Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"nameFiles".exe is not valid win32 application


  • Please log in to reply
3 replies to this topic

#1 lintangtimur

lintangtimur

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:indonesia
  • Local time:03:18 PM

Posted 28 July 2015 - 12:57 PM

detected with emisoft anti malware >> win32 virtob gen 12.

when i start "CMD , tskmgr, explorer, regedit and another .exe" is respond not valid win32 application.

Now i run with SafeMode. and finished to sfc /scannow.

I have report file from FRST.

so confused..

sorry for bad english

 

this FRST logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-07-2015
Ran by lintang (administrator) on LINTANG-PC (29-07-2015 00:46:24)
Running from C:\Users\lintang\Desktop
Loaded Profiles: lintang (Available Profiles: lintang)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [590144 2015-06-18] (Razer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1855672 2015-07-03] (Adobe Systems Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [888440 2015-06-16] (BlueStack Systems, Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4939288 2015-07-27] (Emsisoft Ltd)
HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\Run: [WinFLTray] => C:\Windows\system32\WinFLTray.exe [330040 2015-05-04] ( New Softwares.net)
HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\Run: [FLBackup] => C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275768 2015-05-04] (New Softwares.net)
HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3907152 2015-07-10] (Tonec Inc.)
HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)
HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-09] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51754;https=127.0.0.1:51754
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-882706634-3006599123-4155412580-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-14] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-14] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-04-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{BC85909B-4487-49FF-9849-2D6DE3B5ECAE}: [DhcpNameServer] 192.168.1.254 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\lintang\AppData\Roaming\Mozilla\Firefox\Profiles\azsewcp2.default-1424970230041
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-14] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-05-27] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\lintang\AppData\Roaming\Mozilla\Firefox\Profiles\azsewcp2.default-1424970230041\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-27]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-06-10]
FF HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\lintang\AppData\Roaming\IDM\idmmzcc7
FF Extension: IDM integration - C:\Users\lintang\AppData\Roaming\IDM\idmmzcc7 [2015-07-16]
FF HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\lintang\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\lintang\AppData\Roaming\IDM\idmmzcc5 [2015-07-16]

Chrome: 
=======
CHR Profile: C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-07]
CHR Extension: (YouTube) - C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-07]
CHR Extension: (Adblock Plus) - C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-23]
CHR Extension: (Google Search) - C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-07]
CHR Extension: (AdBlock) - C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-08]
CHR Extension: (IDM Integration Module) - C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-07]
CHR Extension: (Gmail) - C:\Users\lintang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-07]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKU\S-1-5-21-882706634-3006599123-4155412580-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\lintang\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-02]
CHR HKU\S-1-5-21-882706634-3006599123-4155412580-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5525328 2015-07-27] (Emsisoft Ltd)
S3 ALG; C:\Windows\System32\alg.exe [87040 2009-07-14] (Microsoft Corporation) [File not signed]
S2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2015-07-16] (AOMEI Tech Co., Ltd.)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [822904 2015-06-16] (BlueStack Systems, Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [584192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [122368 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [550912 2010-11-20] (Microsoft Corporation) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [130560 2015-06-20] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [161792 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [100864 2015-06-16] (Microsoft Corporation) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-24] ()
S3 RpcLocator; C:\Windows\system32\locator.exe [36864 2009-07-14] (Microsoft Corporation) [File not signed]
S2 RzKLService; C:\Program Files\Razer\Razer Cortex\RzKLService.exe [129168 2015-07-14] (Razer Inc.)
S2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [3672576 2015-02-03] (A-Volute) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S2 Spooler; C:\Windows\System32\spoolsv.exe [345088 2012-02-11] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3209216 2010-11-20] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [99328 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [232448 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [63488 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [481280 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1053184 2010-11-20] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1230848 2010-11-20] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [163840 2009-07-14] (Microsoft Corporation) [File not signed]
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1149440 2010-11-20] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [455168 2011-05-04] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2015-02-26] () [File not signed]
S2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2015-02-26] () [File not signed]
S2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2015-02-26] () [File not signed]
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25728 2012-01-16] (Google Inc)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [102888 2012-02-21] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [315368 2012-02-21] (ASMedia Technology Inc)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-06-16] (BlueStack Systems)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-06-26] (Emsisoft GmbH)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-04-27] (REALiX(tm))
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [505192 2013-08-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25448 2013-08-01] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-18] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2013-07-18] (Qualcomm Atheros Co., Ltd.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S4 mchInjDrv; C:\Users\lintang\AppData\Local\Temp\mc2C62F.tmp [2560 2015-07-12] () [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation)
S2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2015-05-04] ()
S3 OEM; C:\Windows\System32\DRIVERS\hs60x5usbser.sys [107000 2012-01-16] (QUALCOMM Incorporated)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14336 2014-11-28] (Research in Motion Limited) [File not signed]
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-06-12] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [97088 2015-03-04] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [32960 2015-02-09] (Windows (R) Win 7 DDK provider)
S1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-11-06] (TeamViewer GmbH)
S1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [31352 2015-05-04] ()
S3 doer.sys; \??\C:\Users\lintang\AppData\Local\Temp\Rar$EXa0.359\OEPFinders\doer.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 Engine; \??\C:\Users\lintang\AppData\Local\Temp\Rar$EXa0.029\Engine.sys [X]
S3 IlvMoneyDRIVER53; \??\C:\Users\lintang\Desktop\MoonLight+Engine+1312.4.0.0\Money1312.sys [X]
S3 KIKIDRIVER; \??\C:\Users\lintang\Desktop\Kiki Engine 1.41\kiki.sys [X]
S3 rdtsc.sys; \??\C:\Users\lintang\AppData\Local\Temp\rdtsc.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S1 WindroyeBoxDrv; \??\C:\Program Files\WindroyeBox\WindroyeBoxDrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 00:46 - 2015-07-29 00:46 - 00020903 _____ C:\Users\lintang\Desktop\FRST.txt
2015-07-29 00:44 - 2015-07-29 00:45 - 01678336 _____ (Farbar) C:\Users\lintang\Desktop\FRST.exe
2015-07-29 00:44 - 2015-07-29 00:45 - 00000000 ____D C:\Users\lintang\Downloads\FRST-OlderVersion
2015-07-29 00:25 - 2015-07-29 00:25 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2015-07-29 00:21 - 2015-07-29 00:21 - 00121324 _____ C:\Users\lintang\Downloads\cmd.zip
2015-07-29 00:18 - 2015-07-29 00:18 - 00000000 ____D C:\Users\lintang\AppData\Roaming\dll-files.com
2015-07-29 00:17 - 2015-07-29 00:17 - 05426893 _____ C:\Users\lintang\Downloads\Dll.fixer.3.2.81.3050.kuyhAa.rar
2015-07-29 00:17 - 2015-07-29 00:17 - 00001046 _____ C:\Users\Public\Desktop\Dll-Files Fixer.lnk
2015-07-29 00:17 - 2015-07-29 00:17 - 00001046 _____ C:\ProgramData\Desktop\Dll-Files Fixer.lnk
2015-07-29 00:17 - 2015-07-29 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-07-29 00:17 - 2015-07-29 00:17 - 00000000 ____D C:\Program Files\Dll-Files.com Fixer
2015-07-29 00:17 - 2014-06-10 12:27 - 00017344 _____ (Dll-Files.com) C:\Windows\system32\roboot.exe
2015-07-29 00:10 - 2015-06-29 04:21 - 00000997 _____ C:\Users\lintang\Desktop\disable_activation.cmd
2015-07-29 00:08 - 2015-07-29 00:23 - 00000270 _____ C:\Windows\Tasks\RDReminder.job
2015-07-29 00:08 - 2015-07-29 00:08 - 01375796 _____ C:\Users\lintang\Downloads\Keygen + _.rar
2015-07-29 00:08 - 2015-07-29 00:08 - 00000000 ____D C:\ProgramData\TEMP
2015-07-29 00:07 - 2015-07-29 00:08 - 05403232 _____ (Dll-Files.com ) C:\Users\lintang\Downloads\dffsetup.exe
2015-07-29 00:00 - 2015-07-29 00:00 - 00000000 ____D C:\Program Files\IU DLL Fixer
2015-07-28 23:58 - 2015-07-29 00:00 - 16411924 _____ ( ) C:\Users\lintang\Downloads\IU_DLLFixer.exe
2015-07-28 23:48 - 2015-07-28 23:48 - 00000500 _____ C:\EamClean.log
2015-07-28 23:10 - 2015-07-28 23:49 - 00001198 _____ C:\Windows\PFRO.log
2015-07-28 20:09 - 2015-07-28 20:09 - 00000082 _____ C:\Windows\system32\winsevr.dat
2015-07-28 20:08 - 2015-07-28 20:09 - 00000000 ____D C:\Program Files\AOMEI Backupper
2015-07-28 20:08 - 2015-07-28 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2015-07-28 20:08 - 2015-07-28 20:08 - 00000000 ____D C:\ProgramData\AomeiBR
2015-07-28 20:08 - 2015-02-26 00:00 - 00129720 _____ C:\Windows\system32\ammntdrv.sys
2015-07-28 20:08 - 2015-02-26 00:00 - 00026424 _____ C:\Windows\system32\ambakdrv.sys
2015-07-28 20:08 - 2015-02-26 00:00 - 00014392 _____ C:\Windows\system32\amwrtdrv.sys
2015-07-28 20:04 - 2015-07-28 20:04 - 00000000 ____D C:\ProgramData\Emsisoft
2015-07-28 19:43 - 2015-07-28 23:41 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-07-28 19:43 - 2015-07-28 19:43 - 00001049 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-07-28 19:43 - 2015-07-28 19:43 - 00001049 _____ C:\ProgramData\Desktop\Emsisoft Anti-Malware.lnk
2015-07-28 19:43 - 2015-07-28 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-07-28 12:06 - 2015-07-28 12:06 - 00000725 _____ C:\Users\lintang\Downloads\batfix.zip
2015-07-28 11:31 - 2015-07-28 11:32 - 01554950 _____ C:\Users\lintang\Downloads\compressjpeg.zip
2015-07-27 23:39 - 2015-07-28 23:10 - 00000280 _____ C:\Windows\setupact.log
2015-07-27 23:39 - 2015-07-27 23:39 - 00000000 _____ C:\Windows\setuperr.log
2015-07-27 19:22 - 2015-07-27 19:22 - 00002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-27 19:22 - 2015-07-27 19:22 - 00002191 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-07-27 19:22 - 2015-07-27 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-27 19:16 - 2015-07-27 19:17 - 00931408 _____ (Google Inc.) C:\Users\lintang\Downloads\ChromeSetup.exe
2015-07-27 19:15 - 2015-07-27 19:15 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-27 19:15 - 2015-07-27 19:15 - 00001105 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2015-07-27 17:09 - 2015-07-27 17:32 - 00037703 _____ C:\rmvirut.log
2015-07-27 16:29 - 2015-07-27 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2015-07-26 10:15 - 2015-07-26 10:15 - 00000000 _____ C:\Users\lintang\AppData\Local\{6C753188-5CB9-47B5-90B5-B8273D02CA77}
2015-07-24 19:06 - 2015-07-28 20:09 - 00000000 ____D C:\Users\lintang\Desktop\ClashBot_7.5
2015-07-24 18:26 - 2015-07-24 18:26 - 00001765 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-07-24 18:26 - 2015-07-24 18:26 - 00001765 _____ C:\ProgramData\Desktop\Start BlueStacks.lnk
2015-07-24 18:25 - 2015-07-24 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-07-24 18:25 - 2015-07-24 18:25 - 00000000 ____D C:\ProgramData\BlueStacks
2015-07-24 18:25 - 2015-07-24 18:25 - 00000000 ____D C:\Program Files\BlueStacks
2015-07-24 18:24 - 2015-07-24 18:24 - 00000000 ____D C:\Users\lintang\AppData\Local\Bluestacks
2015-07-23 21:23 - 2015-07-23 21:23 - 00000000 ____D C:\Users\lintang\Documents\Razer
2015-07-23 21:23 - 2015-07-23 21:23 - 00000000 ____D C:\Users\lintang\AppData\Local\Razer_Inc
2015-07-23 21:22 - 2015-07-23 21:22 - 00001992 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2015-07-23 21:22 - 2015-07-23 21:22 - 00001992 _____ C:\ProgramData\Desktop\Razer Cortex.lnk
2015-07-22 23:41 - 2015-07-22 23:41 - 00000261 _____ C:\Users\lintang\Documents\CS_SOURCE_TRIGGER.txt
2015-07-20 15:14 - 2015-06-26 00:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-20 15:14 - 2015-06-20 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-20 15:14 - 2015-06-20 01:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-20 15:14 - 2015-06-20 01:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-20 15:14 - 2015-06-20 01:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-20 15:14 - 2015-06-20 01:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-20 15:14 - 2015-06-20 01:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-20 15:14 - 2015-06-20 01:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-20 15:14 - 2015-06-20 01:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-20 15:14 - 2015-06-20 01:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-20 15:14 - 2015-06-20 01:13 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-20 15:14 - 2015-06-20 01:13 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-20 15:14 - 2015-06-20 01:06 - 00695296 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-20 15:14 - 2015-06-20 01:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-20 15:14 - 2015-06-20 00:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-20 15:14 - 2015-06-20 00:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-20 15:14 - 2015-06-20 00:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-20 15:14 - 2015-06-20 00:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-20 15:14 - 2015-06-20 00:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-20 15:14 - 2015-06-20 00:40 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-20 15:14 - 2015-06-20 00:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-20 15:14 - 2015-06-20 00:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-20 15:14 - 2015-06-20 00:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-20 15:14 - 2015-06-20 00:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-20 15:13 - 2015-07-20 15:13 - 00000000 ____D C:\Users\lintang\AppData\Local\GWX
2015-07-20 15:12 - 2015-07-03 04:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-20 15:12 - 2015-07-03 02:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-20 15:11 - 2015-07-03 04:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-20 15:11 - 2015-07-03 03:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-20 15:11 - 2015-07-03 03:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-20 15:11 - 2015-07-03 03:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-20 15:06 - 2015-07-10 00:44 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-20 15:06 - 2015-07-10 00:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-20 15:06 - 2015-07-10 00:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-20 15:06 - 2015-07-10 00:43 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-20 15:06 - 2015-07-10 00:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-20 15:06 - 2015-07-10 00:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-20 15:06 - 2015-07-10 00:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-20 15:06 - 2015-07-10 00:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-20 15:06 - 2015-07-10 00:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-20 15:06 - 2015-07-10 00:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-20 15:06 - 2015-07-10 00:42 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-20 15:06 - 2015-07-10 00:42 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-20 15:06 - 2015-07-10 00:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-20 15:06 - 2015-07-10 00:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-20 15:06 - 2015-07-10 00:42 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-20 15:06 - 2015-07-10 00:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-20 15:06 - 2015-07-10 00:42 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-20 15:06 - 2015-07-10 00:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-20 15:06 - 2015-07-10 00:34 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-20 15:06 - 2015-07-05 00:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-20 15:06 - 2015-07-02 03:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-20 15:06 - 2015-07-02 03:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-20 15:06 - 2015-07-02 03:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-20 15:06 - 2015-07-02 03:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-20 15:06 - 2015-07-02 03:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-20 15:06 - 2015-07-02 03:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-20 15:06 - 2015-07-02 03:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-20 15:06 - 2015-07-02 03:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-20 15:06 - 2015-07-02 03:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-20 15:06 - 2015-07-02 02:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-20 15:06 - 2015-07-02 02:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-20 15:06 - 2015-07-02 02:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-20 15:06 - 2015-06-25 15:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-20 15:06 - 2015-06-18 00:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-20 15:06 - 2015-06-16 04:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-20 15:06 - 2015-06-16 04:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-20 15:06 - 2015-06-16 04:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-20 15:06 - 2015-06-16 04:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-20 15:06 - 2015-06-16 04:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-20 15:06 - 2015-06-16 04:42 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-20 15:06 - 2015-06-16 04:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-20 15:06 - 2015-06-12 00:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-20 15:06 - 2015-06-12 00:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-20 15:06 - 2015-06-12 00:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-20 15:06 - 2015-06-11 22:20 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-20 15:06 - 2015-06-10 02:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-20 15:06 - 2015-06-10 02:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-20 15:02 - 2015-07-04 00:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 15:02 - 2015-07-04 00:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 15:02 - 2015-07-04 00:56 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 15:02 - 2015-07-04 00:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 15:02 - 2015-07-03 23:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 15:02 - 2015-06-02 06:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-20 15:01 - 2015-06-27 08:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-20 15:01 - 2015-06-27 08:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-20 14:39 - 2015-06-02 18:01 - 00000800 _____ C:\Users\lintang\Desktop\ReserveWin10.cmd
2015-07-19 00:13 - 2015-03-16 20:13 - 08394627 _____ C:\Users\lintang\Desktop\Tutorial How to search offset Hook i3GfxDx.mp4
2015-07-18 17:05 - 2015-07-18 22:13 - 00000094 _____ C:\Users\lintang\Documents\PB.layout
2015-07-18 17:05 - 2015-07-18 17:05 - 00000786 _____ C:\Users\lintang\Documents\libPB.a
2015-07-18 17:05 - 2015-07-18 17:05 - 00000000 _____ C:\Users\lintang\Documents\libPB.def
2015-07-18 17:01 - 2015-07-18 22:03 - 00001434 _____ C:\Users\lintang\Documents\PB.h
2015-07-18 17:01 - 2015-07-18 17:02 - 00000634 _____ C:\Users\lintang\Documents\PB.cpp
2015-07-18 16:42 - 2015-07-18 17:10 - 00001040 _____ C:\Users\lintang\Documents\PB.dev
2015-07-18 15:05 - 2015-07-22 19:59 - 00007604 _____ C:\Users\lintang\AppData\Local\Resmon.ResmonCfg
2015-07-16 02:06 - 2015-07-16 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Decompiler Pro
2015-07-16 02:06 - 2015-07-16 02:06 - 00000000 ____D C:\Program Files\VB Decompiler Pro
2015-07-15 22:48 - 2006-07-07 20:15 - 00023147 _____ C:\Users\lintang\Desktop\tute.html
2015-07-15 22:47 - 2006-07-07 20:16 - 00000000 ____D C:\Users\lintang\Desktop\Images
2015-07-15 19:04 - 2015-07-15 19:04 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-14 22:05 - 2015-07-14 22:05 - 00001085 _____ C:\Users\lintang\Desktop\Counter-Strike Source.lnk
2015-07-14 22:05 - 2015-07-14 22:05 - 00000000 ____D C:\Users\lintang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2015-07-14 22:05 - 2015-07-14 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
2015-07-14 22:02 - 2015-07-14 22:06 - 00000000 ____D C:\Program Files\Counter-Strike Source
2015-07-14 21:56 - 2015-07-24 18:22 - 00000000 ____D C:\Program Files\MySQL
2015-07-14 18:54 - 2015-07-14 18:54 - 00000000 ____D C:\Program Files\PremiumSoft
2015-07-14 18:54 - 2006-04-13 11:30 - 01073152 _____ C:\Windows\system32\libmysql_c.dll
2015-07-14 18:53 - 2015-07-14 22:36 - 00000000 ____D C:\ProgramData\MySQL
2015-07-13 20:31 - 2015-07-13 20:31 - 00000000 ___RD C:\Sandbox
2015-07-13 20:29 - 2015-07-15 18:23 - 00001588 _____ C:\Windows\Sandboxie.ini
2015-07-13 19:47 - 2015-07-13 19:47 - 00001228 _____ C:\Users\lintang\Documents\xhunter.reg
2015-07-12 15:17 - 2015-07-13 19:47 - 00000438 _____ C:\Users\lintang\Desktop\TUtorN3.txt
2015-07-12 14:58 - 2015-07-12 14:58 - 00000000 ____D C:\Users\lintang\AppData\Roaming\Process Hacker 2
2015-07-12 14:23 - 2015-07-12 15:56 - 00001913 _____ C:\Users\lintang\Desktop\settings.xml
2015-07-11 17:25 - 2015-07-11 17:27 - 00000000 ____D C:\Users\lintang\Downloads\Ensage Cracked v4
2015-07-11 14:16 - 2015-07-11 17:24 - 00000000 ____D C:\Users\lintang\Desktop\Ensage Cracked v4
2015-07-11 14:15 - 2015-07-11 14:16 - 39256184 _____ C:\Users\lintang\Downloads\Ensage Cracked v4 .zip
2015-07-10 22:55 - 2015-07-11 01:23 - 00000000 ____D C:\Users\lintang\Documents\Stronghold Crusader
2015-07-10 15:17 - 2015-06-12 09:00 - 00123968 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-07-10 09:47 - 2015-07-10 09:47 - 00000000 ____D C:\Users\lintang\Documents\Speedy
2015-07-09 21:36 - 2015-07-09 21:36 - 00000989 _____ C:\Users\Public\Desktop\PointBlank Garena.lnk
2015-07-09 21:36 - 2015-07-09 21:36 - 00000989 _____ C:\ProgramData\Desktop\PointBlank Garena.lnk
2015-07-09 21:21 - 2015-07-09 21:36 - 00000000 ____D C:\Program Files\GarenaPBID
2015-07-08 18:14 - 2015-07-08 18:14 - 00000093 _____ C:\Users\lintang\Documents\DEVPERTAMA.layout
2015-07-08 17:50 - 2015-07-18 17:05 - 00001181 _____ C:\Users\lintang\Documents\Makefile.win
2015-07-08 17:50 - 2015-07-08 18:14 - 01365998 _____ C:\Users\lintang\Documents\DEVPERTAMA.exe
2015-07-08 17:50 - 2015-07-08 18:14 - 00000908 _____ C:\Users\lintang\Documents\DEVPERTAMA.dev
2015-07-08 17:50 - 2015-07-08 18:14 - 00000360 _____ C:\Users\lintang\Documents\main.cpp
2015-07-08 17:45 - 2015-07-08 17:59 - 00000000 ____D C:\Users\lintang\AppData\Roaming\Dev-Cpp
2015-07-08 17:45 - 2015-07-08 17:45 - 00000954 _____ C:\Users\lintang\Desktop\Dev-C++.lnk
2015-07-08 17:45 - 2015-07-08 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2015-07-08 17:44 - 2015-07-08 17:44 - 00000000 ____D C:\Program Files\Dev-Cpp
2015-07-08 17:32 - 2015-07-08 17:37 - 00000000 ____D C:\Users\lintang\AppData\Roaming\CodeBlocks
2015-07-08 17:31 - 2015-07-08 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-07-08 15:26 - 2015-07-08 15:26 - 00350215 __RSH C:\LAUCX
2015-07-08 15:25 - 2015-07-08 15:25 - 00057654 _____ C:\Windows\OEMLogo.bmp
2015-07-08 15:12 - 2015-01-09 09:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-07-08 15:12 - 2015-01-09 09:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-07-08 15:12 - 2015-01-09 09:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-07-07 23:46 - 2015-07-07 23:46 - 00000188 _____ C:\Users\lintang\Desktop\tutor.txt
2015-07-07 00:42 - 2015-07-28 23:13 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04376b4127e0a.job
2015-07-07 00:42 - 2015-07-28 22:54 - 00001000 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-06 21:44 - 2015-07-06 21:44 - 00001374 _____ C:\Users\lintang\Documents\cekPING.exe.log
2015-07-06 21:42 - 2015-07-16 01:56 - 00000016 _____ C:\ProgramData\mntemp
2015-07-04 15:56 - 2015-07-04 15:56 - 00005077 _____ C:\ProgramData\hremolch.xko
2015-07-04 15:55 - 2015-07-04 15:55 - 00004992 _____ C:\ProgramData\pfrfyosn.oni
2015-07-04 15:54 - 2015-07-04 15:54 - 00005096 _____ C:\ProgramData\lysfkonp.uuy
2015-07-04 13:36 - 2015-07-04 13:36 - 00000000 ____D C:\Users\lintang\AppData\Local\CEF
2015-07-04 12:15 - 2015-07-04 12:15 - 00000000 ____D C:\Users\lintang\Documents\PKL NEW
2015-07-02 23:47 - 2012-07-16 01:57 - 00016259 _____ C:\Windows\system32\Macro.dll
2015-07-02 14:25 - 2015-07-02 14:25 - 00000000 ____D C:\Users\lintang\AppData\Local\Ensage
2015-07-02 11:28 - 2015-07-02 11:28 - 00000266 _____ C:\Users\lintang\Documents\undip.txt
2015-06-30 13:09 - 2015-06-30 13:09 - 00000318 _____ C:\Windows\WpePro.net.INI
2015-06-30 12:05 - 2015-06-30 12:05 - 00000266 _____ C:\Users\lintang\Documents\aaaaUNDIP.txt
2015-06-30 11:36 - 2015-06-30 11:36 - 00000000 ____D C:\Users\lintang\AppData\Roaming\xim
2015-06-30 11:23 - 2015-07-28 12:46 - 00000000 ____D C:\Program Files\Garena Plus
2015-06-30 11:23 - 2015-07-09 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2015-06-30 11:23 - 2015-07-09 21:22 - 00001021 _____ C:\Users\Public\Desktop\Garena+.lnk
2015-06-30 11:23 - 2015-07-09 21:22 - 00001021 _____ C:\ProgramData\Desktop\Garena+.lnk
2015-06-30 10:52 - 2015-07-28 12:48 - 00000000 ____D C:\Users\lintang\AppData\Roaming\GarenaPlus
2015-06-30 10:52 - 2015-06-30 10:52 - 00000000 ____D C:\Users\lintang\AppData\Roaming\Garena
2015-06-30 10:52 - 2015-06-30 10:52 - 00000000 ____D C:\ProgramData\Garena
2015-06-30 10:51 - 2015-07-28 12:48 - 00000000 ____D C:\ProgramData\GarenaMessenger

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 00:46 - 2015-06-26 17:17 - 00000000 ____D C:\FRST
2015-07-28 23:55 - 2014-09-25 20:48 - 02032179 _____ C:\Windows\WindowsUpdate.log
2015-07-28 23:41 - 2009-07-14 11:34 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-28 23:41 - 2009-07-14 11:34 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-28 23:40 - 2014-09-28 22:27 - 00000000 ____D C:\Users\lintang\AppData\Roaming\DMCache
2015-07-28 23:37 - 2014-09-30 16:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-28 23:15 - 2015-03-15 21:15 - 00000000 ____D C:\Program Files\SMADAV
2015-07-28 23:10 - 2009-07-14 14:49 - 00000000 ____D C:\Windows\CSC
2015-07-28 23:10 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-28 20:44 - 2015-06-26 21:12 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-28 20:34 - 2015-06-26 22:36 - 00000000 ___SD C:\32788R22FWJFW
2015-07-28 20:19 - 2015-03-02 16:46 - 00000000 ___RD C:\Users\lintang\Google Drive
2015-07-28 20:09 - 2015-06-25 09:13 - 00000000 ____D C:\Program Files\[eMo]Web Browser Optimizer
2015-07-28 20:09 - 2015-06-19 19:41 - 00000000 ___RD C:\Users\lintang\Downloads\Morphine 2.7
2015-07-28 20:09 - 2015-04-28 13:42 - 00000000 ____D C:\Program Files\AutoIt3
2015-07-28 20:09 - 2015-04-27 14:13 - 00000000 ____D C:\Users\lintang\AppData\Roaming\.minecraft
2015-07-28 20:09 - 2015-03-28 17:41 - 00000000 ____D C:\Program Files\WTFast
2015-07-28 20:09 - 2015-03-15 21:13 - 00000000 ____D C:\Program Files\SVP
2015-07-28 20:09 - 2014-11-11 18:23 - 00000000 ____D C:\Program Files\No-IP
2015-07-28 20:09 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Help
2015-07-28 19:40 - 2014-09-28 23:06 - 00000000 ____D C:\Users\lintang\AppData\Roaming\vlc
2015-07-28 19:22 - 2015-05-12 13:45 - 00000000 ____D C:\Users\lintang\AppData\Roaming\IDM
2015-07-28 13:38 - 2015-06-11 18:40 - 00000000 ____D C:\Program Files\Steam
2015-07-28 12:59 - 2015-06-26 21:19 - 00000000 ____D C:\EEK
2015-07-28 12:41 - 2015-05-14 16:47 - 00000000 ____D C:\AdwCleaner
2015-07-28 11:29 - 2015-06-13 23:18 - 00000000 ____D C:\Users\lintang\AppData\Local\CrashDumps
2015-07-27 20:40 - 2014-10-15 14:16 - 00000000 ____D C:\Windows\Minidump
2015-07-27 19:21 - 2014-09-25 22:49 - 00000000 ____D C:\Program Files\Google
2015-07-27 19:10 - 2014-09-28 22:27 - 00000000 ____D C:\Users\lintang\Downloads\Compressed
2015-07-27 17:07 - 2015-03-15 21:15 - 00000000 __SHD C:\[Smad-Cage]
2015-07-27 17:07 - 2009-07-14 09:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-27 13:36 - 2014-09-25 20:56 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-24 18:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-24 18:26 - 2009-07-14 09:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-24 17:39 - 2014-09-25 21:31 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-24 17:39 - 2014-09-25 21:31 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-23 21:22 - 2015-05-19 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-07-23 21:22 - 2015-05-19 11:51 - 00000000 ____D C:\Program Files\Razer
2015-07-23 21:22 - 2015-05-19 11:48 - 00000000 ____D C:\Users\lintang\AppData\Local\Razer
2015-07-23 21:22 - 2015-05-19 11:48 - 00000000 ____D C:\ProgramData\Razer
2015-07-23 21:20 - 2014-09-28 22:27 - 00000000 ____D C:\Users\lintang\Downloads\Video
2015-07-23 18:36 - 2014-09-28 22:43 - 00000000 ____D C:\Users\lintang\AppData\Roaming\uTorrent
2015-07-22 23:54 - 2014-09-25 21:34 - 00614992 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.ocx
2015-07-22 23:54 - 2014-09-25 21:34 - 00136008 _____ (Microsoft Corporation) C:\Windows\system32\msinet.ocx
2015-07-22 23:54 - 1999-05-07 00:30 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\COMDLG32.OCX
2015-07-20 16:43 - 2009-07-14 11:33 - 00436192 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 16:41 - 2015-06-17 16:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-20 16:41 - 2014-09-30 03:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-20 15:41 - 2014-12-21 17:03 - 00000000 ____D C:\Windows\system32\MRT
2015-07-20 12:59 - 2015-06-10 08:48 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-07-20 12:59 - 2015-06-10 08:48 - 00002007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-07-20 12:59 - 2015-06-05 17:43 - 00001428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-07-20 12:59 - 2015-06-05 17:43 - 00001416 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2015-07-20 12:59 - 2015-06-05 17:43 - 00001416 _____ C:\ProgramData\Desktop\Adobe Application Manager.lnk
2015-07-18 17:48 - 2014-09-30 16:52 - 00001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-07-18 17:48 - 2014-09-30 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-07-18 12:07 - 2015-03-02 16:41 - 00001998 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-18 12:07 - 2015-03-02 16:41 - 00001998 _____ C:\ProgramData\Desktop\Google Sheets.lnk
2015-07-18 12:07 - 2015-03-02 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-16 11:33 - 2014-09-28 22:57 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-07-16 01:04 - 2014-09-28 22:27 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-07-15 19:05 - 2014-09-28 22:24 - 00000000 ____D C:\ProgramData\Oracle
2015-07-15 19:04 - 2014-09-28 22:23 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-15 19:03 - 2014-09-28 22:23 - 00000000 ____D C:\Program Files\Java
2015-07-14 14:10 - 2014-09-25 20:52 - 00113872 _____ C:\Users\lintang\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-11 16:28 - 2014-09-25 21:34 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-11 09:40 - 2014-10-19 13:10 - 00000000 ____D C:\Users\lintang\Documents\My Cheat Tables
2015-07-10 11:24 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-10 09:49 - 2015-06-26 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-10 09:49 - 2015-06-26 21:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-08 18:14 - 2015-05-27 21:26 - 00001580 _____ C:\Users\lintang\Documents\main.o
2015-07-08 17:22 - 2015-05-27 22:31 - 00000000 ____D C:\Users\lintang\AppData\Roaming\codelite
2015-07-08 15:51 - 2014-12-21 17:44 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-08 15:27 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\tracing
2015-07-07 21:39 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Resources
2015-07-07 17:01 - 2014-09-28 23:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-07 16:59 - 2014-09-28 22:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-07 16:51 - 2009-07-14 09:04 - 00000478 _____ C:\Windows\win.ini
2015-07-07 00:51 - 2014-12-05 13:14 - 00000000 ____D C:\Program Files\TeamViewer
2015-07-07 00:39 - 2014-10-29 23:48 - 00000000 ____D C:\Program Files\The Fiery Concert Mania!
2015-07-07 00:34 - 2015-05-08 15:02 - 00000000 ____D C:\Users\lintang\.nbi
2015-07-07 00:33 - 2015-05-08 15:17 - 00000000 ____D C:\Users\lintang\AppData\Roaming\NetBeans
2015-07-07 00:32 - 2015-02-05 21:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-07-07 00:28 - 2014-10-08 21:47 - 00000000 ____D C:\ProgramData\Adobe
2015-07-07 00:28 - 2014-10-08 21:47 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-06 20:19 - 2015-06-27 14:36 - 00000000 ____D C:\Users\lintang\Documents\KTI NEW 2
2015-07-05 09:14 - 2014-09-30 16:14 - 00000000 ____D C:\Users\lintang\AppData\Local\Adobe
2015-07-03 17:31 - 2014-09-28 22:59 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-03 08:49 - 2014-12-21 17:03 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-30 21:52 - 2015-06-04 20:57 - 00000000 ____D C:\ProgramData\Skype
2015-06-30 12:39 - 2015-02-03 22:32 - 00000000 __SHD C:\Users\lintang\AppData\Local\EmieUserList
2015-06-30 12:39 - 2015-02-03 22:32 - 00000000 __SHD C:\Users\lintang\AppData\Local\EmieSiteList
2015-06-30 12:39 - 2015-02-03 22:32 - 00000000 __SHD C:\Users\lintang\AppData\Local\EmieBrowserModeList
2015-06-29 18:58 - 2014-09-25 21:29 - 00000000 ____D C:\Program Files\Intel
2015-06-29 08:36 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\AppCompat
2015-06-29 08:04 - 2015-06-26 14:00 - 00001945 _____ C:\Windows\epplauncher.mif

==================== Files in the root of some directories =======

2013-02-07 19:22 - 2013-02-07 19:22 - 0050330 _____ () C:\Program Files\AntiDust.exe
2015-02-24 20:41 - 2013-10-08 18:37 - 0397336 _____ (Tonec Inc.) C:\Program Files\idmindex.dll
2015-02-24 20:41 - 2015-02-04 17:05 - 0016920 _____ (Internet Download Manager, Tonec Inc.) C:\Program Files\MediumILStart.exe
2015-02-27 17:00 - 2015-02-25 19:46 - 0001166 _____ () C:\Program Files\Registration.reg
2014-07-10 13:16 - 2014-07-10 13:16 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-05-14 12:32 - 2015-05-14 12:35 - 0000216 _____ () C:\Users\lintang\AppData\Local\HackLogs.dat
2015-07-18 15:05 - 2015-07-22 19:59 - 0007604 _____ () C:\Users\lintang\AppData\Local\Resmon.ResmonCfg
2015-05-04 17:12 - 2015-05-16 19:41 - 0000700 ___SH () C:\Users\lintang\AppData\Local\systemFL7.dat
2015-06-13 20:20 - 2015-06-13 20:20 - 0000000 _____ () C:\Users\lintang\AppData\Local\Temp.dat
2015-05-04 17:13 - 2015-05-16 01:47 - 0005371 ___SH () C:\Users\lintang\AppData\Local\win_fldb_sys.dat
2015-05-04 17:11 - 2015-05-16 19:37 - 0011781 ___SH () C:\Users\lintang\AppData\Local\win_flfiles_sys.dat
2015-05-06 18:26 - 2015-05-14 12:34 - 0000693 ___SH () C:\Users\lintang\AppData\Local\win_lockerdb_sys.dat
2015-05-04 17:11 - 2015-05-16 19:37 - 0003465 ___SH () C:\Users\lintang\AppData\Local\win_stlthdb_sys.dat
2015-05-29 11:02 - 2015-05-29 11:02 - 0000000 _____ () C:\Users\lintang\AppData\Local\{3D72680F-1507-4BF7-836F-765856D38505}
2015-07-26 10:15 - 2015-07-26 10:15 - 0000000 _____ () C:\Users\lintang\AppData\Local\{6C753188-5CB9-47B5-90B5-B8273D02CA77}
2015-05-29 11:02 - 2015-05-29 11:02 - 0000000 _____ () C:\Users\lintang\AppData\Local\{9D3A72F9-6533-4152-8041-7EAEA7844BE8}
2015-03-07 11:52 - 2015-03-07 11:52 - 0000000 _____ () C:\Users\lintang\AppData\Local\{CBD640D5-7B65-449A-BF3E-07B7FCD7BAC7}
2014-12-03 11:14 - 2014-12-03 11:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-09-25 21:27 - 2014-09-25 21:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-04 15:56 - 2015-07-04 15:56 - 0005077 _____ () C:\ProgramData\hremolch.xko
2015-07-04 15:54 - 2015-07-04 15:54 - 0005096 _____ () C:\ProgramData\lysfkonp.uuy
2015-07-06 21:42 - 2015-07-16 01:56 - 0000016 _____ () C:\ProgramData\mntemp
2015-07-04 15:55 - 2015-07-04 15:55 - 0004992 _____ () C:\ProgramData\pfrfyosn.oni
2015-05-04 17:12 - 2015-05-16 19:21 - 0002568 ___SH () C:\ProgramData\win_mpwd_sys.dat

Some files in TEMP:
====================
C:\Users\lintang\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll
C:\Users\lintang\AppData\Local\Temp\ComboFix.exe
C:\Users\lintang\AppData\Local\Temp\dd6e64fc7d048e4cc3b701e8f3a60b21.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe
[2015-06-28 19:10] - [2011-02-25 12:30] - 2643968 ____A (Microsoft Corporation) 6CB43EAC550D4ADD89FBC8012445B2F7

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe
[2014-12-21 16:38] - [2010-11-20 19:17] - 0054272 ____A (Microsoft Corporation) 734A13B0E4B2ACBE87D655F1D099B27E

C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 15:14

==================== End of log ============================

Attached Files


Edited by lintangtimur, 28 July 2015 - 01:01 PM.


BC AdBot (Login to Remove)

 


#2 lintangtimur

lintangtimur
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:indonesia
  • Local time:03:18 PM

Posted 28 July 2015 - 01:04 PM

Addition Logs, i cant edit my first post. Idk

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by lintang at 2015-07-29 00:47:06
Running from C:\Users\lintang\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-882706634-3006599123-4155412580-500 - Administrator - Disabled)
Guest (S-1-5-21-882706634-3006599123-4155412580-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-882706634-3006599123-4155412580-1003 - Limited - Enabled)
lintang (S-1-5-21-882706634-3006599123-4155412580-1000 - Administrator - Enabled) => C:\Users\lintang

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

[eMo]Web Browser Optimizer version 2.0.2 (HKLM\...\{04710B2E-60F8-4758-88A2-A6F03AF0A26C}_is1) (Version: 2.0.2 - com0do99-net)
µTorrent (HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 19.0.0.115 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
AES Crypt (HKLM\...\{27D8751B-EC95-4F79-940A-8460F9278931}) (Version: 3.09 - Packetizer, Inc.)
AirDroid 3.1.3.0 (HKLM\...\AirDroid) (Version: 3.1.3.0 - Sand Studio)
AOMEI Backupper Standard (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
AutoIt v3.3.12.0 (HKLM\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.30.4239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.4239 - BlueStack Systems, Inc.)
Bvckup 2 / Release 73 (rev 8) (HKLM\...\Bvckup2) (Version:  - )
Camtasia Studio 8 (HKLM\...\{1B57499B-1BEB-426A-A406-D9D004A1D2CE}) (Version: 8.5.0.1954 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Counter-Strike Source 1.9.1 (HKLM\...\Counter-Strike Source 1.9.1) (Version:  - Valve Corporation)
Dev-C++ (HKLM\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Dll-Files Fixer (HKLM\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
ffdshow v1.3.4530 [2014-02-09] (HKLM\...\ffdshow_is1) (Version: 1.3.4530.0 - )
FileZilla Client 3.10.0.2 (HKLM\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
Folder Lock (HKLM\...\Folder Lock) (Version:  - New Softwares.net)
Garena - PointBlank ID (HKLM\...\PBID) (Version:  - Garena Online Pte Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{ADA8583A-C20B-414B-8CB7-3AA7A89F7952}) (Version: 7.1.4.1529 - Google)
Google Earth Pro (HKLM\...\{5BAA8884-F661-464B-B5B2-5C6C632BFC21}) (Version: 7.1.4.1529 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{61268BF7-3EC8-4CDC-922B-C8F718A0D46F}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Processor Identification Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 79 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 7 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java SE Development Kit 8 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
LINE (HKLM\...\LINE) (Version: 4.1.1.423 - LINE Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Indonesia (HKLM\...\{90150000-001F-0421-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Bahasa Indonesia (HKLM\...\{90150000-00BD-0421-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minimal ADB and Fastboot version 1.1.3 (HKLM\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MPC-HC 1.7.8 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team)
MTP Porting Kit (HKLM\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
No-IP DUC (HKLM\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Popcorn Time (HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\Popcorn Time) (Version:  - Popcorn Official)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{0D3AAA98-358E-44FE-98FA-F27146FF52CA}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 6.0.29.0 - Razer Inc.)
Razer Surround (HKLM\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26599 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Simple Port Forwarding (HKLM\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
SketchUp 2015 (HKLM\...\{D640B9A3-D937-47E2-9BFA-A593DFA8AF21}) (Version: 15.0.9351 - Trimble Navigation Limited)
Smartfren EG98 Driver (HKLM\...\Smartfren EG98 Driver) (Version: 1.0 - Smartfren)
SmoothVideo Project version 3.1.6 (HKLM\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader HD (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.30.0003 - Firefly Studios)
System Requirements Lab (HKLM\...\{0F659036-14C7-4622-9505-35A0DC93526A}) (Version: 6.1.3.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TDM-GCC (HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\TDM-GCC) (Version: 1.1309.0 - TDM)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
VB Decompiler Pro (HKLM\...\VB Decompiler Pro_is1) (Version:  - DotFix Software)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC Codec Pack 2.0.5 (HKLM\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Speech Recognition Macros (HKLM\...\{8DC197D6-F4AB-44E0-ACF7-210355E6F389}) (Version: 1.0.6862.19 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WTFast 2.13 (HKLM\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version:  - Initex & AAA Internet Publishing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-882706634-3006599123-4155412580-1000_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2015-06-10 08:56 - 00003688 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com

There are 61 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2586E4F3-89EC-42F4-8A0A-84993FDB6258} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {3403CADE-07E6-4016-BA95-752CB0D31CDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-07] (Google Inc.)
Task: {3E909978-E9F5-411F-BFC0-54076B2BA997} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-09] (Piriform Ltd)
Task: {5B327CA4-2539-4DA4-BF5D-938EC8B92327} - System32\Tasks\{43C4AB7E-7452-4E0B-A366-F41CF9749747} => pcalua.exe -a "D:\Berkas File Keluarga\LINTANG\Installer Programs\VMware-workstation11\VMware-workstation-full-11.0.0-2305329.exe" -d "D:\Berkas File Keluarga\LINTANG\Installer Programs\VMware-workstation11"
Task: {5EEE8B9C-926D-4513-BF83-DF971EAFF5A1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {63314B47-D43F-4F7B-83F7-3D074EBB809B} - System32\Tasks\Opera scheduled Autoupdate 1422528597 => C:\Program Files\Opera\launcher.exe
Task: {72031A66-24CB-435E-A206-792E236E6AA2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AA11148B-C360-4108-96CC-FDDE2AEDBA23} - System32\Tasks\gg_uac_daemon_lintang => C:\Program Files\Garena Plus\ggdllhost.exe [2015-06-17] ()
Task: {C1CE0F01-AC21-4C77-AD61-C8944CC9FBBF} - System32\Tasks\GoogleUpdateTaskMachineCore1d04376b4127e0a => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-07] (Google Inc.)
Task: {C436DB23-DF84-4DF2-B64C-3D71065878B7} - System32\Tasks\Driver Booster SkipUAC (lintang) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {C4FF7B8A-1406-4B32-81F9-0361DDD1FFEC} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {D72742F0-ECE8-4881-963A-963C585E3A73} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D9054BE0-5D87-45DE-8812-6EB618CD6DBF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F3EAE6CD-A257-4BBE-A956-6F24D26DA29D} - System32\Tasks\1214aviUpdateInfo => C:\ProgramData\Avg_Update_1214avi\1214avi_AVG-Secure-Search-Update.exe
Task: {F53132D0-469D-40C5-8360-5CDE844BCB12} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2015-07-08] (Smadsoft)
Task: {FD965438-EAB3-41E5-9964-AEEA7BE1156B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04376b4127e0a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\herdProtectScan.job => C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe
Task: C:\Windows\Tasks\hpUrlLauncher.exe_{C83B5EF5-C69E-4418-BC01-C1603658ECF7}.job => C:\Program Files\HP\HP Deskjet 1510 series\Bin\utils\hpUrlLauncher.exehttp:/www.hp.com
Task: C:\Windows\Tasks\RDReminder.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-13 18:30 - 2015-05-13 18:30 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-16 22:34 - 2015-01-16 22:34 - 00039200 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 23:41 - 2014-05-24 23:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 23:41 - 2014-05-24 23:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2015-03-04 15:08 - 2012-01-29 16:54 - 00408576 _____ () C:\Program Files\TeraCopy\TeraCopy.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-882706634-3006599123-4155412580-1000\...\localhost -> hxxps://localhost


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-882706634-3006599123-4155412580-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\lintang\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SQLWriter => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMenu.lnk => C:\Windows\pss\TrayMenu.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^lintang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1510 series (Copy 1).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 1510 series (Copy 1).lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirDroid 3 => C:\Program Files\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ClamWin => "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B430B6FD351798FF6F90617799EF74CC => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: mbot_id_3 => "C:\Program Files\mbot_id_3\mbot_id_3.exe"
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\lintang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: [eMo]Web Browser Optimizer => C:\Program Files\[eMo]Web Browser Optimizer\[eMo]Web Browser Optimizer.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CEDC4DBF-8BC5-45DE-8715-F75168C71CF9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E7D71A24-2C46-42BF-BE39-247905D7808D}] => (Allow) C:\Users\lintang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5C9706D9-468A-4D23-9968-0505D3452987}] => (Allow) C:\Users\lintang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E28D8281-617E-4CBB-9B2B-90002297E3C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CE033FAD-B92A-41EF-9F3C-82CC603E9224}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{90FD46CA-A354-4CE3-8DC0-31E3FFAC3ED2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7EF7DD36-2319-4444-825B-F3C6C8717DC8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E8527EA9-8C65-4C0B-8DC8-838F72732473}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{7542A5C4-D27B-4203-B209-7D708795C0D1}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{FE019E49-654F-44A9-AD4E-6AA2DC72C824}] => (Allow) C:\Program Files\Naver\LINE\Line.exe
FirewallRules: [{4B78343E-9505-4F5F-B44C-4995301CF089}] => (Allow) C:\Program Files\Naver\LINE\Line.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{6FB64988-F554-4017-8DF8-A5C105663C8D}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{109451CC-BDC6-49FD-AD24-DFB4C7D08101}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BDB97017-7028-49D9-9605-CC125E6E5BD4}] => (Allow) C:\Program Files\Firefly Studios\Stronghold Crusader\stronghold crusader.exe
FirewallRules: [{4C3AEA71-0DEB-4425-BCA8-1AA8F991F1F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A75D0D34-2132-482A-9772-E022B1D9F168}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A99D0287-3B0E-48F5-8E44-09BECAC5457C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A8B1D1DF-EA93-48A5-8FA7-AB7038A085C4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{E192E82F-3AF3-417F-A978-7D78C5D5982C}] => (Allow) C:\Program Files\Naver\LINE\Line.exe
FirewallRules: [{56060441-10DD-4CA7-BAAB-C33E4E92CF58}] => (Allow) C:\Program Files\Naver\LINE\Line.exe
FirewallRules: [{F0A76F4D-6BDC-4633-AE13-7E92C04DA0EE}] => (Allow) LPort=8317
FirewallRules: [{1277D3E8-A210-46B1-8AA5-E8996F6751DD}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{A210419E-2BE4-4184-97C6-0CEBE79435B0}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{3A2BDBCD-1F78-43C5-B7C0-8898A2AAD1BD}] => (Allow) C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{96D2E366-3F21-4C1D-97DF-59C57588B6BC}] => (Allow) C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{992F2281-0CC7-4D5A-BDF4-C75A4732CF82}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2BAC1137-6667-420C-9D67-FCD233D81938}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{520672BD-00EF-40D0-9021-2079F3AFB0FC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9994506B-B4D0-423F-A525-940394B375E3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0351EBEB-1DD4-448C-B4F3-F38C421786DE}] => (Allow) C:\Program Files\Garena Plus\ggdllhost.exe
FirewallRules: [TCP Query User{2A2552F1-DC52-4997-A5C8-A9DE49AD3E03}C:\program files\garena plus\garenamessenger.exe] => (Allow) C:\program files\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{CA687AFB-7663-4E6E-A619-CBEE00CF02EC}C:\program files\garena plus\garenamessenger.exe] => (Allow) C:\program files\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{D465FB60-2ABF-438A-B9CB-D03916DC7633}C:\program files\garena plus\garenamessenger.exe] => (Block) C:\program files\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{508A7B70-2A92-49EC-997D-79EF1A08905F}C:\program files\garena plus\garenamessenger.exe] => (Block) C:\program files\garena plus\garenamessenger.exe
FirewallRules: [{2464653E-1564-4436-AD81-88C9D9538B34}] => (Allow) C:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [{C13FBAD4-711B-45D3-B171-CB9CC57B48B4}] => (Allow) C:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [{B523DDFA-C86A-44CF-88E5-EF6FF7A9961F}] => (Allow) C:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [{D4B65BD3-E432-4D0B-AE50-39698472327A}] => (Allow) C:\Program Files\GarenaPBID\gamedata\Apps\PBID\PointBlank.exe
FirewallRules: [TCP Query User{DCAD7067-B1AA-413B-BAE0-54B48094B1EB}C:\program files\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{E9B1F923-4692-4BD9-B2A0-24829951A0A1}C:\program files\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{87A730B3-986D-4437-80FF-EAD65C5CF7FB}C:\program files\steam\steamapps\common\dota 2 beta\dota\materials\ensage cracked v4\rename_me.exe] => (Block) C:\program files\steam\steamapps\common\dota 2 beta\dota\materials\ensage cracked v4\rename_me.exe
FirewallRules: [UDP Query User{E419F51D-1F3A-4DBE-98F4-BB19BC3F66CD}C:\program files\steam\steamapps\common\dota 2 beta\dota\materials\ensage cracked v4\rename_me.exe] => (Block) C:\program files\steam\steamapps\common\dota 2 beta\dota\materials\ensage cracked v4\rename_me.exe
FirewallRules: [{B7481931-55FA-4FDD-9ECC-B81635A85D94}] => (Allow) LPort=3306
FirewallRules: [{CA2159E7-D5B7-43CD-98BE-841D6760267F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{C7DDE7E6-8390-4CA0-BFEC-6932BDB4044D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9B0AE4D6-0EDE-495A-AC68-394A02878943}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4879184C-AAB9-4CAD-8AB2-D91517EC663A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C10D7B35-A2E4-46D5-B9EB-F5B07DD1751C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
StandardProfile\AuthorizedApplications: [C:\Windows\system32\winlogon.exe] => enabled:@shell32.dll,-1
StandardProfile\AuthorizedApplications: [C:\Windows\system32\wininit.exe] => enabled:@shell32.dll,-1

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2015 12:13:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe Files\Dll-Files.com Fixer\DLLFixer.exe" ; Description = DLL-Files Fixer Wed, Jul 29, 15  00:13; Error = 0x8007043c).

Error: (07/28/2015 11:29:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 39.0.0.5640, time stamp: 0x557a197c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1d8bf96c
Faulting process id: 0x1838
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (07/28/2015 12:08:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636303
Exception code: 0xc000000d
Fault offset: 0x00098001
Faulting process id: 0x7d8
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (07/27/2015 11:22:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636303
Exception code: 0xc000000d
Fault offset: 0x00098001
Faulting process id: 0x7d0
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (07/27/2015 07:29:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636303
Exception code: 0xc000000d
Fault offset: 0x00098001
Faulting process id: 0x7f4
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (07/27/2015 07:14:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x30068a63
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xdd10a154
Faulting process id: 0x19204
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (07/27/2015 07:04:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x30068a63
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xdd10a154
Faulting process id: 0x964
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (07/27/2015 04:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: smad.exe, version: 4.102.0.1, time stamp: 0x30068a63
Faulting module name: MSVBVM60.DLL, version: 6.0.98.15, time stamp: 0x4a5bda6c
Exception code: 0xc0000005
Fault offset: 0x0002147a
Faulting process id: 0x101d0
Faulting application start time: 0xsmad.exe0
Faulting application path: smad.exe1
Faulting module path: smad.exe2
Report Id: smad.exe3

Error: (07/27/2015 02:57:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PointBlank.exe, version: 1.0.0.1, time stamp: 0x55acd8e4
Faulting module name: i3NetworkDx_Cli.dll_unloaded, version: 0.0.0.0, time stamp: 0x559a0766
Exception code: 0xc0000005
Fault offset: 0x0834f5c0
Faulting process id: 0xa60
Faulting application start time: 0xPointBlank.exe0
Faulting application path: PointBlank.exe1
Faulting module path: PointBlank.exe2
Report Id: PointBlank.exe3

Error: (07/27/2015 02:53:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PointBlank.exe, version: 1.0.0.1, time stamp: 0x55acd8e4
Faulting module name: i3NetworkDx_Cli.dll_unloaded, version: 0.0.0.0, time stamp: 0x559a0766
Exception code: 0xc0000005
Fault offset: 0x09e1f5c0
Faulting process id: 0x8a8
Faulting application start time: 0xPointBlank.exe0
Faulting application path: PointBlank.exe1
Faulting module path: PointBlank.exe2
Report Id: PointBlank.exe3


System errors:
=============
Error: (07/29/2015 12:45:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:45:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:45:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:45:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:45:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:45:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:45:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:45:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:45:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/29/2015 12:44:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (07/29/2015 12:13:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe Files\Dll-Files.com Fixer\DLLFixer.exe" DLL-Files Fixer Wed, Jul 29, 15  00:130x8007043c

Error: (07/28/2015 11:29:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.5640557a197cunknown0.0.0.000000000c00000051d8bf96c183801d0c8e88a1e0249C:\Program Files\Mozilla Firefox\firefox.exeunknown2d07cd71-34e1-11e5-8701-5404a67d8a60

Error: (07/28/2015 12:08:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc100ntdll.dll6.1.7601.1886955636303c000000d000980017d801d0c88ae1247196C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll0f15e861-3482-11e5-a191-5404a67d8a60

Error: (07/27/2015 11:22:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc100ntdll.dll6.1.7601.1886955636303c000000d000980017d001d0c8680a599168C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllac824477-347b-11e5-b00c-5404a67d8a60

Error: (07/27/2015 07:29:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc100ntdll.dll6.1.7601.1886955636303c000000d000980017f401d0c857a1213da1C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll1b2ad068-345b-11e5-878f-5404a67d8a60

Error: (07/27/2015 07:14:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.1756730068a63unknown0.0.0.000000000c0000005dd10a1541920401d0c86473fdb733C:\Windows\explorer.exeunknown08dd8044-3459-11e5-878f-5404a67d8a60

Error: (07/27/2015 07:04:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.1756730068a63unknown0.0.0.000000000c0000005dd10a15496401d0c857b6de7731C:\Windows\explorer.exeunknowna303f3c3-3457-11e5-878f-5404a67d8a60

Error: (07/27/2015 04:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: smad.exe4.102.0.130068a63MSVBVM60.DLL6.0.98.154a5bda6cc00000050002147a101d001d0c8513fea2c18C:\Program Files\SMADAV\smad.exeC:\Windows\system32\MSVBVM60.DLL812eeefb-3444-11e5-924f-5404a67d8a60

Error: (07/27/2015 02:57:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PointBlank.exe1.0.0.155acd8e4i3NetworkDx_Cli.dll_unloaded0.0.0.0559a0766c00000050834f5c0a6001d0c841d5610375C:\Program Files\GarenaPBID\GameData\Apps\PBID\PointBlank.exei3NetworkDx_Cli.dll18b748f8-3435-11e5-8ffb-5404a67d8a60

Error: (07/27/2015 02:53:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PointBlank.exe1.0.0.155acd8e4i3NetworkDx_Cli.dll_unloaded0.0.0.0559a0766c000000509e1f5c08a801d0c8413a1a5b7aC:\Program Files\GarenaPBID\GameData\Apps\PBID\PointBlank.exei3NetworkDx_Cli.dll8542d95e-3434-11e5-8ffb-5404a67d8a60


CodeIntegrity Error:
===================================
  Date: 2015-06-27 13:30:36.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-27 13:27:39.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-27 13:25:09.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-27 12:58:14.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-27 12:53:27.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 54%
Total physical RAM: 1953.14 MB
Available physical RAM: 896.42 MB
Total Virtual: 3906.29 MB
Available Virtual: 2990.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.78 GB) (Free:3.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (PANGES) (Fixed) (Total:199.96 GB) (Free:12.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

==================== End of log ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:18 AM

Posted 30 July 2015 - 10:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If you DID NOT set this proxy I suggest you Remove it by adding these 3 lines to the Fixlist.txt files before your save it.

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51754;https=127.0.0.1:51754
RemoveProxy:


If not sure check with you Internet Provider.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Extension: IDM integration - C:\Users\lintang\AppData\Roaming\IDM\idmmzcc7 [2015-07-16]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-882706634-3006599123-4155412580-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S4 mchInjDrv; C:\Users\lintang\AppData\Local\Temp\mc2C62F.tmp [2560 2015-07-12] () [File not signed]
S3 doer.sys; \??\C:\Users\lintang\AppData\Local\Temp\Rar$EXa0.359\OEPFinders\doer.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 Engine; \??\C:\Users\lintang\AppData\Local\Temp\Rar$EXa0.029\Engine.sys [X]
S3 IlvMoneyDRIVER53; \??\C:\Users\lintang\Desktop\MoonLight+Engine+1312.4.0.0\Money1312.sys [X]
S3 KIKIDRIVER; \??\C:\Users\lintang\Desktop\Kiki Engine 1.41\kiki.sys [X]
S3 rdtsc.sys; \??\C:\Users\lintang\AppData\Local\Temp\rdtsc.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S1 WindroyeBoxDrv; \??\C:\Program Files\WindroyeBox\WindroyeBoxDrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
C:\Users\lintang\AppData\Roaming\IDM
C:\Users\lintang\AppData\Local\Temp\mc2C62F.tmp
C:\Users\lintang\AppData\Local\Temp\c8eb790646128f34aa04a36111aca8cf.dll
C:\Users\lintang\AppData\Local\Temp\dd6e64fc7d048e4cc3b701e8f3a60b21.dll
Task: {C4FF7B8A-1406-4B32-81F9-0361DDD1FFEC} - \AutoPico Daily Restart No Task File <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#4 lintangtimur

lintangtimur
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:indonesia
  • Local time:03:18 PM

Posted 30 July 2015 - 12:31 PM

now my laptop cant logon, just Blackscreen and loading.

still same with SafeMode :( blackscreen. i just scan with eset online scanner, and the result so many files infected. 2k+ files infected include in directory C:/windows/ C:/windows/system32..  and 1300 files in quarantine.. i cant acces.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users