
2015-04-13 20:07 - 2015-04-13 20:09 - 12241333 _____ () C:\Users\Administrator\Desktop\Nasheed - Arabic Alphabet Song with Zaky - HD.flv
2015-04-10 22:07 - 2015-04-10 22:07 - 00062479 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Azry Pusat.zip
2015-04-10 21:59 - 2015-04-10 22:00 - 00096732 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Munirah Izat.zip
2015-04-10 21:11 - 2015-04-10 21:11 - 00000000 ____D () C:\Program Files (x86)\SystemPreserve
2015-04-10 21:09 - 2015-04-10 21:09 - 00000000 ____D () C:\Program Files (x86)\GeoSurf
2015-04-10 21:08 - 2015-04-17 20:54 - 00000000 ____D () C:\ProgramData\734388593211039175
2015-04-10 21:07 - 2015-04-10 21:08 - 00000000 ____D () C:\Program Files (x86)\SAlePlus
2015-04-10 21:07 - 2015-04-10 21:07 - 00000000 ____D () C:\ProgramData\khefmpicooohcjbljdopoifgpljedpoo
2015-04-10 21:06 - 2015-04-13 18:45 - 00000000 ____D () C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}
2015-04-10 21:05 - 2015-04-10 21:05 - 00465408 _____ () C:\Users\Administrator\Downloads\MiPhoneManagerSetup-2.1.0.10221.zip.exe
2015-04-10 20:48 - 2015-04-10 20:48 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____D () C:\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Public\Thunder Network
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\ProgramData\Thunder Network
2015-04-05 11:11 - 2015-04-05 11:11 - 00000000 ____D () C:\Users\Administrator\Desktop\Pantun P2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 21:09 - 2010-12-26 10:33 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job
2015-04-24 20:43 - 2014-02-25 08:16 - 00000000 ____D () C:\Users\Administrator\Desktop\Impian
2015-04-24 20:42 - 2014-02-12 20:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 20:39 - 2012-11-13 18:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-24 20:34 - 2010-01-25 03:06 - 01225566 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 20:29 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 20:29 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 20:22 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\HTC MediaHub
2015-04-24 20:20 - 2015-03-11 06:20 - 00003188 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2015-04-24 20:20 - 2014-02-12 20:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 20:20 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 20:20 - 2009-07-14 12:51 - 00154586 _____ () C:\Windows\setupact.log
2015-04-22 23:52 - 2015-03-19 23:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Marymount Stuff
2015-04-21 00:12 - 2015-02-13 20:48 - 00000000 ____D () C:\Users\Administrator\Documents\PaySlip2015
2015-04-19 21:29 - 2010-06-06 09:39 - 00073310 _____ () C:\Windows\PFRO.log
2015-04-19 14:09 - 2010-12-26 10:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job
2015-04-17 20:54 - 2015-01-30 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-17 20:44 - 2014-02-12 20:51 - 00002064 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 20:43 - 2015-03-23 19:29 - 00000000 ____D () C:\Users\Administrator\Desktop\Warkah Zon Tgh
2015-04-17 20:39 - 2012-11-13 18:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 20:39 - 2012-11-13 18:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 20:39 - 2012-11-13 18:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 20:40 - 2009-07-14 13:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 20:07 - 2015-03-01 21:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-04-12 19:28 - 2010-01-25 04:02 - 00002607 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-04-10 20:48 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\.android
2015-03-28 11:42 - 2009-07-14 13:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 22:36 - 2015-03-12 11:31 - 00000000 ____D () C:\Users\Nisha\Desktop\Education
2015-03-26 20:30 - 2015-03-11 21:11 - 00000000 ____D () C:\Users\Nisha\AppData\Local\HTC MediaHub
 
==================== Files in the root of some directories =======
 
2015-04-17 20:54 - 2015-04-17 20:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-05-19 01:19 - 2014-05-31 14:53 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-17 20:32 - 2015-04-22 20:59 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-19 15:32 - 2015-04-19 15:43 - 0011830 _____ () C:\Users\Administrator\AppData\Local\Temp-log.txt
2013-09-26 07:30 - 2013-09-26 07:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-27 16:20 - 2010-03-27 16:20 - 0005037 _____ () C:\ProgramData\esswogwb.bbd
2010-01-25 03:47 - 2009-09-11 01:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-01-25 03:42 - 2010-01-25 03:43 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-01-25 03:42 - 2010-01-25 03:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\atl80.dll
C:\Users\Administrator\AppData\Local\Temp\DrvImgEx.exe
C:\Users\Administrator\AppData\Local\Temp\FindAndMount.exe
C:\Users\Administrator\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Administrator\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Administrator\AppData\Local\Temp\lame_enc.dll
C:\Users\Administrator\AppData\Local\Temp\mfc80.dll
C:\Users\Administrator\AppData\Local\Temp\mfc80u.dll
C:\Users\Administrator\AppData\Local\Temp\mfcm80.dll
C:\Users\Administrator\AppData\Local\Temp\mfcm80u.dll
C:\Users\Administrator\AppData\Local\Temp\MiSetupFullPackage.exe
C:\Users\Administrator\AppData\Local\Temp\msvcm80.dll
C:\Users\Administrator\AppData\Local\Temp\msvcp80.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr71.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr80.dll
C:\Users\Administrator\AppData\Local\Temp\PC Wizard.exe
C:\Users\Administrator\AppData\Local\Temp\pcwiz32.dll
C:\Users\Administrator\AppData\Local\Temp\pcwiz32x.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizard.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizbch.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizcfi.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizdx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizdxb.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizgfx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizhid.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizkbm.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizlcd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizmdl.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizmp3.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizosd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizpda.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizphx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizpwd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizsty.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizvdo.dll
C:\Users\Administrator\AppData\Local\Temp\pqimgstr.dll
C:\Users\Administrator\AppData\Local\Temp\python24.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\savepart.exe
C:\Users\Administrator\AppData\Local\Temp\SHSetup.exe
C:\Users\Administrator\AppData\Local\Temp\spartwin.exe
C:\Users\Administrator\AppData\Local\Temp\tbZyn0.dll
C:\Users\Administrator\AppData\Local\Temp\TmDbg32.dll
C:\Users\Administrator\AppData\Local\Temp\TmDbg64.dll
C:\Users\Administrator\AppData\Local\Temp\_fstools.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-16 02:54
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:46 AM

Posted 24 April 2015 - 11:28 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    GeoSurf
    MykonosInspector
    SAlePlus
    SaveeNewaAPpz
    SpyHunter
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware. (NEW VERSION)
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 24 April 2015 - 11:29 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 hadugen82

hadugen82
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 April 2015 - 12:43 AM

# AdwCleaner v4.202 - Logfile created 25/04/2015 at 11:59:09
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Home Premium  (x64)
# Username : Administrator - ADIB-ASUS
# Running from : C:\Users\Administrator\Desktop\adwcleaner_4.202.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : 73dc0be2
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SuperbApp
Folder Deleted : C:\ProgramData\cd5035f8000022ee
Folder Deleted : C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\searchengine@gmail.com
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\6g@fQdf.edu
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\Lc@BL0gFXSD.org
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\lQ@z2UFgrTfd.net
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\ProgramData\khefmpicooohcjbljdopoifgpljedpoo
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\Users\Nisha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
Folder Deleted : C:\Users\Nisha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\searchplugins\mystartsearch.xml
File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\8cefd40b-b38b-ed59-610d-3218a91e6f88
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{73dc0be2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17153
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
[tj7j2f2a.default-1397352596530\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "mystartsearch");
[tj7j2f2a.default-1397352596530\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
[tj7j2f2a.default-1397352596530\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[tj7j2f2a.default-1397352596530\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
[tj7j2f2a.default-1397352596530\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1428671510&from=wpc&uid=ST9320325AS_5VD73NWYXXXX5VD73NWY&q={searchTerms}");
[tj7j2f2a.default-1397352596530\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "mystartsearch");
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : khefmpicooohcjbljdopoifgpljedpoo
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
[C:\Users\Nisha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : khefmpicooohcjbljdopoifgpljedpoo
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [6847 bytes] - [13/04/2014 09:35:20]
AdwCleaner[R1].txt - [27660 bytes] - [25/04/2015 11:43:42]
AdwCleaner[S0].txt - [5906 bytes] - [13/04/2014 09:39:27]
AdwCleaner[S1].txt - [10799 bytes] - [25/04/2015 11:59:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10859  bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 25/4/2015
Scan Time: 12:17:55 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.04.24.08
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 466015
Time Elapsed: 1 hr, 3 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 hadugen82

hadugen82
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 April 2015 - 12:47 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Administrator (administrator) on ADIB-ASUS on 25-04-2015 13:29:12
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Nisha & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-10] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {c66f9b57-c3b3-11e3-90c5-f46d04325438} - E:\SISetup.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {d4f63321-9407-11e4-b416-f46d04325438} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {e2336c8e-12ce-11df-b806-0025d3ac9fa9} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MiPhoneManagerSetup-2.1.0.10221.zip.lnk [2015-04-10]
ShortcutTarget: MiPhoneManagerSetup-2.1.0.10221.zip.lnk -> C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}\MiPhoneManagerSetup-2.1.0.10221.zip.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-01-25]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-4094388179-336663474-334905840-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\S-1-5-21-4094388179-336663474-334905840-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4094388179-336663474-334905840-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} http://webmail.muis.gov.sg/iNotes6W.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-31] (Adobe Systems Inc.)
FF Extension: AdPunisher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\_ujhgwpvtlbfu@sdmclslismpbssrwx.edu [2015-04-19]
FF HKU\S-1-5-21-4094388179-336663474-334905840-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2014-05-18] (Macromedia) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-25] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-04-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 AmUStor; system32\drivers\AmUStor.SYS [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 SliceDisk5; \??\C:\Users\ADMINI~1\AppData\Local\Temp\slicedisk-x64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 13:28 - 2015-04-25 13:28 - 00001054 _____ () C:\Users\Administrator\Desktop\malware.txt
2015-04-25 12:16 - 2015-04-25 12:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 12:10 - 2015-04-25 12:10 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 12:10 - 2015-04-25 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 12:10 - 2015-04-25 12:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-25 12:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 12:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-25 11:49 - 2015-04-25 13:28 - 00000000 ____D () C:\ProgramData\TheAdBlock
2015-04-25 11:41 - 2015-04-25 11:42 - 02224640 _____ () C:\Users\Administrator\Desktop\adwcleaner_4.202.exe
2015-04-25 11:28 - 2015-04-25 13:28 - 00000000 ____D () C:\Program Files (x86)\comfix
2015-04-25 11:18 - 2015-04-25 11:18 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\VS Revo Group
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-25 11:18 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-04-25 11:10 - 2015-04-25 11:10 - 10801480 _____ (VS Revo Group ) C:\Users\Administrator\Downloads\RevoUninProSetup.exe
2015-04-24 21:12 - 2015-04-24 21:13 - 00036756 _____ () C:\Users\Administrator\Desktop\Addition.txt
2015-04-24 21:10 - 2015-04-25 13:29 - 00017125 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-04-24 21:10 - 2015-04-25 13:29 - 00000000 ____D () C:\FRST
2015-04-24 21:06 - 2015-04-24 21:06 - 02099712 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-04-24 20:45 - 2015-04-24 20:45 - 00000422 _____ () C:\Users\Administrator\Desktop\impian advert.txt
2015-04-18 06:44 - 2015-04-18 06:44 - 00509440 _____ (Tech Support Guy System) C:\Users\Administrator\Downloads\SysInfo.exe
2015-04-17 20:54 - 2015-04-17 20:54 - 00000079 _____ () C:\Program Files (x86)\prefs.js
2015-04-17 20:32 - 2015-04-25 13:28 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2015-04-17 20:32 - 2015-04-25 10:57 - 00000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-16 19:58 - 2015-04-16 20:01 - 14777047 _____ () C:\Users\Administrator\Desktop\Canon Rock - Sungha Jung.flv
2015-04-16 19:55 - 2015-04-16 19:58 - 13555872 _____ () C:\Users\Administrator\Desktop\Disney Pixar Cars Lighnting McQueen dreams helping Sally Batman Robin Spider-Man Toy story Imaginext.flv
2015-04-13 20:07 - 2015-04-13 20:09 - 12241333 _____ () C:\Users\Administrator\Desktop\Nasheed - Arabic Alphabet Song with Zaky - HD.flv
2015-04-10 22:07 - 2015-04-10 22:07 - 00062479 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Azry Pusat.zip
2015-04-10 21:59 - 2015-04-10 22:00 - 00096732 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Munirah Izat.zip
2015-04-10 21:08 - 2015-04-17 20:54 - 00000000 ____D () C:\ProgramData\734388593211039175
2015-04-10 20:48 - 2015-04-10 20:48 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____D () C:\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Public\Thunder Network
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\ProgramData\Thunder Network
2015-04-05 11:11 - 2015-04-05 11:11 - 00000000 ____D () C:\Users\Administrator\Desktop\Pantun P2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 13:28 - 2015-01-30 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-25 13:09 - 2010-12-26 10:33 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job
2015-04-25 12:42 - 2014-02-12 20:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 12:39 - 2012-11-13 18:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 12:10 - 2014-02-27 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 12:10 - 2014-02-27 13:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-25 12:09 - 2015-03-11 06:20 - 00003188 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2015-04-25 12:09 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\HTC MediaHub
2015-04-25 12:09 - 2014-02-12 20:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-25 12:09 - 2010-01-25 03:06 - 01258988 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 12:07 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-25 12:07 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 12:00 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 12:00 - 2009-07-14 12:51 - 00154698 _____ () C:\Windows\setupact.log
2015-04-25 11:59 - 2014-04-13 09:35 - 00000000 ____D () C:\AdwCleaner
2015-04-25 11:59 - 2010-06-06 09:39 - 00073860 _____ () C:\Windows\PFRO.log
2015-04-25 11:38 - 2014-09-14 11:34 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-04-24 20:43 - 2014-02-25 08:16 - 00000000 ____D () C:\Users\Administrator\Desktop\Impian
2015-04-22 23:52 - 2015-03-19 23:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Marymount Stuff
2015-04-21 00:12 - 2015-02-13 20:48 - 00000000 ____D () C:\Users\Administrator\Documents\PaySlip2015
2015-04-19 14:09 - 2010-12-26 10:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job
2015-04-17 20:44 - 2014-02-12 20:51 - 00002064 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 20:43 - 2015-03-23 19:29 - 00000000 ____D () C:\Users\Administrator\Desktop\Warkah Zon Tgh
2015-04-17 20:39 - 2012-11-13 18:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 20:39 - 2012-11-13 18:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 20:39 - 2012-11-13 18:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 20:40 - 2009-07-14 13:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 20:07 - 2015-03-01 21:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-04-12 19:28 - 2010-01-25 04:02 - 00002607 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-04-10 20:48 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\.android
2015-03-28 11:42 - 2009-07-14 13:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 22:36 - 2015-03-12 11:31 - 00000000 ____D () C:\Users\Nisha\Desktop\Education
2015-03-26 20:30 - 2015-03-11 21:11 - 00000000 ____D () C:\Users\Nisha\AppData\Local\HTC MediaHub
 
==================== Files in the root of some directories =======
 
2015-04-17 20:54 - 2015-04-17 20:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-05-19 01:19 - 2014-05-31 14:53 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-17 20:32 - 2015-04-25 10:57 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-19 15:32 - 2015-04-25 11:34 - 0011804 _____ () C:\Users\Administrator\AppData\Local\Temp-log.txt
2013-09-26 07:30 - 2013-09-26 07:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-27 16:20 - 2010-03-27 16:20 - 0005037 _____ () C:\ProgramData\esswogwb.bbd
2010-01-25 03:47 - 2009-09-11 01:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-01-25 03:42 - 2010-01-25 03:43 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-01-25 03:42 - 2010-01-25 03:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\atl80.dll
C:\Users\Administrator\AppData\Local\Temp\DrvImgEx.exe
C:\Users\Administrator\AppData\Local\Temp\FindAndMount.exe
C:\Users\Administrator\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Administrator\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Administrator\AppData\Local\Temp\lame_enc.dll
C:\Users\Administrator\AppData\Local\Temp\mfc80.dll
C:\Users\Administrator\AppData\Local\Temp\mfc80u.dll
C:\Users\Administrator\AppData\Local\Temp\mfcm80.dll
C:\Users\Administrator\AppData\Local\Temp\mfcm80u.dll
C:\Users\Administrator\AppData\Local\Temp\MiSetupFullPackage.exe
C:\Users\Administrator\AppData\Local\Temp\msvcm80.dll
C:\Users\Administrator\AppData\Local\Temp\msvcp80.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr71.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr80.dll
C:\Users\Administrator\AppData\Local\Temp\PC Wizard.exe
C:\Users\Administrator\AppData\Local\Temp\pcwiz32.dll
C:\Users\Administrator\AppData\Local\Temp\pcwiz32x.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizard.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizbch.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizcfi.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizdx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizdxb.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizgfx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizhid.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizkbm.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizlcd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizmdl.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizmp3.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizosd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizpda.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizphx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizpwd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizsty.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizvdo.dll
C:\Users\Administrator\AppData\Local\Temp\pqimgstr.dll
C:\Users\Administrator\AppData\Local\Temp\python24.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\savepart.exe
C:\Users\Administrator\AppData\Local\Temp\SHSetup.exe
C:\Users\Administrator\AppData\Local\Temp\spartwin.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\Administrator\AppData\Local\Temp\tbZyn0.dll
C:\Users\Administrator\AppData\Local\Temp\TmDbg32.dll
C:\Users\Administrator\AppData\Local\Temp\TmDbg64.dll
C:\Users\Administrator\AppData\Local\Temp\_fstools.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-16 02:54
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by Administrator at 2015-04-24 21:12:14
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4094388179-336663474-334905840-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4094388179-336663474-334905840-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4094388179-336663474-334905840-1002 - Limited - Enabled)
Nisha (S-1-5-21-4094388179-336663474-334905840-1003 - Limited - Enabled) => C:\Users\Nisha
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version:  - Microsoft)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version:  - Microsoft)
Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.23 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.36.1260 - eCareme Technologies, Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_PROHYBRIDR_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_PROHYBRIDR_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_PROHYBRIDR_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_PROHYBRIDR_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BSR Screen Recorder 5 (HKLM-x32\...\BSRScreenRecorder5) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0401-0000-0000000FF1CE}_PROHYBRIDR_{77A2A458-985F-490F-A258-D6B612F6E8BF}) (Version:  - Microsoft)
ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0401-0000-0000000FF1CE}_PROHYBRIDR_{0A800271-844D-4C58-8954-809C424462AF}) (Version:  - Microsoft)
ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0401-0000-0000000FF1CE}_PROHYBRIDR_{543B51B2-9613-45A1-AAE4-329D821E94AF}) (Version:  - Microsoft)
Express Gate (HKLM-x32\...\{865CD808-6D31-4269-9D36-693CFE75D26A}) (Version: 1.2.13.18 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
GeoSurf (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help ¸üР(KB963678) (HKLM-x32\...\{90120000-0016-0804-0000-0000000FF1CE}_PROHYBRIDR_{CECF0828-8F1F-4205-86B9-61683BAF0321}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678) (HKLM-x32\...\{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{15EEA099-97F0-4952-8597-88472FF062D2}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678) (HKLM-x32\...\{90120000-0016-0C04-0000-0000000FF1CE}_PROHYBRIDR_{E7CEA476-4DDD-4013-BB07-B053E3160C29}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help ©ºÑºÍѾഷ (KB963678) (HKLM-x32\...\{90120000-0016-041E-0000-0000000FF1CE}_PROHYBRIDR_{07419375-8A34-479C-831D-0EF4ADF4B945}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678) (HKLM-x32\...\{90120000-0016-041F-0000-0000000FF1CE}_PROHYBRIDR_{E792E914-5172-48B2-A58A-65C3F311C4E2}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help ¸üР(KB963677) (HKLM-x32\...\{90120000-001A-0804-0000-0000000FF1CE}_PROHYBRIDR_{CB739C4F-6ABE-4CB2-BC90-57583893094F}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669) (HKLM-x32\...\{90120000-0018-0C04-0000-0000000FF1CE}_PROHYBRIDR_{1E73141A-5BA5-4F90-920D-13D080499E45}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669) (HKLM-x32\...\{90120000-0018-0804-0000-0000000FF1CE}_PROHYBRIDR_{833A1F95-EEEB-47D3-B13F-3243AB2E7FA5}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669) (HKLM-x32\...\{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{A7688131-70CB-4945-BAFA-11053AC34D75}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help ©ºÑºÍѾഷ (KB963669) (HKLM-x32\...\{90120000-0018-041E-0000-0000000FF1CE}_PROHYBRIDR_{1075D7C8-AD2B-4717-A3B7-0E3C6417C5EA}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669) (HKLM-x32\...\{90120000-0018-041F-0000-0000000FF1CE}_PROHYBRIDR_{8C762073-C6A4-4A11-A639-1C73014FAE00}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665) (HKLM-x32\...\{90120000-001B-0C04-0000-0000000FF1CE}_PROHYBRIDR_{8DF0707E-D949-4176-98EC-2B54B8879F80}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help ¸üР(KB963665) (HKLM-x32\...\{90120000-001B-0804-0000-0000000FF1CE}_PROHYBRIDR_{53A3BCC0-3278-4729-8718-D17DEC19DE48}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665) (HKLM-x32\...\{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{AD30F628-2AAE-43E0-A0D8-CDFA976E6A9E}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help ©ºÑºÍѾഷ (KB963665) (HKLM-x32\...\{90120000-001B-041E-0000-0000000FF1CE}_PROHYBRIDR_{BA3C37F0-1BB7-4B44-8FB9-7DB86EE5BF39}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665) (HKLM-x32\...\{90120000-001B-041F-0000-0000000FF1CE}_PROHYBRIDR_{96E44099-EB0F-45A3-8831-40412110810D}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MyFreeCodec) (Version:  - )
MykonosInspector (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ce0aaa3b}) (Version:  - MykonosInspector) <==== ATTENTION
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0117 - REALTEK Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAlePlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version:  - ) <==== ATTENTION
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
SaveeNewaAPpz (HKLM-x32\...\{7304C9D1-98AD-55F0-636E-22D8DD57F176}) (Version:  - "") <==== ATTENTION
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SopCast 3.0.3 (HKLM-x32\...\SopCast) (Version: 3.0.3 - SopCast.com)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1700 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.12 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
25-03-2015 21:27:17 Windows Update
29-03-2015 10:01:21 Windows Update
05-04-2015 11:19:19 Windows Update
08-04-2015 20:51:51 Windows Update
13-04-2015 18:55:48 Windows Update
16-04-2015 20:00:47 Windows Update
20-04-2015 21:57:30 Windows Update
24-04-2015 20:32:29 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00CDCA0F-1B5B-4B9D-B63B-68DC9CE632D6} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-12] (TODO: <Company name>)
Task: {01865F6F-C8AC-41E5-B93C-2AA9BD58DC66} - System32\Tasks\{FFA45083-5543-40B4-8A66-67FA8F28B42C} => pcalua.exe -a "D:\Pakej Lengkap Multimedia\Macromedia Studio MX 2004\Studio MX\Accessibility\Install Flash MX 2004.exe" -d "D:\Pakej Lengkap Multimedia\Macromedia Studio MX 2004\Studio MX\Accessibility"
Task: {0DD00529-35DA-465E-B64A-A959BF04A1BD} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-24] (ATK)
Task: {269DB520-4CB8-4F05-894C-200133D765DA} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
Task: {368AA33E-87EA-4C32-B34C-1C5D82CFFBC4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-16] ()
Task: {45014314-A9B0-41DB-B0EE-DB8C54CF11FD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {4A9AF9E6-BBC6-404D-9D56-E5C3D4F52749} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {4CEB2CE7-0A00-41C0-AC4A-7F69836B016D} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)
Task: {4E88F4C8-3854-49D7-A3E5-768461C8BEC9} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {6FF4D56D-3130-4CD8-B9B1-8B31F4F745C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {783228A5-D22D-4305-867E-345E6C383720} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {7F847985-F3A1-4042-A6A8-50D2E8407819} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {86E67B07-CFD1-448F-9399-05CDEFF6A080} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {C5189A40-5BF0-4FBD-86AA-7BC9D263E60D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF12BA3F-56EC-445B-9D17-C54847E3D5CA} - System32\Tasks\{FC6A2D0B-487E-4987-8EC1-4871BDB54A96} => pcalua.exe -a "C:\Program Files\BSR Screen Recorder 5\Uninstall Screen Recorder 5.exe"
Task: {F3C071F9-7BA2-49AD-810F-4A49CA297E21} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-09] (ATK)
Task: {F7A11CFD-F8E3-4FCC-AF69-23FD5BA722E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-01-25 03:54 - 2007-08-08 16:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-04-14 22:26 - 2010-10-14 10:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL
2014-04-14 22:26 - 2010-10-14 10:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2008-10-01 15:02 - 2008-10-01 15:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-08-29 07:00 - 2009-08-29 07:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-29 03:43 - 2009-08-29 03:43 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-25 03:54 - 2007-03-10 10:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2010-01-25 04:01 - 2007-12-01 03:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-09-16 09:34 - 2009-09-16 09:34 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-10 21:06 - 2014-04-10 21:06 - 00465408 _____ () C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}\MiPhoneManagerSetup-2.1.0.10221.zip.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-12-18 15:27 - 2014-12-18 15:27 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-04-10 21:11 - 2015-04-10 21:11 - 01683968 _____ () c:\Program Files (x86)\SystemPreserve\SystemPreserve.dll
2014-12-18 15:25 - 2014-12-18 15:25 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 15:29 - 2014-12-18 15:29 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 15:31 - 2014-12-18 15:31 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:734E442A
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/03/2015 11:23:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6611.1000, time stamp: 0x4e5d44a0
Faulting module name: EXCEL.EXE, version: 12.0.6611.1000, time stamp: 0x4e5d44a0
Exception code: 0xc0000005
Fault offset: 0x0004bc53
Faulting process id: 0x1080
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
 
Error: (02/01/2015 01:47:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: ADIB-ASUS)
Description: Product: Adobe Reader 9.5.2 -- A process is running that cannot be shut down by Setup.  Please either close all applications and run Setup again, or restart your computer and run Setup again.
 
Error: (02/01/2015 01:47:02 PM) (Source: MsiInstaller) (EventID: 1013) (User: ADIB-ASUS)
Description: Product: Adobe Reader 9.5.2 -- A process is running that cannot be shut down by Setup.  Please either close all applications and run Setup again, or restart your computer and run Setup again.
 
Error: (12/23/2014 01:20:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7600.16667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 998
 
Start Time: 01d01e6fbf8edc0a
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Report Id: 568f8d02-8a63-11e4-b435-f46d04325438
 
Error: (11/16/2014 06:32:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.4.0, time stamp: 0x4ab1aea2
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000374
Fault offset: 0x00000000000c6ae2
Faulting process id: 0x518
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3
 
Error: (10/25/2014 03:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Samsung_PC_Studio_7.2.24.9.exe, version: 0.0.0.0, time stamp: 0x4a0da177
Faulting module name: Samsung_PC_Studio_7.2.24.9.exe, version: 0.0.0.0, time stamp: 0x4a0da177
Exception code: 0xc000000d
Fault offset: 0x00073870
Faulting process id: 0x11dc
Faulting application start time: 0xSamsung_PC_Studio_7.2.24.9.exe0
Faulting application path: Samsung_PC_Studio_7.2.24.9.exe1
Faulting module path: Samsung_PC_Studio_7.2.24.9.exe2
Report Id: Samsung_PC_Studio_7.2.24.9.exe3
 
Error: (10/25/2014 03:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: ole32.dll, version: 6.1.7600.16624, time stamp: 0x4c2984e3
Exception code: 0xc0000005
Fault offset: 0x000000000003294a
Faulting process id: 0x5bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (10/25/2014 11:57:31 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8
 
Error: (10/25/2014 11:57:30 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8
 
Error: (10/24/2014 06:06:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/24/2015 08:21:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/24/2015 08:21:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/23/2015 05:22:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/23/2015 05:22:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/22/2015 11:47:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/22/2015 11:47:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/22/2015 08:55:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/22/2015 08:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/21/2015 10:39:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
 
Error: (04/21/2015 10:39:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU U 380 @ 1.33GHz
Percentage of memory in use: 65%
Total physical RAM: 3885.23 MB
Available physical RAM: 1324.89 MB
Total Pagefile: 7768.6 MB
Available Pagefile: 4700.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.43 GB) (Free:199.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (CIKGU ADIB) (Removable) (Total:7.47 GB) (Free:2.6 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8)
Partition 2: (Active) - (Size=283.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.
 
==================== End Of Log ============================


#5 hadugen82

hadugen82
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 April 2015 - 04:52 AM

Hi Deeprybka, the ads are morearrow-10x10.png aggressive after I runarrow-10x10.png the process. Anyway, can I uninstall ph and bl also using Revo? 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:46 AM

Posted 25 April 2015 - 10:12 AM

Anyway, can I uninstall ph and bl also using Revo?

what do you mean?

Please follow my instructions exactly. Please repeat step 4.

Edited by deeprybka, 25 April 2015 - 10:17 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 hadugen82

hadugen82
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 April 2015 - 11:26 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Administrator (administrator) on ADIB-ASUS on 26-04-2015 00:23:26
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Nisha & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-10] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {c66f9b57-c3b3-11e3-90c5-f46d04325438} - E:\SISetup.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {d4f63321-9407-11e4-b416-f46d04325438} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {e2336c8e-12ce-11df-b806-0025d3ac9fa9} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MiPhoneManagerSetup-2.1.0.10221.zip.lnk [2015-04-10]
ShortcutTarget: MiPhoneManagerSetup-2.1.0.10221.zip.lnk -> C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}\MiPhoneManagerSetup-2.1.0.10221.zip.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-01-25]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} http://webmail.muis.gov.sg/iNotes6W.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-31] (Adobe Systems Inc.)
FF Extension: AdPunisher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\_ujhgwpvtlbfu@sdmclslismpbssrwx.edu [2015-04-19]
FF HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2014-05-18] (Macromedia) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-25] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 AmUStor; system32\drivers\AmUStor.SYS [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 SliceDisk5; \??\C:\Users\ADMINI~1\AppData\Local\Temp\slicedisk-x64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 13:28 - 2015-04-25 13:28 - 00001054 _____ () C:\Users\Administrator\Desktop\malware.txt
2015-04-25 12:16 - 2015-04-26 00:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 12:10 - 2015-04-25 12:10 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 12:10 - 2015-04-25 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 12:10 - 2015-04-25 12:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-25 12:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 12:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-25 11:49 - 2015-04-25 13:28 - 00000000 ____D () C:\ProgramData\TheAdBlock
2015-04-25 11:41 - 2015-04-25 11:42 - 02224640 _____ () C:\Users\Administrator\Desktop\adwcleaner_4.202.exe
2015-04-25 11:28 - 2015-04-25 13:28 - 00000000 ____D () C:\Program Files (x86)\comfix
2015-04-25 11:18 - 2015-04-25 11:18 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\VS Revo Group
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-25 11:18 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-04-25 11:10 - 2015-04-25 11:10 - 10801480 _____ (VS Revo Group ) C:\Users\Administrator\Downloads\RevoUninProSetup.exe
2015-04-24 21:12 - 2015-04-24 21:13 - 00036756 _____ () C:\Users\Administrator\Desktop\Addition.txt
2015-04-24 21:10 - 2015-04-26 00:23 - 00016032 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-04-24 21:10 - 2015-04-26 00:23 - 00000000 ____D () C:\FRST
2015-04-24 21:06 - 2015-04-24 21:06 - 02099712 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-04-24 20:45 - 2015-04-24 20:45 - 00000422 _____ () C:\Users\Administrator\Desktop\impian advert.txt
2015-04-18 06:44 - 2015-04-18 06:44 - 00509440 _____ (Tech Support Guy System) C:\Users\Administrator\Downloads\SysInfo.exe
2015-04-17 20:54 - 2015-04-17 20:54 - 00000079 _____ () C:\Program Files (x86)\prefs.js
2015-04-17 20:32 - 2015-04-25 13:28 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2015-04-17 20:32 - 2015-04-25 10:57 - 00000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-16 19:58 - 2015-04-16 20:01 - 14777047 _____ () C:\Users\Administrator\Desktop\Canon Rock - Sungha Jung.flv
2015-04-16 19:55 - 2015-04-16 19:58 - 13555872 _____ () C:\Users\Administrator\Desktop\Disney Pixar Cars Lighnting McQueen dreams helping Sally Batman Robin Spider-Man Toy story Imaginext.flv
2015-04-13 20:07 - 2015-04-13 20:09 - 12241333 _____ () C:\Users\Administrator\Desktop\Nasheed - Arabic Alphabet Song with Zaky - HD.flv
2015-04-10 22:07 - 2015-04-10 22:07 - 00062479 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Azry Pusat.zip
2015-04-10 21:59 - 2015-04-10 22:00 - 00096732 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Munirah Izat.zip
2015-04-10 21:08 - 2015-04-17 20:54 - 00000000 ____D () C:\ProgramData\734388593211039175
2015-04-10 20:48 - 2015-04-10 20:48 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____D () C:\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Public\Thunder Network
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\ProgramData\Thunder Network
2015-04-05 11:11 - 2015-04-05 11:11 - 00000000 ____D () C:\Users\Administrator\Desktop\Pantun P2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 00:22 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 00:22 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 00:18 - 2010-01-25 03:06 - 01326403 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 00:16 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\HTC MediaHub
2015-04-26 00:15 - 2015-03-11 06:20 - 00003188 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2015-04-26 00:15 - 2014-02-12 20:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 00:14 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 00:14 - 2009-07-14 12:51 - 00154866 _____ () C:\Windows\setupact.log
2015-04-25 23:42 - 2014-02-12 20:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 23:39 - 2012-11-13 18:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 23:09 - 2010-12-26 10:33 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job
2015-04-25 17:05 - 2010-01-25 04:02 - 00001874 _____ () C:\Windows\system32\ServiceFilter.ini
2015-04-25 17:03 - 2010-06-06 09:39 - 00074232 _____ () C:\Windows\PFRO.log
2015-04-25 14:09 - 2010-12-26 10:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job
2015-04-25 13:28 - 2015-01-30 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-25 12:10 - 2014-02-27 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 12:10 - 2014-02-27 13:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-25 11:59 - 2014-04-13 09:35 - 00000000 ____D () C:\AdwCleaner
2015-04-25 11:38 - 2014-09-14 11:34 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-04-24 20:43 - 2014-02-25 08:16 - 00000000 ____D () C:\Users\Administrator\Desktop\Impian
2015-04-22 23:52 - 2015-03-19 23:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Marymount Stuff
2015-04-21 00:12 - 2015-02-13 20:48 - 00000000 ____D () C:\Users\Administrator\Documents\PaySlip2015
2015-04-17 20:44 - 2014-02-12 20:51 - 00002064 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 20:43 - 2015-03-23 19:29 - 00000000 ____D () C:\Users\Administrator\Desktop\Warkah Zon Tgh
2015-04-17 20:39 - 2012-11-13 18:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 20:39 - 2012-11-13 18:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 20:39 - 2012-11-13 18:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 20:40 - 2009-07-14 13:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 20:07 - 2015-03-01 21:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-04-12 19:28 - 2010-01-25 04:02 - 00002607 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-04-10 20:48 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\.android
2015-03-28 11:42 - 2009-07-14 13:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-04-17 20:54 - 2015-04-17 20:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-05-19 01:19 - 2014-05-31 14:53 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-17 20:32 - 2015-04-25 10:57 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-19 15:32 - 2015-04-25 11:34 - 0011804 _____ () C:\Users\Administrator\AppData\Local\Temp-log.txt
2013-09-26 07:30 - 2013-09-26 07:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-27 16:20 - 2010-03-27 16:20 - 0005037 _____ () C:\ProgramData\esswogwb.bbd
2010-01-25 03:47 - 2009-09-11 01:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-01-25 03:42 - 2010-01-25 03:43 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-01-25 03:42 - 2010-01-25 03:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\atl80.dll
C:\Users\Administrator\AppData\Local\Temp\DrvImgEx.exe
C:\Users\Administrator\AppData\Local\Temp\FindAndMount.exe
C:\Users\Administrator\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Administrator\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Administrator\AppData\Local\Temp\lame_enc.dll
C:\Users\Administrator\AppData\Local\Temp\mfc80.dll
C:\Users\Administrator\AppData\Local\Temp\mfc80u.dll
C:\Users\Administrator\AppData\Local\Temp\mfcm80.dll
C:\Users\Administrator\AppData\Local\Temp\mfcm80u.dll
C:\Users\Administrator\AppData\Local\Temp\MiSetupFullPackage.exe
C:\Users\Administrator\AppData\Local\Temp\msvcm80.dll
C:\Users\Administrator\AppData\Local\Temp\msvcp80.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr71.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr80.dll
C:\Users\Administrator\AppData\Local\Temp\PC Wizard.exe
C:\Users\Administrator\AppData\Local\Temp\pcwiz32.dll
C:\Users\Administrator\AppData\Local\Temp\pcwiz32x.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizard.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizbch.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizcfi.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizdx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizdxb.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizgfx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizhid.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizkbm.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizlcd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizmdl.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizmp3.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizosd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizpda.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizphx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizpwd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizsty.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizvdo.dll
C:\Users\Administrator\AppData\Local\Temp\pqimgstr.dll
C:\Users\Administrator\AppData\Local\Temp\python24.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\savepart.exe
C:\Users\Administrator\AppData\Local\Temp\SHSetup.exe
C:\Users\Administrator\AppData\Local\Temp\spartwin.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\Administrator\AppData\Local\Temp\tbZyn0.dll
C:\Users\Administrator\AppData\Local\Temp\TmDbg32.dll
C:\Users\Administrator\AppData\Local\Temp\TmDbg64.dll
C:\Users\Administrator\AppData\Local\Temp\_fstools.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-25 17:29
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by Administrator at 2015-04-24 21:12:14
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4094388179-336663474-334905840-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4094388179-336663474-334905840-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4094388179-336663474-334905840-1002 - Limited - Enabled)
Nisha (S-1-5-21-4094388179-336663474-334905840-1003 - Limited - Enabled) => C:\Users\Nisha
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version:  - Microsoft)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version:  - Microsoft)
Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.23 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.36.1260 - eCareme Technologies, Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_PROHYBRIDR_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_PROHYBRIDR_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_PROHYBRIDR_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_PROHYBRIDR_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BSR Screen Recorder 5 (HKLM-x32\...\BSRScreenRecorder5) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0401-0000-0000000FF1CE}_PROHYBRIDR_{77A2A458-985F-490F-A258-D6B612F6E8BF}) (Version:  - Microsoft)
ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0401-0000-0000000FF1CE}_PROHYBRIDR_{0A800271-844D-4C58-8954-809C424462AF}) (Version:  - Microsoft)
ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0401-0000-0000000FF1CE}_PROHYBRIDR_{543B51B2-9613-45A1-AAE4-329D821E94AF}) (Version:  - Microsoft)
Express Gate (HKLM-x32\...\{865CD808-6D31-4269-9D36-693CFE75D26A}) (Version: 1.2.13.18 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
GeoSurf (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help ¸üР(KB963678) (HKLM-x32\...\{90120000-0016-0804-0000-0000000FF1CE}_PROHYBRIDR_{CECF0828-8F1F-4205-86B9-61683BAF0321}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678) (HKLM-x32\...\{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{15EEA099-97F0-4952-8597-88472FF062D2}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678) (HKLM-x32\...\{90120000-0016-0C04-0000-0000000FF1CE}_PROHYBRIDR_{E7CEA476-4DDD-4013-BB07-B053E3160C29}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help ©ºÑºÍѾഷ (KB963678) (HKLM-x32\...\{90120000-0016-041E-0000-0000000FF1CE}_PROHYBRIDR_{07419375-8A34-479C-831D-0EF4ADF4B945}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678) (HKLM-x32\...\{90120000-0016-041F-0000-0000000FF1CE}_PROHYBRIDR_{E792E914-5172-48B2-A58A-65C3F311C4E2}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help ¸üР(KB963677) (HKLM-x32\...\{90120000-001A-0804-0000-0000000FF1CE}_PROHYBRIDR_{CB739C4F-6ABE-4CB2-BC90-57583893094F}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669) (HKLM-x32\...\{90120000-0018-0C04-0000-0000000FF1CE}_PROHYBRIDR_{1E73141A-5BA5-4F90-920D-13D080499E45}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669) (HKLM-x32\...\{90120000-0018-0804-0000-0000000FF1CE}_PROHYBRIDR_{833A1F95-EEEB-47D3-B13F-3243AB2E7FA5}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669) (HKLM-x32\...\{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{A7688131-70CB-4945-BAFA-11053AC34D75}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help ©ºÑºÍѾഷ (KB963669) (HKLM-x32\...\{90120000-0018-041E-0000-0000000FF1CE}_PROHYBRIDR_{1075D7C8-AD2B-4717-A3B7-0E3C6417C5EA}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669) (HKLM-x32\...\{90120000-0018-041F-0000-0000000FF1CE}_PROHYBRIDR_{8C762073-C6A4-4A11-A639-1C73014FAE00}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665) (HKLM-x32\...\{90120000-001B-0C04-0000-0000000FF1CE}_PROHYBRIDR_{8DF0707E-D949-4176-98EC-2B54B8879F80}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help ¸üР(KB963665) (HKLM-x32\...\{90120000-001B-0804-0000-0000000FF1CE}_PROHYBRIDR_{53A3BCC0-3278-4729-8718-D17DEC19DE48}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665) (HKLM-x32\...\{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{AD30F628-2AAE-43E0-A0D8-CDFA976E6A9E}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help ©ºÑºÍѾഷ (KB963665) (HKLM-x32\...\{90120000-001B-041E-0000-0000000FF1CE}_PROHYBRIDR_{BA3C37F0-1BB7-4B44-8FB9-7DB86EE5BF39}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665) (HKLM-x32\...\{90120000-001B-041F-0000-0000000FF1CE}_PROHYBRIDR_{96E44099-EB0F-45A3-8831-40412110810D}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MyFreeCodec) (Version:  - )
MykonosInspector (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ce0aaa3b}) (Version:  - MykonosInspector) <==== ATTENTION
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0117 - REALTEK Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAlePlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version:  - ) <==== ATTENTION
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
SaveeNewaAPpz (HKLM-x32\...\{7304C9D1-98AD-55F0-636E-22D8DD57F176}) (Version:  - "") <==== ATTENTION
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SopCast 3.0.3 (HKLM-x32\...\SopCast) (Version: 3.0.3 - SopCast.com)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1700 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.12 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
25-03-2015 21:27:17 Windows Update
29-03-2015 10:01:21 Windows Update
05-04-2015 11:19:19 Windows Update
08-04-2015 20:51:51 Windows Update
13-04-2015 18:55:48 Windows Update
16-04-2015 20:00:47 Windows Update
20-04-2015 21:57:30 Windows Update
24-04-2015 20:32:29 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00CDCA0F-1B5B-4B9D-B63B-68DC9CE632D6} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-12] (TODO: <Company name>)
Task: {01865F6F-C8AC-41E5-B93C-2AA9BD58DC66} - System32\Tasks\{FFA45083-5543-40B4-8A66-67FA8F28B42C} => pcalua.exe -a "D:\Pakej Lengkap Multimedia\Macromedia Studio MX 2004\Studio MX\Accessibility\Install Flash MX 2004.exe" -d "D:\Pakej Lengkap Multimedia\Macromedia Studio MX 2004\Studio MX\Accessibility"
Task: {0DD00529-35DA-465E-B64A-A959BF04A1BD} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-24] (ATK)
Task: {269DB520-4CB8-4F05-894C-200133D765DA} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
Task: {368AA33E-87EA-4C32-B34C-1C5D82CFFBC4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-16] ()
Task: {45014314-A9B0-41DB-B0EE-DB8C54CF11FD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {4A9AF9E6-BBC6-404D-9D56-E5C3D4F52749} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {4CEB2CE7-0A00-41C0-AC4A-7F69836B016D} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)
Task: {4E88F4C8-3854-49D7-A3E5-768461C8BEC9} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {6FF4D56D-3130-4CD8-B9B1-8B31F4F745C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {783228A5-D22D-4305-867E-345E6C383720} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {7F847985-F3A1-4042-A6A8-50D2E8407819} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {86E67B07-CFD1-448F-9399-05CDEFF6A080} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {C5189A40-5BF0-4FBD-86AA-7BC9D263E60D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF12BA3F-56EC-445B-9D17-C54847E3D5CA} - System32\Tasks\{FC6A2D0B-487E-4987-8EC1-4871BDB54A96} => pcalua.exe -a "C:\Program Files\BSR Screen Recorder 5\Uninstall Screen Recorder 5.exe"
Task: {F3C071F9-7BA2-49AD-810F-4A49CA297E21} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-09] (ATK)
Task: {F7A11CFD-F8E3-4FCC-AF69-23FD5BA722E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-01-25 03:54 - 2007-08-08 16:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-04-14 22:26 - 2010-10-14 10:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL
2014-04-14 22:26 - 2010-10-14 10:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2008-10-01 15:02 - 2008-10-01 15:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-08-29 07:00 - 2009-08-29 07:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-29 03:43 - 2009-08-29 03:43 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-25 03:54 - 2007-03-10 10:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2010-01-25 04:01 - 2007-12-01 03:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-09-16 09:34 - 2009-09-16 09:34 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-10 21:06 - 2014-04-10 21:06 - 00465408 _____ () C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}\MiPhoneManagerSetup-2.1.0.10221.zip.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-12-18 15:27 - 2014-12-18 15:27 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-04-10 21:11 - 2015-04-10 21:11 - 01683968 _____ () c:\Program Files (x86)\SystemPreserve\SystemPreserve.dll
2014-12-18 15:25 - 2014-12-18 15:25 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 15:29 - 2014-12-18 15:29 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 15:31 - 2014-12-18 15:31 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:734E442A
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/03/2015 11:23:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6611.1000, time stamp: 0x4e5d44a0
Faulting module name: EXCEL.EXE, version: 12.0.6611.1000, time stamp: 0x4e5d44a0
Exception code: 0xc0000005
Fault offset: 0x0004bc53
Faulting process id: 0x1080
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
 
Error: (02/01/2015 01:47:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: ADIB-ASUS)
Description: Product: Adobe Reader 9.5.2 -- A process is running that cannot be shut down by Setup.  Please either close all applications and run Setup again, or restart your computer and run Setup again.
 
Error: (02/01/2015 01:47:02 PM) (Source: MsiInstaller) (EventID: 1013) (User: ADIB-ASUS)
Description: Product: Adobe Reader 9.5.2 -- A process is running that cannot be shut down by Setup.  Please either close all applications and run Setup again, or restart your computer and run Setup again.
 
Error: (12/23/2014 01:20:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7600.16667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 998
 
Start Time: 01d01e6fbf8edc0a
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Report Id: 568f8d02-8a63-11e4-b435-f46d04325438
 
Error: (11/16/2014 06:32:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.4.0, time stamp: 0x4ab1aea2
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000374
Fault offset: 0x00000000000c6ae2
Faulting process id: 0x518
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3
 
Error: (10/25/2014 03:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Samsung_PC_Studio_7.2.24.9.exe, version: 0.0.0.0, time stamp: 0x4a0da177
Faulting module name: Samsung_PC_Studio_7.2.24.9.exe, version: 0.0.0.0, time stamp: 0x4a0da177
Exception code: 0xc000000d
Fault offset: 0x00073870
Faulting process id: 0x11dc
Faulting application start time: 0xSamsung_PC_Studio_7.2.24.9.exe0
Faulting application path: Samsung_PC_Studio_7.2.24.9.exe1
Faulting module path: Samsung_PC_Studio_7.2.24.9.exe2
Report Id: Samsung_PC_Studio_7.2.24.9.exe3
 
Error: (10/25/2014 03:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: ole32.dll, version: 6.1.7600.16624, time stamp: 0x4c2984e3
Exception code: 0xc0000005
Fault offset: 0x000000000003294a
Faulting process id: 0x5bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (10/25/2014 11:57:31 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8
 
Error: (10/25/2014 11:57:30 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8
 
Error: (10/24/2014 06:06:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/24/2015 08:21:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/24/2015 08:21:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/23/2015 05:22:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/23/2015 05:22:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/22/2015 11:47:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/22/2015 11:47:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/22/2015 08:55:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/22/2015 08:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/21/2015 10:39:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
 
Error: (04/21/2015 10:39:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU U 380 @ 1.33GHz
Percentage of memory in use: 65%
Total physical RAM: 3885.23 MB
Available physical RAM: 1324.89 MB
Total Pagefile: 7768.6 MB
Available Pagefile: 4700.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.43 GB) (Free:199.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (CIKGU ADIB) (Removable) (Total:7.47 GB) (Free:2.6 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8)
Partition 2: (Active) - (Size=283.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:46 AM

Posted 25 April 2015 - 11:44 AM

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by Administrator at 2015-04-24 21:12:14
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal

 

 

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.

 

Please follow my instructions! The addition.txt is still the same from the first run.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 hadugen82

hadugen82
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 26 April 2015 - 12:04 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Administrator (administrator) on ADIB-ASUS on 26-04-2015 13:00:59
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Nisha & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-10] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {c66f9b57-c3b3-11e3-90c5-f46d04325438} - E:\SISetup.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {d4f63321-9407-11e4-b416-f46d04325438} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {e2336c8e-12ce-11df-b806-0025d3ac9fa9} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MiPhoneManagerSetup-2.1.0.10221.zip.lnk [2015-04-10]
ShortcutTarget: MiPhoneManagerSetup-2.1.0.10221.zip.lnk -> C:\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}\MiPhoneManagerSetup-2.1.0.10221.zip.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-01-25]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} http://webmail.muis.gov.sg/iNotes6W.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-31] (Adobe Systems Inc.)
FF Extension: AdPunisher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\_ujhgwpvtlbfu@sdmclslismpbssrwx.edu [2015-04-19]
FF HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2014-05-18] (Macromedia) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-25] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 AmUStor; system32\drivers\AmUStor.SYS [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 SliceDisk5; \??\C:\Users\ADMINI~1\AppData\Local\Temp\slicedisk-x64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 10:49 - 2015-04-26 10:49 - 00019461 _____ () C:\Users\Administrator\Downloads\SA1 Schedule 2015_v2.xlsx
2015-04-25 13:28 - 2015-04-25 13:28 - 00001054 _____ () C:\Users\Administrator\Desktop\malware.txt
2015-04-25 12:16 - 2015-04-26 10:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 12:10 - 2015-04-25 12:10 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 12:10 - 2015-04-25 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 12:10 - 2015-04-25 12:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-25 12:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 12:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-25 11:49 - 2015-04-25 13:28 - 00000000 ____D () C:\ProgramData\TheAdBlock
2015-04-25 11:41 - 2015-04-25 11:42 - 02224640 _____ () C:\Users\Administrator\Desktop\adwcleaner_4.202.exe
2015-04-25 11:28 - 2015-04-25 13:28 - 00000000 ____D () C:\Program Files (x86)\comfix
2015-04-25 11:18 - 2015-04-25 11:18 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\VS Revo Group
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-25 11:18 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-04-25 11:10 - 2015-04-25 11:10 - 10801480 _____ (VS Revo Group ) C:\Users\Administrator\Downloads\RevoUninProSetup.exe
2015-04-24 21:12 - 2015-04-24 21:13 - 00036756 _____ () C:\Users\Administrator\Desktop\Addition.txt
2015-04-24 21:10 - 2015-04-26 13:01 - 00015868 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-04-24 21:10 - 2015-04-26 13:01 - 00000000 ____D () C:\FRST
2015-04-24 21:06 - 2015-04-24 21:06 - 02099712 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-04-24 20:45 - 2015-04-24 20:45 - 00000422 _____ () C:\Users\Administrator\Desktop\impian advert.txt
2015-04-18 06:44 - 2015-04-18 06:44 - 00509440 _____ (Tech Support Guy System) C:\Users\Administrator\Downloads\SysInfo.exe
2015-04-17 20:54 - 2015-04-17 20:54 - 00000079 _____ () C:\Program Files (x86)\prefs.js
2015-04-17 20:32 - 2015-04-25 13:28 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2015-04-17 20:32 - 2015-04-25 10:57 - 00000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-16 19:58 - 2015-04-16 20:01 - 14777047 _____ () C:\Users\Administrator\Desktop\Canon Rock - Sungha Jung.flv
2015-04-16 19:55 - 2015-04-16 19:58 - 13555872 _____ () C:\Users\Administrator\Desktop\Disney Pixar Cars Lighnting McQueen dreams helping Sally Batman Robin Spider-Man Toy story Imaginext.flv
2015-04-13 20:07 - 2015-04-13 20:09 - 12241333 _____ () C:\Users\Administrator\Desktop\Nasheed - Arabic Alphabet Song with Zaky - HD.flv
2015-04-10 22:07 - 2015-04-10 22:07 - 00062479 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Azry Pusat.zip
2015-04-10 21:59 - 2015-04-10 22:00 - 00096732 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Munirah Izat.zip
2015-04-10 21:08 - 2015-04-17 20:54 - 00000000 ____D () C:\ProgramData\734388593211039175
2015-04-10 20:48 - 2015-04-10 20:48 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____D () C:\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Public\Thunder Network
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\ProgramData\Thunder Network
2015-04-05 11:11 - 2015-04-05 11:11 - 00000000 ____D () C:\Users\Administrator\Desktop\Pantun P2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 12:42 - 2014-02-12 20:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 12:39 - 2012-11-13 18:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 12:09 - 2010-12-26 10:33 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job
2015-04-26 11:58 - 2010-01-25 03:06 - 01420062 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 10:44 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 10:44 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 10:38 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\HTC MediaHub
2015-04-26 10:37 - 2015-03-11 06:20 - 00003188 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2015-04-26 10:37 - 2014-02-12 20:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 10:36 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 10:36 - 2009-07-14 12:51 - 00154922 _____ () C:\Windows\setupact.log
2015-04-25 17:05 - 2010-01-25 04:02 - 00001874 _____ () C:\Windows\system32\ServiceFilter.ini
2015-04-25 17:03 - 2010-06-06 09:39 - 00074232 _____ () C:\Windows\PFRO.log
2015-04-25 14:09 - 2010-12-26 10:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job
2015-04-25 13:28 - 2015-01-30 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-25 12:11 - 2014-02-27 13:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2015-04-25 12:10 - 2014-02-27 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 12:10 - 2014-02-27 13:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-25 11:59 - 2014-04-13 09:35 - 00000000 ____D () C:\AdwCleaner
2015-04-25 11:38 - 2014-09-14 11:34 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-04-24 20:43 - 2014-02-25 08:16 - 00000000 ____D () C:\Users\Administrator\Desktop\Impian
2015-04-22 23:52 - 2015-03-19 23:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Marymount Stuff
2015-04-21 00:12 - 2015-02-13 20:48 - 00000000 ____D () C:\Users\Administrator\Documents\PaySlip2015
2015-04-17 20:44 - 2014-02-12 20:51 - 00002064 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 20:43 - 2015-03-23 19:29 - 00000000 ____D () C:\Users\Administrator\Desktop\Warkah Zon Tgh
2015-04-17 20:39 - 2012-11-13 18:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 20:39 - 2012-11-13 18:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 20:39 - 2012-11-13 18:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 20:40 - 2009-07-14 13:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 20:07 - 2015-03-01 21:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-04-12 19:28 - 2010-01-25 04:02 - 00002607 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-04-10 20:48 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\.android
2015-03-28 11:42 - 2009-07-14 13:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-04-17 20:54 - 2015-04-17 20:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-05-19 01:19 - 2014-05-31 14:53 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-17 20:32 - 2015-04-25 10:57 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-19 15:32 - 2015-04-25 11:34 - 0011804 _____ () C:\Users\Administrator\AppData\Local\Temp-log.txt
2013-09-26 07:30 - 2013-09-26 07:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-27 16:20 - 2010-03-27 16:20 - 0005037 _____ () C:\ProgramData\esswogwb.bbd
2010-01-25 03:47 - 2009-09-11 01:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-01-25 03:42 - 2010-01-25 03:43 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-01-25 03:42 - 2010-01-25 03:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\atl80.dll
C:\Users\Administrator\AppData\Local\Temp\DrvImgEx.exe
C:\Users\Administrator\AppData\Local\Temp\FindAndMount.exe
C:\Users\Administrator\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Administrator\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Administrator\AppData\Local\Temp\lame_enc.dll
C:\Users\Administrator\AppData\Local\Temp\mfc80.dll
C:\Users\Administrator\AppData\Local\Temp\mfc80u.dll
C:\Users\Administrator\AppData\Local\Temp\mfcm80.dll
C:\Users\Administrator\AppData\Local\Temp\mfcm80u.dll
C:\Users\Administrator\AppData\Local\Temp\MiSetupFullPackage.exe
C:\Users\Administrator\AppData\Local\Temp\msvcm80.dll
C:\Users\Administrator\AppData\Local\Temp\msvcp80.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr71.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr80.dll
C:\Users\Administrator\AppData\Local\Temp\PC Wizard.exe
C:\Users\Administrator\AppData\Local\Temp\pcwiz32.dll
C:\Users\Administrator\AppData\Local\Temp\pcwiz32x.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizard.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizbch.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizcfi.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizdx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizdxb.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizgfx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizhid.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizkbm.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizlcd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizmdl.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizmp3.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizosd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizpda.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizphx.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizpwd.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizsty.dll
C:\Users\Administrator\AppData\Local\Temp\pcwizvdo.dll
C:\Users\Administrator\AppData\Local\Temp\pqimgstr.dll
C:\Users\Administrator\AppData\Local\Temp\python24.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\savepart.exe
C:\Users\Administrator\AppData\Local\Temp\SHSetup.exe
C:\Users\Administrator\AppData\Local\Temp\spartwin.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\Administrator\AppData\Local\Temp\tbZyn0.dll
C:\Users\Administrator\AppData\Local\Temp\TmDbg32.dll
C:\Users\Administrator\AppData\Local\Temp\TmDbg64.dll
C:\Users\Administrator\AppData\Local\Temp\_fstools.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-25 17:29
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02
Ran by Administrator at 2015-04-26 13:02:03
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4094388179-336663474-334905840-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4094388179-336663474-334905840-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4094388179-336663474-334905840-1002 - Limited - Enabled)
Nisha (S-1-5-21-4094388179-336663474-334905840-1003 - Limited - Enabled) => C:\Users\Nisha
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version:  - Microsoft)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version:  - Microsoft)
Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.23 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.36.1260 - eCareme Technologies, Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_PROHYBRIDR_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_PROHYBRIDR_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_PROHYBRIDR_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_PROHYBRIDR_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BSR Screen Recorder 5 (HKLM-x32\...\BSRScreenRecorder5) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0401-0000-0000000FF1CE}_PROHYBRIDR_{77A2A458-985F-490F-A258-D6B612F6E8BF}) (Version:  - Microsoft)
ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0401-0000-0000000FF1CE}_PROHYBRIDR_{0A800271-844D-4C58-8954-809C424462AF}) (Version:  - Microsoft)
ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0401-0000-0000000FF1CE}_PROHYBRIDR_{543B51B2-9613-45A1-AAE4-329D821E94AF}) (Version:  - Microsoft)
Express Gate (HKLM-x32\...\{865CD808-6D31-4269-9D36-693CFE75D26A}) (Version: 1.2.13.18 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help ¸üР(KB963678) (HKLM-x32\...\{90120000-0016-0804-0000-0000000FF1CE}_PROHYBRIDR_{CECF0828-8F1F-4205-86B9-61683BAF0321}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678) (HKLM-x32\...\{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{15EEA099-97F0-4952-8597-88472FF062D2}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678) (HKLM-x32\...\{90120000-0016-0C04-0000-0000000FF1CE}_PROHYBRIDR_{E7CEA476-4DDD-4013-BB07-B053E3160C29}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help ©ºÑºÍѾഷ (KB963678) (HKLM-x32\...\{90120000-0016-041E-0000-0000000FF1CE}_PROHYBRIDR_{07419375-8A34-479C-831D-0EF4ADF4B945}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678) (HKLM-x32\...\{90120000-0016-041F-0000-0000000FF1CE}_PROHYBRIDR_{E792E914-5172-48B2-A58A-65C3F311C4E2}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help ¸üР(KB963677) (HKLM-x32\...\{90120000-001A-0804-0000-0000000FF1CE}_PROHYBRIDR_{CB739C4F-6ABE-4CB2-BC90-57583893094F}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669) (HKLM-x32\...\{90120000-0018-0C04-0000-0000000FF1CE}_PROHYBRIDR_{1E73141A-5BA5-4F90-920D-13D080499E45}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669) (HKLM-x32\...\{90120000-0018-0804-0000-0000000FF1CE}_PROHYBRIDR_{833A1F95-EEEB-47D3-B13F-3243AB2E7FA5}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669) (HKLM-x32\...\{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{A7688131-70CB-4945-BAFA-11053AC34D75}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help ©ºÑºÍѾഷ (KB963669) (HKLM-x32\...\{90120000-0018-041E-0000-0000000FF1CE}_PROHYBRIDR_{1075D7C8-AD2B-4717-A3B7-0E3C6417C5EA}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669) (HKLM-x32\...\{90120000-0018-041F-0000-0000000FF1CE}_PROHYBRIDR_{8C762073-C6A4-4A11-A639-1C73014FAE00}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665) (HKLM-x32\...\{90120000-001B-0C04-0000-0000000FF1CE}_PROHYBRIDR_{8DF0707E-D949-4176-98EC-2B54B8879F80}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help ¸üР(KB963665) (HKLM-x32\...\{90120000-001B-0804-0000-0000000FF1CE}_PROHYBRIDR_{53A3BCC0-3278-4729-8718-D17DEC19DE48}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665) (HKLM-x32\...\{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{AD30F628-2AAE-43E0-A0D8-CDFA976E6A9E}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help ©ºÑºÍѾഷ (KB963665) (HKLM-x32\...\{90120000-001B-041E-0000-0000000FF1CE}_PROHYBRIDR_{BA3C37F0-1BB7-4B44-8FB9-7DB86EE5BF39}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665) (HKLM-x32\...\{90120000-001B-041F-0000-0000000FF1CE}_PROHYBRIDR_{96E44099-EB0F-45A3-8831-40412110810D}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MyFreeCodec) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0117 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SopCast 3.0.3 (HKLM-x32\...\SopCast) (Version: 3.0.3 - SopCast.com)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1700 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.12 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-03-2015 10:01:21 Windows Update
05-04-2015 11:19:19 Windows Update
08-04-2015 20:51:51 Windows Update
13-04-2015 18:55:48 Windows Update
16-04-2015 20:00:47 Windows Update
20-04-2015 21:57:30 Windows Update
24-04-2015 20:32:29 Windows Update
25-04-2015 11:20:45 Revo Uninstaller Pro's restore point - GeoSurf
25-04-2015 11:27:53 Revo Uninstaller Pro's restore point - MykonosInspector
25-04-2015 11:30:55 Revo Uninstaller Pro's restore point - SAlePlus
25-04-2015 11:33:38 Revo Uninstaller Pro's restore point - SaveeNewaAPpz
25-04-2015 11:36:52 Revo Uninstaller Pro's restore point - SpyHunter
25-04-2015 11:37:06 Removed SpyHunter
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01865F6F-C8AC-41E5-B93C-2AA9BD58DC66} - System32\Tasks\{FFA45083-5543-40B4-8A66-67FA8F28B42C} => pcalua.exe -a "D:\Pakej Lengkap Multimedia\Macromedia Studio MX 2004\Studio MX\Accessibility\Install Flash MX 2004.exe" -d "D:\Pakej Lengkap Multimedia\Macromedia Studio MX 2004\Studio MX\Accessibility"
Task: {0DD00529-35DA-465E-B64A-A959BF04A1BD} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-24] (ATK)
Task: {269DB520-4CB8-4F05-894C-200133D765DA} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
Task: {368AA33E-87EA-4C32-B34C-1C5D82CFFBC4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-16] ()
Task: {45014314-A9B0-41DB-B0EE-DB8C54CF11FD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {4A9AF9E6-BBC6-404D-9D56-E5C3D4F52749} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {4CEB2CE7-0A00-41C0-AC4A-7F69836B016D} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)
Task: {4E88F4C8-3854-49D7-A3E5-768461C8BEC9} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {5E93F4B2-DA11-445E-8690-7A244B89D56A} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-12] (TODO: <Company name>)
Task: {6FF4D56D-3130-4CD8-B9B1-8B31F4F745C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {783228A5-D22D-4305-867E-345E6C383720} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {7F847985-F3A1-4042-A6A8-50D2E8407819} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {86E67B07-CFD1-448F-9399-05CDEFF6A080} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {C5189A40-5BF0-4FBD-86AA-7BC9D263E60D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF12BA3F-56EC-445B-9D17-C54847E3D5CA} - System32\Tasks\{FC6A2D0B-487E-4987-8EC1-4871BDB54A96} => pcalua.exe -a "C:\Program Files\BSR Screen Recorder 5\Uninstall Screen Recorder 5.exe"
Task: {F3C071F9-7BA2-49AD-810F-4A49CA297E21} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-09] (ATK)
Task: {F7A11CFD-F8E3-4FCC-AF69-23FD5BA722E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-01-25 03:54 - 2007-08-08 16:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-04-14 22:26 - 2010-10-14 10:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL
2014-04-14 22:26 - 2010-10-14 10:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2009-08-29 07:00 - 2009-08-29 07:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-29 03:43 - 2009-08-29 03:43 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-25 03:54 - 2007-03-10 10:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2010-01-25 04:01 - 2007-12-01 03:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2008-10-01 15:02 - 2008-10-01 15:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-09-16 09:34 - 2009-09-16 09:34 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-18 15:27 - 2014-12-18 15:27 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-12-18 15:25 - 2014-12-18 15:25 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 15:29 - 2014-12-18 15:29 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 15:31 - 2014-12-18 15:31 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-17 20:44 - 2015-04-14 05:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:734E442A
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2015 11:20:43 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2431e843-9f2e-4792-9605-84bd32fdd1fe}
 
Error: (04/03/2015 11:23:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6611.1000, time stamp: 0x4e5d44a0
Faulting module name: EXCEL.EXE, version: 12.0.6611.1000, time stamp: 0x4e5d44a0
Exception code: 0xc0000005
Fault offset: 0x0004bc53
Faulting process id: 0x1080
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
 
Error: (02/01/2015 01:47:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: ADIB-ASUS)
Description: Product: Adobe Reader 9.5.2 -- A process is running that cannot be shut down by Setup.  Please either close all applications and run Setup again, or restart your computer and run Setup again.
 
Error: (02/01/2015 01:47:02 PM) (Source: MsiInstaller) (EventID: 1013) (User: ADIB-ASUS)
Description: Product: Adobe Reader 9.5.2 -- A process is running that cannot be shut down by Setup.  Please either close all applications and run Setup again, or restart your computer and run Setup again.
 
Error: (12/23/2014 01:20:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7600.16667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 998
 
Start Time: 01d01e6fbf8edc0a
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Report Id: 568f8d02-8a63-11e4-b435-f46d04325438
 
Error: (11/16/2014 06:32:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.4.0, time stamp: 0x4ab1aea2
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000374
Fault offset: 0x00000000000c6ae2
Faulting process id: 0x518
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3
 
Error: (10/25/2014 03:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Samsung_PC_Studio_7.2.24.9.exe, version: 0.0.0.0, time stamp: 0x4a0da177
Faulting module name: Samsung_PC_Studio_7.2.24.9.exe, version: 0.0.0.0, time stamp: 0x4a0da177
Exception code: 0xc000000d
Fault offset: 0x00073870
Faulting process id: 0x11dc
Faulting application start time: 0xSamsung_PC_Studio_7.2.24.9.exe0
Faulting application path: Samsung_PC_Studio_7.2.24.9.exe1
Faulting module path: Samsung_PC_Studio_7.2.24.9.exe2
Report Id: Samsung_PC_Studio_7.2.24.9.exe3
 
Error: (10/25/2014 03:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: ole32.dll, version: 6.1.7600.16624, time stamp: 0x4c2984e3
Exception code: 0xc0000005
Fault offset: 0x000000000003294a
Faulting process id: 0x5bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (10/25/2014 11:57:31 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8
 
Error: (10/25/2014 11:57:30 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8
 
 
System errors:
=============
Error: (04/26/2015 10:38:51 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (04/26/2015 10:37:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/26/2015 10:37:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/26/2015 00:15:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/26/2015 00:15:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/25/2015 06:56:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/25/2015 06:56:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/25/2015 05:04:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/25/2015 05:04:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error: 
%%2
 
Error: (04/25/2015 00:00:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU U 380 @ 1.33GHz
Percentage of memory in use: 59%
Total physical RAM: 3885.23 MB
Available physical RAM: 1568.73 MB
Total Pagefile: 7768.6 MB
Available Pagefile: 5197.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.43 GB) (Free:196.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8)
Partition 2: (Active) - (Size=283.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:46 AM

Posted 26 April 2015 - 08:58 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MiPhoneManagerSetup-2.1.0.10221.zip.lnk [2015-04-10]
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
    Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll No File
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
    AlternateDataStreams: C:\ProgramData\Temp:734E442A
    AlternateDataStreams: C:\ProgramData\Temp:A724744F
    AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
    AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 hadugen82

hadugen82
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 27 April 2015 - 10:50 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-04-2015 02
Ran by Administrator at 2015-04-27 20:59:51 Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Nisha & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\START MENU\Programs\Startup\MiPhoneManagerSetup-2.1.0.10221.zip.lnk [2015-04-10]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4094388179-336663474-334905840-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll No File
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SPYHUNTER\esgiguard.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:734E442A
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\START MENU\Programs\Startup\MiPhoneManagerSetup-2.1.0.10221.zip.lnk => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA}" => Key deleted successfully.
HKU\S-1-5-21-4094388179-336663474-334905840-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
HKU\S-1-5-21-4094388179-336663474-334905840-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
HKU\S-1-5-21-4094388179-336663474-334905840-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
"HKCR\PROTOCOLS\Handler\vipresg" => Key deleted successfully.
HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => Key not found. 
esgiguard => Service deleted successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
C:\ProgramData\Temp => ":734E442A" ADS removed successfully.
C:\ProgramData\Temp => ":A724744F" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
C:\ProgramData\Temp => ":B88E99C8" ADS removed successfully.
EmptyTemp: => Removed 2.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:03:27 ====
 
 
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b2234227875d7245ac227542649a6fd2
# engine=23582
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-27 03:43:14
# local_time=2015-04-27 11:43:14 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 33780583 53154988 0 0
# scanned=149515
# found=92
# cleaned=0
# scan_time=7960
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=98A1F4BFD7F754FEE5D76C1C8C33DDAF81FF916A ft=1 fh=562a193ff1aa03a3 vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{d154f8b5-bc96-8765-d154-4f8b5bc9e2d6}\MiPhoneManagerSetup-2.1.0.10221.zip.exe.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js.vir"
sh=6E3B67D520770342CF5AED0F013D34B2386EE776 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\searchengine@gmail.com\chrome\content\toolbar.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\lsdb.js.vir"
sh=837CD494192FB1F9E9ADD00B8C15DB0B4F1E1DE8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\torch\User Data\Default\Extensions\hcjgpjhfdofahkpcamjihgomapgbdhnc\5.14\V1m5Bt8GZN_.js.vir"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js.vir"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js.vir"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nisha\AppData\Local\torch\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js.vir"
sh=596D35F76A051ABEF51B37704BF15936CEF67D5A ft=1 fh=398a74cd6a5fc7a8 vn="Win32/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\D drive backup\FreeStudio.exe"
sh=C3A8205CF0999C388927996115182FA9FC411CFA ft=1 fh=a6fadc1935eda1dd vn="Win32/ExtenBro.AZ trojan" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll"
sh=19C57157C2E9B58037A7D2BCA4909CBF125E9A23 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{3B2F5F1D-2616-47B6-A55D-6E34E0CC7DEB}\Custom.dll"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=19C57157C2E9B58037A7D2BCA4909CBF125E9A23 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{3B2F5F1D-2616-47B6-A55D-6E34E0CC7DEB}\Custom.dll"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Nisha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Nisha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\Nisha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=A3B1F7AAE935D1D6CFFF9121F852E812AA72C830 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Nisha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\AUmtno10HCG.js"
sh=3DB3D1703D7C81F5D380D24AC7501B646059904A ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Nisha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\content.js"
sh=9BD92367AE26D999BD6B6B4ECBC0B22C3E6C7893 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.A application" ac=I fn="C:\Users\Nisha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lbaglfcokmpnoblhoinpkfogglcjjbae\2.1\lsdb.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/ExtenBro.AZ trojan" ac=I fn="${Memory}"
 


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:46 AM

Posted 27 April 2015 - 12:54 PM

Step 1

revouninstaller.pngRevo Uninstaller Free
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Reinstall Google Chrome. Download

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 hadugen82

hadugen82
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 29 April 2015 - 05:36 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Administrator (administrator) on ADIB-ASUS on 29-04-2015 18:31:05
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Nisha & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-10] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {c66f9b57-c3b3-11e3-90c5-f46d04325438} - E:\SISetup.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {d4f63321-9407-11e4-b416-f46d04325438} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MountPoints2: {e2336c8e-12ce-11df-b806-0025d3ac9fa9} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-01-25]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} http://webmail.muis.gov.sg/iNotes6W.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2012-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-31] (Adobe Systems Inc.)
FF Extension: AdPunisher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tj7j2f2a.default-1397352596530\Extensions\_ujhgwpvtlbfu@sdmclslismpbssrwx.edu [2015-04-19]
FF HKU\S-1-5-21-4094388179-336663474-334905840-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2014-05-18] (Macromedia) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-25] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 AmUStor; system32\drivers\AmUStor.SYS [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
S3 SliceDisk5; \??\C:\Users\ADMINI~1\AppData\Local\Temp\slicedisk-x64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 18:30 - 2015-04-29 18:30 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2015-04-29 18:17 - 2015-04-29 18:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup.exe
2015-04-28 06:24 - 2015-04-28 06:24 - 00028127 _____ () C:\Users\Administrator\Downloads\SA1 Schedule 2015_with deployment_v2.xlsx
2015-04-27 21:17 - 2015-04-27 21:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-27 21:15 - 2015-04-27 21:16 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2015-04-27 19:06 - 2015-04-27 19:06 - 00043996 _____ () C:\Users\Administrator\Desktop\Zon Tgh Kacang Pool.xlsx
2015-04-27 18:19 - 2015-04-27 18:19 - 00040582 _____ () C:\Users\Administrator\Downloads\classlist 2015.xlsx
2015-04-26 10:49 - 2015-04-26 10:49 - 00019461 _____ () C:\Users\Administrator\Downloads\SA1 Schedule 2015_v2.xlsx
2015-04-25 13:28 - 2015-04-25 13:28 - 00001054 _____ () C:\Users\Administrator\Desktop\malware.txt
2015-04-25 12:16 - 2015-04-29 18:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 12:10 - 2015-04-25 12:10 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 12:10 - 2015-04-25 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 12:10 - 2015-04-25 12:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-25 12:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 12:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-25 11:49 - 2015-04-25 13:28 - 00000000 ____D () C:\ProgramData\TheAdBlock
2015-04-25 11:41 - 2015-04-25 11:42 - 02224640 _____ () C:\Users\Administrator\Desktop\adwcleaner_4.202.exe
2015-04-25 11:28 - 2015-04-25 13:28 - 00000000 ____D () C:\Program Files (x86)\comfix
2015-04-25 11:18 - 2015-04-25 11:18 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\VS Revo Group
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-04-25 11:18 - 2015-04-25 11:18 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-25 11:18 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-04-25 11:10 - 2015-04-25 11:10 - 10801480 _____ (VS Revo Group ) C:\Users\Administrator\Downloads\RevoUninProSetup.exe
2015-04-24 21:12 - 2015-04-26 13:03 - 00036249 _____ () C:\Users\Administrator\Desktop\Addition.txt
2015-04-24 21:10 - 2015-04-29 18:31 - 00015286 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-04-24 21:10 - 2015-04-29 18:31 - 00000000 ____D () C:\FRST
2015-04-24 21:06 - 2015-04-29 18:30 - 02101248 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-04-24 20:45 - 2015-04-24 20:45 - 00000422 _____ () C:\Users\Administrator\Desktop\impian advert.txt
2015-04-18 06:44 - 2015-04-18 06:44 - 00509440 _____ (Tech Support Guy System) C:\Users\Administrator\Downloads\SysInfo.exe
2015-04-17 20:54 - 2015-04-17 20:54 - 00000079 _____ () C:\Program Files (x86)\prefs.js
2015-04-17 20:32 - 2015-04-29 18:19 - 00000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-17 20:32 - 2015-04-25 13:28 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2015-04-16 19:58 - 2015-04-16 20:01 - 14777047 _____ () C:\Users\Administrator\Desktop\Canon Rock - Sungha Jung.flv
2015-04-16 19:55 - 2015-04-16 19:58 - 13555872 _____ () C:\Users\Administrator\Desktop\Disney Pixar Cars Lighnting McQueen dreams helping Sally Batman Robin Spider-Man Toy story Imaginext.flv
2015-04-13 20:07 - 2015-04-13 20:09 - 12241333 _____ () C:\Users\Administrator\Desktop\Nasheed - Arabic Alphabet Song with Zaky - HD.flv
2015-04-10 22:07 - 2015-04-10 22:07 - 00062479 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Azry Pusat.zip
2015-04-10 21:59 - 2015-04-10 22:00 - 00096732 _____ () C:\Users\Administrator\Downloads\WhatsApp Chat with Munirah Izat.zip
2015-04-10 21:08 - 2015-04-17 20:54 - 00000000 ____D () C:\ProgramData\734388593211039175
2015-04-10 20:48 - 2015-04-10 20:48 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-04-10 20:48 - 2015-04-10 20:48 - 00000000 ____D () C:\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Public\Thunder Network
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Xiaomi
2015-04-10 20:47 - 2015-04-10 20:47 - 00000000 ____D () C:\ProgramData\Thunder Network
2015-04-05 11:11 - 2015-04-05 11:11 - 00000000 ____D () C:\Users\Administrator\Desktop\Pantun P2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 18:29 - 2013-02-17 12:08 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-29 18:19 - 2010-01-25 03:06 - 01665768 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 18:10 - 2015-03-11 06:20 - 00003188 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2015-04-29 18:10 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-29 18:10 - 2009-07-14 12:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-29 18:09 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\HTC MediaHub
2015-04-29 18:09 - 2014-02-12 20:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 18:09 - 2010-12-26 10:33 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job
2015-04-29 18:03 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-29 18:03 - 2009-07-14 12:51 - 00155202 _____ () C:\Windows\setupact.log
2015-04-27 23:42 - 2014-02-12 20:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-27 23:39 - 2012-11-13 18:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-27 18:39 - 2015-03-01 21:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-04-25 17:05 - 2010-01-25 04:02 - 00001874 _____ () C:\Windows\system32\ServiceFilter.ini
2015-04-25 17:03 - 2010-06-06 09:39 - 00074232 _____ () C:\Windows\PFRO.log
2015-04-25 14:09 - 2010-12-26 10:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job
2015-04-25 13:28 - 2015-01-30 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-25 12:11 - 2014-02-27 13:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2015-04-25 12:10 - 2014-02-27 13:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 12:10 - 2014-02-27 13:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-25 11:59 - 2014-04-13 09:35 - 00000000 ____D () C:\AdwCleaner
2015-04-25 11:38 - 2014-09-14 11:34 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-04-24 20:43 - 2014-02-25 08:16 - 00000000 ____D () C:\Users\Administrator\Desktop\Impian
2015-04-22 23:52 - 2015-03-19 23:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Marymount Stuff
2015-04-21 00:12 - 2015-02-13 20:48 - 00000000 ____D () C:\Users\Administrator\Documents\PaySlip2015
2015-04-17 20:43 - 2015-03-23 19:29 - 00000000 ____D () C:\Users\Administrator\Desktop\Warkah Zon Tgh
2015-04-17 20:39 - 2012-11-13 18:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 20:39 - 2012-11-13 18:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 20:39 - 2012-11-13 18:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 20:40 - 2009-07-14 13:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 19:28 - 2010-01-25 04:02 - 00002607 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-04-10 20:48 - 2015-01-23 18:50 - 00000000 ____D () C:\Users\Administrator\.android

==================== Files in the root of some directories =======

2015-04-17 20:54 - 2015-04-17 20:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-05-19 01:19 - 2014-05-31 14:53 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-17 20:32 - 2015-04-29 18:19 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin
2015-04-19 15:32 - 2015-04-25 11:34 - 0011804 _____ () C:\Users\Administrator\AppData\Local\Temp-log.txt
2013-09-26 07:30 - 2013-09-26 07:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-27 16:20 - 2010-03-27 16:20 - 0005037 _____ () C:\ProgramData\esswogwb.bbd
2010-01-25 03:47 - 2009-09-11 01:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-01-25 03:42 - 2010-01-25 03:43 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-01-25 03:42 - 2010-01-25 03:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-25 17:29

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by Administrator at 2015-04-29 18:32:31
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4094388179-336663474-334905840-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4094388179-336663474-334905840-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4094388179-336663474-334905840-1002 - Limited - Enabled)
Nisha (S-1-5-21-4094388179-336663474-334905840-1003 - Limited - Enabled) => C:\Users\Nisha

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version:  - Microsoft)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version:  - Microsoft)
Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.23 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.36.1260 - eCareme Technologies, Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_PROHYBRIDR_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_PROHYBRIDR_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_PROHYBRIDR_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_PROHYBRIDR_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BSR Screen Recorder 5 (HKLM-x32\...\BSRScreenRecorder5) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0401-0000-0000000FF1CE}_PROHYBRIDR_{77A2A458-985F-490F-A258-D6B612F6E8BF}) (Version:  - Microsoft)
ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0401-0000-0000000FF1CE}_PROHYBRIDR_{0A800271-844D-4C58-8954-809C424462AF}) (Version:  - Microsoft)
ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0401-0000-0000000FF1CE}_PROHYBRIDR_{543B51B2-9613-45A1-AAE4-329D821E94AF}) (Version:  - Microsoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Express Gate (HKLM-x32\...\{865CD808-6D31-4269-9D36-693CFE75D26A}) (Version: 1.2.13.18 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help ¸üР(KB963678) (HKLM-x32\...\{90120000-0016-0804-0000-0000000FF1CE}_PROHYBRIDR_{CECF0828-8F1F-4205-86B9-61683BAF0321}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678) (HKLM-x32\...\{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{15EEA099-97F0-4952-8597-88472FF062D2}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678) (HKLM-x32\...\{90120000-0016-0C04-0000-0000000FF1CE}_PROHYBRIDR_{E7CEA476-4DDD-4013-BB07-B053E3160C29}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help ©ºÑºÍѾഷ (KB963678) (HKLM-x32\...\{90120000-0016-041E-0000-0000000FF1CE}_PROHYBRIDR_{07419375-8A34-479C-831D-0EF4ADF4B945}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678) (HKLM-x32\...\{90120000-0016-041F-0000-0000000FF1CE}_PROHYBRIDR_{E792E914-5172-48B2-A58A-65C3F311C4E2}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help ¸üР(KB963677) (HKLM-x32\...\{90120000-001A-0804-0000-0000000FF1CE}_PROHYBRIDR_{CB739C4F-6ABE-4CB2-BC90-57583893094F}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669) (HKLM-x32\...\{90120000-0018-0C04-0000-0000000FF1CE}_PROHYBRIDR_{1E73141A-5BA5-4F90-920D-13D080499E45}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669) (HKLM-x32\...\{90120000-0018-0804-0000-0000000FF1CE}_PROHYBRIDR_{833A1F95-EEEB-47D3-B13F-3243AB2E7FA5}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669) (HKLM-x32\...\{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{A7688131-70CB-4945-BAFA-11053AC34D75}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help ©ºÑºÍѾഷ (KB963669) (HKLM-x32\...\{90120000-0018-041E-0000-0000000FF1CE}_PROHYBRIDR_{1075D7C8-AD2B-4717-A3B7-0E3C6417C5EA}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669) (HKLM-x32\...\{90120000-0018-041F-0000-0000000FF1CE}_PROHYBRIDR_{8C762073-C6A4-4A11-A639-1C73014FAE00}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665) (HKLM-x32\...\{90120000-001B-0C04-0000-0000000FF1CE}_PROHYBRIDR_{8DF0707E-D949-4176-98EC-2B54B8879F80}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help ¸üР(KB963665) (HKLM-x32\...\{90120000-001B-0804-0000-0000000FF1CE}_PROHYBRIDR_{53A3BCC0-3278-4729-8718-D17DEC19DE48}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665) (HKLM-x32\...\{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{AD30F628-2AAE-43E0-A0D8-CDFA976E6A9E}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help ©ºÑºÍѾഷ (KB963665) (HKLM-x32\...\{90120000-001B-041E-0000-0000000FF1CE}_PROHYBRIDR_{BA3C37F0-1BB7-4B44-8FB9-7DB86EE5BF39}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665) (HKLM-x32\...\{90120000-001B-041F-0000-0000000FF1CE}_PROHYBRIDR_{96E44099-EB0F-45A3-8831-40412110810D}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4094388179-336663474-334905840-500\...\MyFreeCodec) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0117 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SopCast 3.0.3 (HKLM-x32\...\SopCast) (Version: 3.0.3 - SopCast.com)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1700 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.12 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

16-04-2015 20:00:47 Windows Update
20-04-2015 21:57:30 Windows Update
24-04-2015 20:32:29 Windows Update
25-04-2015 11:20:45 Revo Uninstaller Pro's restore point - GeoSurf
25-04-2015 11:27:53 Revo Uninstaller Pro's restore point - MykonosInspector
25-04-2015 11:30:55 Revo Uninstaller Pro's restore point - SAlePlus
25-04-2015 11:33:38 Revo Uninstaller Pro's restore point - SaveeNewaAPpz
25-04-2015 11:36:52 Revo Uninstaller Pro's restore point - SpyHunter
25-04-2015 11:37:06 Removed SpyHunter
29-04-2015 18:16:33 Windows Update
29-04-2015 18:20:56 Revo Uninstaller Pro's restore point - Google Chrome

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01865F6F-C8AC-41E5-B93C-2AA9BD58DC66} - System32\Tasks\{FFA45083-5543-40B4-8A66-67FA8F28B42C} => pcalua.exe -a "D:\Pakej Lengkap Multimedia\Macromedia Studio MX 2004\Studio MX\Accessibility\Install Flash MX 2004.exe" -d "D:\Pakej Lengkap Multimedia\Macromedia Studio MX 2004\Studio MX\Accessibility"
Task: {0DD00529-35DA-465E-B64A-A959BF04A1BD} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-24] (ATK)
Task: {269DB520-4CB8-4F05-894C-200133D765DA} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
Task: {368AA33E-87EA-4C32-B34C-1C5D82CFFBC4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-16] ()
Task: {397A0725-63BC-4A9A-A56B-471E629C10D1} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-12] (TODO: <Company name>)
Task: {45014314-A9B0-41DB-B0EE-DB8C54CF11FD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {4A9AF9E6-BBC6-404D-9D56-E5C3D4F52749} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {4CEB2CE7-0A00-41C0-AC4A-7F69836B016D} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)
Task: {4E88F4C8-3854-49D7-A3E5-768461C8BEC9} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {6FF4D56D-3130-4CD8-B9B1-8B31F4F745C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {783228A5-D22D-4305-867E-345E6C383720} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {7F847985-F3A1-4042-A6A8-50D2E8407819} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {86E67B07-CFD1-448F-9399-05CDEFF6A080} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {C5189A40-5BF0-4FBD-86AA-7BC9D263E60D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF12BA3F-56EC-445B-9D17-C54847E3D5CA} - System32\Tasks\{FC6A2D0B-487E-4987-8EC1-4871BDB54A96} => pcalua.exe -a "C:\Program Files\BSR Screen Recorder 5\Uninstall Screen Recorder 5.exe"
Task: {F3C071F9-7BA2-49AD-810F-4A49CA297E21} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-09] (ATK)
Task: {F7A11CFD-F8E3-4FCC-AF69-23FD5BA722E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000Core.job => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4094388179-336663474-334905840-1000UA.job => C:\Users\Nur Shahidah\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-01-25 03:54 - 2007-08-08 16:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-04-14 22:26 - 2010-10-14 10:05 - 00290816 _____ () C:\Windows\System32\HP1100LM.DLL
2014-04-14 22:26 - 2010-10-14 10:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-12-18 15:27 - 2014-12-18 15:27 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2008-10-01 15:02 - 2008-10-01 15:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-09-16 09:34 - 2009-09-16 09:34 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-01-25 04:01 - 2007-12-01 03:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-08-29 07:00 - 2009-08-29 07:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-29 03:43 - 2009-08-29 03:43 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-25 03:54 - 2007-03-10 10:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-18 15:25 - 2014-12-18 15:25 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 15:29 - 2014-12-18 15:29 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 15:31 - 2014-12-18 15:31 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00063032 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4094388179-336663474-334905840-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{D4BF44F3-D427-4B81-A96B-D554ACB5277E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{DE60C696-204E-4EB8-A37E-54F1AC075C59}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D6290737-76E4-464D-9FB9-7510A4802506}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{FDD9CD5F-F0AC-462B-BF71-CA6112CA7F83}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0AEBE2F2-4A00-44A6-B661-BDD2D32CB324}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{B6446901-1DD7-4C21-8648-674416019F10}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A496B6FA-1D73-4B15-B595-FFDEDC8B63A8}] => (Allow) svchost.exe
FirewallRules: [{E5A32919-0613-4AAC-9185-EA5C6337EDA2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{5E911CD1-7594-41B4-9134-CEC19E450062}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C6CDDBB9-B960-4DF1-8B4A-3EBB8A20BD55}] => (Allow) LPort=2869
FirewallRules: [{B87ADD0D-A7A9-4525-AD86-FA2EBA4ACE6C}] => (Allow) LPort=1900
FirewallRules: [{412589AC-CA08-4214-ABAA-F330D1ECBEC7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{45947816-A348-4E94-B38B-C896C90EF0A6}] => (Allow) C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{A66B3C48-F46A-46A5-B662-BFC9612F761E}] => (Allow) C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{D024C082-C495-4638-A6DC-7EB3273A6DB6}] => (Allow) C:\Users\Nur Shahidah\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{A80462C8-8B47-4F2B-9813-4E1AAE90A0BD}] => (Allow) C:\Users\Nur Shahidah\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{E82D9132-7AB1-4A4F-B8F6-F1003768A74B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{25EFF7BA-5421-4ED3-BD38-7699AC821763}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{F8DE954A-0F6D-4E12-91FD-7CAFE00CCE95}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{75949265-B8B7-4965-BEDB-4D58D636ECF4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{AEBDB121-49AC-4934-A987-4FD39534166F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{C4C65E85-1F2E-425D-AE0D-E3E716768235}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{AC870090-B6F6-4875-9EA4-8B31C286469F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{23110BB3-000C-4128-A4F7-3B54C7B0086C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B9146995-6951-43C2-8C60-AE76E682D1F3}] => (Allow) D:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe
FirewallRules: [{821AA194-A9EB-4438-BC44-7E44BA9AE4FB}] => (Allow) D:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe
FirewallRules: [{21567C03-FFF0-43CA-B4CE-0729BB5185C2}] => (Allow) LPort=9100
FirewallRules: [{7E2A9FA5-47C2-4ECC-BA15-F172AC8C546E}] => (Allow) LPort=427
FirewallRules: [{7E27912B-4976-44EB-A365-50466B544258}] => (Allow) LPort=161
FirewallRules: [{10D702FF-5BDB-4423-8145-303ADB83F8C0}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{CCBD90C0-1CDC-411D-846D-95B3BE4D51CC}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{38D5A279-34AB-4934-B2F3-667D62BDF74C}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{857083D3-2429-49FC-BD7D-E779DE12187B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E4B42A3F-386F-4E18-A4EC-4594E2AB15DD}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{0D191284-A7A2-4949-850E-9F3D27E12819}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{C615C09F-F353-425B-B9F6-A75326564E17}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{188873B4-91D5-404D-B534-76FC248A5BF4}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{436B57D2-A9EA-4D00-A15D-17BBD666356E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{44626502-E8DB-499C-9A68-77DC9B630823}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{C80F2094-17FC-47D5-A8F8-EF9853418112}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [{4A353FDB-76BF-4BE2-8704-52BB384B622E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{07D22216-3D98-49AF-B573-FA676F9D8BB9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E2E82B5F-25E0-4B68-A35A-71BA88377278}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{5C799267-6E74-4960-93C9-C09C2C6C03DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30A17ED4-415E-4CB6-AB6B-F87BCC8F2DBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0946E890-69E7-431A-A615-693C17726C4E}C:\users\administrator\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Block) C:\users\administrator\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe
FirewallRules: [UDP Query User{9158F22E-294D-491F-8C8C-79A56F5DCAFD}C:\users\administrator\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Block) C:\users\administrator\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe
FirewallRules: [{E2DF6019-AF02-4273-A2D7-17F8B12BBA65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A659EC4A-3FBD-435A-ABEB-BCEA3C51C666}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2015 11:48:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/27/2015 09:17:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/27/2015 09:17:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/27/2015 09:17:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/27/2015 09:17:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/27/2015 05:58:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x007c915a
Faulting process id: 0x10e4
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (04/27/2015 05:13:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x007c915a
Faulting process id: 0x994
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (04/25/2015 11:20:43 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2431e843-9f2e-4792-9605-84bd32fdd1fe}

Error: (04/03/2015 11:23:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6611.1000, time stamp: 0x4e5d44a0
Faulting module name: EXCEL.EXE, version: 12.0.6611.1000, time stamp: 0x4e5d44a0
Exception code: 0xc0000005
Fault offset: 0x0004bc53
Faulting process id: 0x1080
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (02/01/2015 01:47:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: ADIB-ASUS)
Description: Product: Adobe Reader 9.5.2 -- A process is running that cannot be shut down by Setup.  Please either close all applications and run Setup again, or restart your computer and run Setup again.

System errors:
=============
Error: (04/29/2015 06:03:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/29/2015 06:03:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
%%2

Error: (04/28/2015 06:17:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/28/2015 06:17:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
%%2

Error: (04/27/2015 09:11:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/27/2015 09:11:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
%%2

Error: (04/27/2015 09:00:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/27/2015 08:59:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/27/2015 08:59:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/27/2015 08:59:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU U 380 @ 1.33GHz
Percentage of memory in use: 44%
Total physical RAM: 3885.23 MB
Available physical RAM: 2142.38 MB
Total Pagefile: 7768.6 MB
Available Pagefile: 5635.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.43 GB) (Free:202.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8)
Partition 2: (Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:46 AM

Posted 29 April 2015 - 05:39 AM



lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 hadugen82

hadugen82
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 30 April 2015 - 10:53 AM

Hi,

 

Thank goodness, the annoying ads stop redirecting. You are truly a computer expert, man! Wonderful!

Now I can continue surfing without any trouble.....thank you soooooo much!!!! You are superb!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users