Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browsermodifier:win32/suptab


  • This topic is locked This topic is locked
21 replies to this topic

#1 keronkkumar

keronkkumar

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 23 November 2015 - 07:26 PM

Microsoft Security found this problem (browsermodifier:win32/suptab) after i installed Power ISO. I know it was a bad idea to download and install that. but I needed it to mount my sims :(.

I did not uninstall Power ISO yet, or did any thing. I just came directly here. In hope of haping this problem solved, without having to take my Desk Top to the repair shop.

I must let you know that my current OP is not genuin, and i was told to trun off the auto update, by the tech how last repaired my machine in the shop.

I bought this machine in a price mart, and it came with the original OP, but no CD. After running into problems, i had to take my machine into the shop. The tech guy there fixed if but had to run a non gen cope, because i had no CD's for any thing.

Im from a small Caribbean island.An original copy would cost me like $3000 TT. That's a lot of money for me, i don't even make that in a month lol, sadly!

I'll fully understand if you will not be able to help me because of my none gen problem. But if you can do what ever little, then it would be very much appreciated.

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-11-2015
Ran by User (administrator) on USER-PC (23-11-2015 19:53:46)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid\Vid.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7519960 2015-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-10-08] (Power Software Ltd)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2GDF&PC=SK2G&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1291597386-3153512252-1289185995-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-04-25]
FF Extension: UnPlug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\extensions\unplug@compunach.xpi [2015-05-29]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\extensions\artur.dubovoy@gmail.com [2015-11-15]
FF Extension: Bing Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\bingsearch.full@microsoft.com [2015-07-20] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
StartMenuInternet: Google Chrome.I4HVCMMRCRIPGF3G6UM2SFC2BE - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1427329271&from=wpc&uid=ST500DM002-1BD142_S2AKJZEMXXXXS2AKJZEM

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [86752 2015-04-16] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [179936 2015-04-16] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-07-03] (BlueStack Systems)
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl4eab78e3; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AE062EB-4A44-4C01-AC5E-8B7F3D55C094}\MpKsl4eab78e3.sys [39168 2015-11-23] (Microsoft Corporation)
U1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 19:53 - 2015-11-23 19:54 - 00014675 _____ C:\Users\User\Desktop\FRST.txt
2015-11-23 19:53 - 2015-11-23 19:53 - 00000000 ____D C:\FRST
2015-11-23 19:49 - 2015-11-23 19:51 - 01718784 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-11-23 19:37 - 2015-11-23 19:37 - 00000969 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-11-23 19:37 - 2015-11-23 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-11-23 19:36 - 2015-11-23 19:37 - 00000000 ____D C:\Program Files\PowerISO
2015-11-23 14:08 - 2015-11-23 19:33 - 03452184 _____ (Power Software Ltd) C:\Users\User\Downloads\PowerISO6.exe
2015-11-23 13:33 - 2015-11-23 18:48 - 00000000 ____D C:\Users\User\Downloads\The_Sims_3_Supernatural-FLT
2015-11-23 13:33 - 2015-11-23 17:58 - 4193779712 _____ C:\Users\User\Downloads\rld-ts3ep8.iso
2015-11-23 13:33 - 2015-11-23 17:14 - 00000000 ____D C:\Users\User\Downloads\The_Sims_3_Island_Paradise-FLT
2015-11-23 13:30 - 2015-11-23 13:30 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2015-11-23 13:27 - 2015-11-23 13:27 - 00002596 _____ C:\Users\User\Desktop\µTorrent.lnk
2015-11-23 13:27 - 2015-11-23 13:27 - 00002596 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-11-23 01:41 - 2015-11-23 01:49 - 600900064 _____ C:\Users\User\Documents\clip0105.avi
2015-11-23 00:18 - 2015-11-23 00:18 - 08127496 _____ C:\Users\User\Documents\clip0104.avi
2015-11-23 00:09 - 2015-11-23 00:14 - 476954176 _____ C:\Users\User\Documents\clip0103.avi
2015-11-20 00:30 - 2015-11-20 01:52 - 00000000 ____D C:\Users\User\Downloads\New folder (3)
2015-11-19 14:19 - 2015-11-19 14:19 - 00001116 _____ C:\Users\User\Desktop\dog.txt
2015-11-17 01:38 - 2015-11-18 00:52 - 00005359 _____ C:\Users\User\Desktop\dog story.txt
2015-11-16 09:45 - 2015-11-18 00:56 - 00000000 ____D C:\Users\User\Downloads\NeoDownloader
2015-11-14 22:37 - 2015-11-18 21:51 - 00000000 ____D C:\Users\User\Downloads\New folder
2015-11-13 17:36 - 2015-11-23 08:25 - 00000952 _____ C:\Windows\setupact.log
2015-11-13 17:36 - 2015-11-13 17:36 - 00000000 _____ C:\Windows\setuperr.log
2015-11-13 17:27 - 2015-11-13 17:32 - 00000120 _____ C:\Users\User\Downloads\ccleaner.ini
2015-11-13 17:27 - 2015-11-13 17:27 - 00000000 ____D C:\Users\User\Downloads\cclener
2015-11-13 17:19 - 2015-11-16 20:42 - 00000302 _____ C:\Users\User\Desktop\my kik names.txt
2015-11-13 17:19 - 2015-11-13 17:20 - 00000232 _____ C:\Users\User\Desktop\to add.txt
2015-11-07 01:40 - 2015-11-14 23:04 - 00002348 _____ C:\Users\User\Desktop\wolf storie.txt
2015-11-07 00:48 - 2015-11-08 21:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-06 13:27 - 2015-11-06 13:27 - 00000458 _____ C:\ProgramData\Local Disk (D) - Shortcut.lnk
2015-10-30 00:46 - 2015-10-30 00:54 - 815216534 _____ C:\Users\User\Documents\clip0102.avi
2015-10-30 00:30 - 2015-10-30 00:33 - 220269748 _____ C:\Users\User\Documents\clip0101.avi
2015-10-30 00:27 - 2015-10-30 00:29 - 145244616 _____ C:\Users\User\Documents\clip0100.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 19:53 - 2014-07-13 03:34 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-11-23 19:50 - 2014-07-04 16:02 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291597386-3153512252-1289185995-1000UA.job
2015-11-23 19:08 - 2014-07-08 00:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 15:42 - 2014-12-30 05:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-23 11:18 - 2014-07-15 06:26 - 00000000 ____D C:\Users\User\Documents\iWisoft Free Video Converter
2015-11-23 08:37 - 2014-07-04 11:24 - 01797360 _____ C:\Windows\WindowsUpdate.log
2015-11-23 08:32 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-23 08:32 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-23 08:31 - 2014-07-04 11:29 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-23 08:25 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-23 04:43 - 2014-07-25 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-23 04:42 - 2014-08-02 04:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-11-23 02:00 - 2014-08-16 02:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-11-22 20:49 - 2014-07-04 16:02 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291597386-3153512252-1289185995-1000Core.job
2015-11-22 19:03 - 2014-07-15 03:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-21 01:39 - 2014-07-10 05:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2015-11-21 01:17 - 2015-03-12 03:09 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-11-20 00:01 - 2014-09-05 09:59 - 00000000 ____D C:\Users\User\Desktop\Tor Browser
2015-11-19 09:28 - 2015-02-22 00:32 - 00000000 ____D C:\Program Files\Opera
2015-11-16 23:22 - 2014-08-02 04:36 - 00000000 ____D C:\ProgramData\Skype
2015-11-16 19:34 - 2014-07-15 07:48 - 00000000 ____D C:\Users\User\AppData\Local\CyberGhost
2015-11-16 19:28 - 2014-07-15 07:46 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-11-11 03:08 - 2014-07-08 00:58 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-11 03:08 - 2014-07-08 00:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-11 02:25 - 2014-12-30 05:08 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-08 21:08 - 2014-07-07 17:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-29 11:52 - 2014-07-04 16:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-29 11:39 - 2014-07-04 16:01 - 00000000 ___HD C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2015-03-12 03:09 - 2015-11-21 01:17 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-06 13:27 - 2015-11-06 13:27 - 0000458 _____ () C:\ProgramData\Local Disk (D) - Shortcut.lnk

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 22:28

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 26 November 2015 - 02:04 PM

Hello keronkkumar,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run/install any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

********************

 

I must let you know that my current OP is not genuin, and i was told to trun off the auto update, by the tech how last repaired my machine in the shop.

Thank you for the notice. I understand your issue so don't worry. This won't be a problem.

 

Are you sure that you haven't received any disks or stickers when you bought the system? Usually, the OEM (Original Equipment Manufacturer) machines have stickers on them where the Windows key is located. Sometimes it may be present somewhere in the documents. If there is really no data for the product key, you may write to manufacturer's support and explain your problem. For now, I want to ask you if you are experiencing any obvious issues with system's performance and stability. I will review the provided logs as soon as possible and get back with further steps to follow.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 26 November 2015 - 06:01 PM

Thank you for your assistance Stan.

 

This system is about 5 years old i think . it went into the shop a few times , and i am not sure what was done to it in the repair process.

There was no disk when i got it , but there was a sticker on the tower, but it's not there any more. I am not experiencing any problems, other than the " infection " found when i did the scan.

It said high risk , so i did not do any thing with it and came directly here.



#4 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 28 November 2015 - 03:44 AM

Hello keronkkumar,
 
Thank you for your response. There are couple of small things that should be addressed, but overall, the system looks good. There are signs that there is a Bing toolbar or Bing related software on the system. Have you installed this by yourself?
 
*********************
 
As far as I can see, there is DEV build version of Google Chrome present on the system. I suspect that this has been installed after the installation of PowerISO. Because of that, we need to reinstall the software to its stable version. For that, please,

  • Press Windows key on your keyboard and R key simultaneously -> Type control -> Press Enter on your keyboard.
  • Into the new window, please locate the View by option in the top right corner. Click and choose Category.
  • Under category Programs choose Uninstall a program.
  • Into the new Programs and Features window, please, right-click on every entry of the list below and choose either Remove or Uninstall option.
  • Follow the prompts, if any, to uninstall the software:
Google Chrome

Note: You may see two Google Chrome lines. Please, uninstall both of these.

  • When ready, please, restart the system.
  • After the restart, if necessary, install the latest version of Google Chrome which can be found here.

*********************
 
Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove that program, please, use the Programs and Features section in Control Panel.
 
*********************
 
While, I will help you get this machine back to its normal state, I highly recommend not using cracked operating system. This is both illegal and dangerous since it is not updated and this is posing a threat for your and other systems. Also, using cracks and hacks is known way to distribute malware between systems. I suggest either finding a legal copy of the operating system or switching to other free OS solutions, for example, Linux-based distributions like Ubuntu.

*********************

Note: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached file Attached File  fixlist.txt   310bytes   4 downloads and save it to the same location as FRST.

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Downloads folder

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.
 
********************

In your next post, I will be waiting for the answer of my question at the beginning and the content of Fixlog.txt generated.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#5 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 29 November 2015 - 12:32 AM

No i did not install Bing to my knowing. i never use it and i don't even like it lol.

A bout Linux-based distributions and Ubuntu. Do they run the same as window ? and is it hard to use ?

One more thing. Is it safe to delete/remove, the quarantine items in anti malware and microsoft security essential ?

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:28-11-2015
Ran by User (2015-11-29 01:22:07) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Task: {A545C5BE-E01E-4C13-804B-609D7AA471B1} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
Task: {B879F0C5-633D-402A-A863-8489B9B58043} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
C:\Program Files\Registry Dr
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A545C5BE-E01E-4C13-804B-609D7AA471B1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A545C5BE-E01E-4C13-804B-609D7AA471B1}" => key removed successfully.
C:\Windows\System32\Tasks\RegistryDr_Popup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Popup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B879F0C5-633D-402A-A863-8489B9B58043}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B879F0C5-633D-402A-A863-8489B9B58043}" => key removed successfully.
C:\Windows\System32\Tasks\RegistryDr_Start => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start" => key removed successfully.
C:\Program Files\Registry Dr => moved successfully

==== End of Fixlog 01:22:07 ====



#6 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 29 November 2015 - 11:51 AM

Hello keronkkumar,

No i did not install Bing to my knowing. i never use it and i don't even like it lol.

This is what I suspected. We will remove it in our next steps.

A bout Linux-based distributions and Ubuntu. Do they run the same as window ? and is it hard to use ?

Linux distributions are different and in the same time similar to the Windows operating system. They are not hard to use, you just need some time to get familiar with some of the things there. There are variants like Linux Mint which are pretty close to what Windows looks like. Of course, there are some bigger differences, like the way the file system works and the way folders/files are represented. The good side is that, while not completely missing, malware and malicious code there is much more rarely seen. One of the drawbacks, on the other side, is that the gaming industry is still working on bringing there products to this type of operating system, although there is huge improvement during the last two years.
 
Good news is that you may try some of the distributions without the need of installing them. For example, check Try Ubuntu before you install it page.

One more thing. Is it safe to delete/remove, the quarantine items in anti malware and microsoft security essential ?

We will run couple of additional scanners later, so let's leave the things as they are for now.
 
********************
 
Note: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached file Attached File  fixlist.txt   470bytes   1 downloads and save it to the same location as FRST.

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Downloads folder

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.
 
********************
 
When ready, please, right-click over FRST.exe and choose Run as Administrator. In the main window of the program, please, put a checkmark in the checkbox in front of Addition.txt. Push the Scan button to start the scanning process. When ready, the tool will create to files named FRST.txt and Addition.txt on your Desktop. Please, paste their content in your next reply.

 

********************

 

How is the system running now? Are there any performance/stability issues present?


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#7 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 29 November 2015 - 08:38 PM

 I will let the system run a bit, before replying to your last question.

 

How is the system running now? Are there any performance/stability issues present?

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:29-11-2015
Ran by User (2015-11-29 21:29:18) Run:2
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
C:\Users\User\AppData\Local\Microsoft\BingSvc
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2GDF&PC=SK2G&q=
*****************

Processes closed successfully.
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully.
C:\Users\User\AppData\Local\Microsoft\BingSvc => moved successfully
Firefox DefaultSearchEngine removed successfully.
Firefox SearchEngineOrder.3 removed successfully.
Firefox SelectedSearchEngine removed successfully.
Firefox "homepage" removed successfully.
Firefox "Keyword.URL" removed successfully.


The system needed a reboot.

==== End of Fixlog 21:29:19 ====



#8 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 30 November 2015 - 01:31 PM

Hello keronkkumar,

 

Thank you for the provided logs. I see that the you haven't posted the scan results from FRST. Please, run the tool as explained in my previous post, but before pushing the Scan button please, put a checkmark in front of Addition.txt and List BCD option. Also, when ready, as an addition, please, follow the steps below:

 

Note: The instructions below can be used for any browser except Internet Explorer.

  • Please go here, download the ESET Smart Installer, and save it to your Desktop.
  • Double-click on the file you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the Start button.
  • Click Yes to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may appear to be finished sometimes but if there is a progress bar visible, it is still scanning.
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

********************

 

In your next post, I will be waiting for the content of FRST.txt, Addition.txt, the log from ESET Online Scanner and feedback for system's current state. You are doing great and I suspect we are near the end.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#9 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 30 November 2015 - 06:51 PM

OMG, sorry . i benn a bit tired and i did not notice the instruction. i will post them now.



#10 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 30 November 2015 - 06:52 PM

FRST SCAN

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-11-2015
Ran by User (administrator) on USER-PC (30-11-2015 19:49:01)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Logitech Inc.) C:\Program Files\Logitech\Vid\Vid.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7519960 2015-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-19] (The Eraser Project)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-10-08] (Power Software Ltd)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3280728 2015-11-18] (Disc Soft Ltd)
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {3e95d2ed-9379-11e5-94ea-d43d7e9908ec} - J:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {3e95d342-9379-11e5-94ea-d43d7e9908ec} - K:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {60bf1f72-92a7-11e5-bd57-d43d7e9908ec} - I:\Autorun.exe
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\...\MountPoints2: {b36a3c5d-1aa4-11e4-b583-d43d7e9908ec} - H:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D87944A2-C95E-4AB3-ACD8-072F5585A6E3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2G&ocid=SK2GDHP&osmkt=en-us
SearchScopes: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1291597386-3153512252-1289185995-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-04-25]
FF Extension: UnPlug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\extensions\unplug@compunach.xpi [2015-05-29]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\extensions\artur.dubovoy@gmail.com [2015-11-15]
FF Extension: Bing Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\w4o1l80o.default\Extensions\bingsearch.full@microsoft.com [2015-07-20] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1081688 2015-11-18] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2099720 2015-11-25] (Electronic Arts)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [86752 2015-04-16] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [179936 2015-04-16] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2015-02-26] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-02-26] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-07-03] (BlueStack Systems)
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20704 2010-05-14] (Logitech Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2015-11-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [39992 2015-11-24] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-26] (REALiX™)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 19:49 - 2015-11-30 19:49 - 00014057 _____ C:\Users\User\Desktop\FRST.txt
2015-11-29 22:10 - 2015-11-29 22:12 - 08169065 _____ C:\Users\User\Downloads\ffa298dd31924f9eaa4f62ed0d92cf77.mp4
2015-11-29 22:08 - 2015-11-29 22:15 - 48737751 _____ C:\Users\User\Downloads\4b830fb5a9b922d2b76ebbef869c33b8.mp4
2015-11-29 01:22 - 2015-11-29 21:29 - 00001347 _____ C:\Users\User\Downloads\Fixlog.txt
2015-11-29 01:21 - 2015-11-29 21:29 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2015-11-27 17:55 - 2015-11-27 19:21 - 00000000 ____D C:\Users\User\Downloads\sims stuff
2015-11-27 14:23 - 2015-11-27 14:23 - 00002206 _____ C:\Users\Public\Desktop\The Sims™ 3 Island Paradise.lnk
2015-11-26 01:49 - 2015-11-26 01:49 - 00000000 ____D C:\Users\User\Documents\Electronic Arts
2015-11-26 01:47 - 2015-11-26 01:47 - 00002134 _____ C:\Users\Public\Desktop\The Sims™ 3 Seasons.lnk
2015-11-26 01:31 - 2015-11-26 01:31 - 00002178 _____ C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk
2015-11-26 01:18 - 2015-11-26 01:18 - 00002036 _____ C:\Users\Public\Desktop\The Sims™ 3.lnk
2015-11-25 23:38 - 2015-11-27 11:50 - 00000000 ____D C:\Users\User\Downloads\New folder (4)
2015-11-25 21:08 - 2015-11-25 21:08 - 00000000 ____D C:\ProgramData\EA Core
2015-11-25 21:07 - 2015-11-25 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Origin
2015-11-25 20:50 - 2015-11-25 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-11-25 20:50 - 2015-11-25 20:50 - 00000941 _____ C:\Users\Public\Desktop\Origin.lnk
2015-11-25 20:49 - 2015-11-25 21:07 - 00000000 ____D C:\Program Files\Origin
2015-11-25 00:01 - 2015-11-27 17:54 - 00000000 ____D C:\Users\User\Downloads\New folder (2)
2015-11-24 19:39 - 2015-11-25 21:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Origin
2015-11-24 19:38 - 2015-11-26 00:33 - 00000000 ____D C:\ProgramData\Origin
2015-11-24 08:51 - 2015-11-25 20:50 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-11-24 08:49 - 2015-11-24 08:49 - 00000000 ____D C:\Program Files\Microsoft WSE
2015-11-24 08:49 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-11-24 08:41 - 2015-11-27 14:21 - 00000000 ____D C:\Program Files\Electronic Arts
2015-11-24 01:53 - 2015-11-24 01:53 - 00000000 ____D C:\Users\User\AppData\Local\Disc_Soft_Ltd
2015-11-24 01:51 - 2015-11-24 01:51 - 00039992 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2015-11-24 01:50 - 2015-11-24 01:50 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-11-24 01:49 - 2015-11-24 08:38 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-11-24 01:49 - 2015-11-24 01:51 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-11-24 01:49 - 2015-11-24 01:50 - 00026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-11-24 01:49 - 2015-11-24 01:49 - 00001930 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-11-24 01:49 - 2015-11-24 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-11-24 01:47 - 2015-11-24 01:47 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-11-23 22:57 - 2015-11-24 00:52 - 00000000 ____D C:\Users\User\Downloads\The Sims 3 - Razor1911 Final MAXSPEED
2015-11-23 19:53 - 2015-11-30 19:49 - 00000000 ____D C:\FRST
2015-11-23 19:49 - 2015-11-29 21:29 - 01721344 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-11-23 19:37 - 2015-11-23 19:37 - 00000969 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-11-23 19:37 - 2015-11-23 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-11-23 19:36 - 2015-11-23 19:37 - 00000000 ____D C:\Program Files\PowerISO
2015-11-23 13:33 - 2015-11-23 22:57 - 4193779712 ____R C:\Users\User\Downloads\rld-ts3ep8.iso
2015-11-23 13:33 - 2015-11-23 18:48 - 00000000 ____D C:\Users\User\Downloads\The_Sims_3_Supernatural-FLT
2015-11-23 13:33 - 2015-11-23 17:14 - 00000000 ____D C:\Users\User\Downloads\The_Sims_3_Island_Paradise-FLT
2015-11-23 01:41 - 2015-11-23 01:49 - 600900064 _____ C:\Users\User\Documents\clip0105.avi
2015-11-23 00:18 - 2015-11-23 00:18 - 08127496 _____ C:\Users\User\Documents\clip0104.avi
2015-11-23 00:09 - 2015-11-23 00:14 - 476954176 _____ C:\Users\User\Documents\clip0103.avi
2015-11-20 00:30 - 2015-11-20 01:52 - 00000000 ____D C:\Users\User\Downloads\New folder (3)
2015-11-19 14:19 - 2015-11-19 14:19 - 00001116 _____ C:\Users\User\Desktop\dog.txt
2015-11-17 01:38 - 2015-11-18 00:52 - 00005359 _____ C:\Users\User\Desktop\dog story.txt
2015-11-16 09:45 - 2015-11-18 00:56 - 00000000 ____D C:\Users\User\Downloads\NeoDownloader
2015-11-14 22:37 - 2015-11-18 21:51 - 00000000 ____D C:\Users\User\Downloads\New folder
2015-11-13 17:27 - 2015-11-13 17:32 - 00000120 _____ C:\Users\User\Downloads\ccleaner.ini
2015-11-13 17:27 - 2015-11-13 17:27 - 00000000 ____D C:\Users\User\Downloads\cclener
2015-11-13 17:19 - 2015-11-16 20:42 - 00000302 _____ C:\Users\User\Desktop\my kik names.txt
2015-11-13 17:19 - 2015-11-13 17:20 - 00000232 _____ C:\Users\User\Desktop\to add.txt
2015-11-07 01:40 - 2015-11-14 23:04 - 00002348 _____ C:\Users\User\Desktop\wolf storie.txt
2015-11-07 00:48 - 2015-11-08 21:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-06 13:27 - 2015-11-06 13:27 - 00000458 _____ C:\ProgramData\Local Disk (D) - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 19:44 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-30 19:44 - 2009-07-14 00:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-30 19:43 - 2014-07-04 11:29 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-30 19:43 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2015-11-30 19:37 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-30 10:49 - 2014-07-25 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-30 10:08 - 2014-07-08 00:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-30 02:00 - 2014-08-16 02:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-11-29 01:28 - 2014-07-15 03:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 01:10 - 2014-07-04 16:02 - 00000000 ____D C:\Users\User\AppData\Local\Google
2015-11-29 01:09 - 2014-12-30 05:06 - 00000000 ____D C:\Program Files\Google
2015-11-27 14:23 - 2009-07-14 00:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-27 14:21 - 2014-07-04 17:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-25 21:07 - 2014-07-04 16:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-25 03:00 - 2014-07-10 05:55 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2015-11-25 02:13 - 2014-08-02 04:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-11-24 23:00 - 2014-08-02 04:36 - 00000000 ___RD C:\Program Files\Skype
2015-11-24 22:59 - 2014-09-05 09:59 - 00000000 ____D C:\Users\User\Desktop\Tor Browser
2015-11-24 22:59 - 2014-08-02 04:36 - 00000000 ____D C:\ProgramData\Skype
2015-11-24 19:38 - 2009-07-13 22:37 - 00000000 ____D C:\Windows
2015-11-23 11:18 - 2014-07-15 06:26 - 00000000 ____D C:\Users\User\Documents\iWisoft Free Video Converter
2015-11-21 01:17 - 2015-03-12 03:09 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-11-19 09:28 - 2015-02-22 00:32 - 00000000 ____D C:\Program Files\Opera
2015-11-16 19:34 - 2014-07-15 07:48 - 00000000 ____D C:\Users\User\AppData\Local\CyberGhost
2015-11-16 19:28 - 2014-07-15 07:46 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-11-11 03:08 - 2014-07-08 00:58 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-11 03:08 - 2014-07-08 00:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-08 21:08 - 2014-07-07 17:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-03-12 03:09 - 2015-11-21 01:17 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-25 20:47 - 2014-07-25 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-06 13:27 - 2015-11-06 13:27 - 0000458 _____ () C:\ProgramData\Local Disk (D) - Shortcut.lnk

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\bitool.dll
C:\Users\User\AppData\Local\Temp\EAD9211.exe
C:\Users\User\AppData\Local\Temp\EADD52B.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\UninstallEADM.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {0c370f6b-0314-11e4-abf1-b1153d1e6c58}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {0c370f6d-0314-11e4-abf1-b1153d1e6c58}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0c370f6b-0314-11e4-abf1-b1153d1e6c58}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {0c370f6d-0314-11e4-abf1-b1153d1e6c58}
device                  ramdisk=[C:]\Recovery\0c370f6d-0314-11e4-abf1-b1153d1e6c58\Winre.wim,{0c370f6e-0314-11e4-abf1-b1153d1e6c58}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0c370f6d-0314-11e4-abf1-b1153d1e6c58\Winre.wim,{0c370f6e-0314-11e4-abf1-b1153d1e6c58}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {0c370f6b-0314-11e4-abf1-b1153d1e6c58}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {0c370f6e-0314-11e4-abf1-b1153d1e6c58}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0c370f6d-0314-11e4-abf1-b1153d1e6c58\boot.sdi



LastRegBack: 2015-11-20 22:28

==================== End of FRST.txt ============================



#11 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 30 November 2015 - 06:54 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-11-2015
Ran by User (2015-11-30 19:49:22)
Running from C:\Users\User\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-07-04 15:24:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1291597386-3153512252-1289185995-500 - Administrator - Disabled)
Guest (S-1-5-21-1291597386-3153512252-1289185995-501 - Limited - Disabled)
User (S-1-5-21-1291597386-3153512252-1289185995-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{4B519073-0DFE-A341-A10A-95123219E965}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.50.854.0 - Logitech) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd)
Eraser 6.2.0.2963 (HKLM\...\{5CB20001-3471-4A24-9BAC-07B3C37EFE19}) (Version: 6.2.2963 - The Eraser Project)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Expstudio Audio Editor FREE (HKLM\...\Expstudio Audio Editor FREE) (Version: 4.31 - Expstudio.com)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
iWisoft Free Video Converter 1.2 (HKLM\...\iWisoft Free Video Converter_is1) (Version: 1.2 - www.easy-video-converter.com)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManyCam 3.1.62 (HKLM\...\ManyCam) (Version: 3.1.62 - ManyCam LLC)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NeoDownloader Lite 2.9.4 (HKLM\...\{3CB3508A-5388-42FF-BDA6-43271D2C7F0A}_is1) (Version:  - Neowise Software)
ooVoo (HKLM\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.9001 - ooVoo LLC.)
Opera Stable 33.0.1990.115 (HKLM\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.15 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Widelands build-18 (HKLM\...\{WIDELANDS-WIN32-IS}_is1) (Version: Widelands build-18 - Widelands Development Team)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\delegate_execute.exe" => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1291597386-3153512252-1289185995-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File

==================== Restore Points =========================

25-11-2015 20:41:45 Installed The Sims 3
25-11-2015 20:47:22 Installed TheSims3EP8
25-11-2015 21:06:43 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
25-11-2015 22:28:27 Installed The Sims 3
26-11-2015 00:04:47 Installed TheSims3EP7
26-11-2015 00:30:27 Installed TheSims3EP10
26-11-2015 00:59:55 Removed TheSims3EP10
26-11-2015 01:06:23 Removed TheSims3EP7
26-11-2015 01:07:13 Removed TheSims3EP8
26-11-2015 01:08:04 Removed The Sims 3
26-11-2015 01:14:59 Installed The Sims 3
26-11-2015 01:22:00 Installed The Sims 3
26-11-2015 01:29:02 Installed TheSims3EP7
26-11-2015 01:39:54 Installed The Sims 3
26-11-2015 01:46:23 Installed TheSims3EP8
26-11-2015 02:58:57 Installed The Sims 3
27-11-2015 14:21:07 Installed TheSims3EP10
29-11-2015 21:22:28 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {22556E39-4F14-41DC-8D76-7B5588C13EDA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {30081532-55D1-4B28-A06C-7B275488C7B7} - System32\Tasks\RealDownloader Update Check => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
Task: {884B4D72-358E-4D45-8CC2-64AE07AC97A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {A8C94666-722C-4A91-8F0F-372091B87325} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1291597386-3153512252-1289185995-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {B1726832-50F1-4A45-873D-361DEBB8F095} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {B25B9EE5-55A9-4A50-837C-81086979EC86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B5360812-2F76-478C-9CCA-8CEA6CAF71DE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1291597386-3153512252-1289185995-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {E97F4313-DC66-4004-A44F-97E964D1A3A9} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1291597386-3153512252-1289185995-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {F3E9ED30-E05D-43BF-86D1-837D778C8821} - System32\Tasks\Opera scheduled Autoupdate 1424579529 => C:\Program Files\Opera\launcher.exe [2015-11-16] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-05-11 16:41 - 2010-05-11 16:41 - 02141016 _____ () C:\Program Files\Logitech\Vid\QtCore4.dll
2010-05-11 16:41 - 2010-05-11 16:41 - 07704408 _____ () C:\Program Files\Logitech\Vid\QtGui4.dll
2010-05-11 16:41 - 2010-05-11 16:41 - 00969048 _____ () C:\Program Files\Logitech\Vid\QtNetwork4.dll
2010-05-11 16:41 - 2010-05-11 16:41 - 00475480 _____ () C:\Program Files\Logitech\Vid\QtOpenGL4.dll
2010-05-11 16:42 - 2010-05-11 16:42 - 00363864 _____ () C:\Program Files\Logitech\Vid\QtXml4.dll
2010-05-11 16:41 - 2010-05-11 16:41 - 00200024 _____ () C:\Program Files\Logitech\Vid\QtSql4.dll
2010-05-11 16:42 - 2010-05-11 16:42 - 00027480 _____ () C:\Program Files\Logitech\Vid\SDL.dll
2010-05-11 16:42 - 2010-05-11 16:42 - 11311960 _____ () C:\Program Files\Logitech\Vid\QtWebKit4.dll
2010-05-11 16:40 - 2010-05-11 16:40 - 00291672 _____ () C:\Program Files\Logitech\Vid\phonon4.dll
2010-05-11 16:44 - 2010-05-11 16:44 - 00029016 _____ () C:\Program Files\Logitech\Vid\plugins\imageformats\qgif4.dll
2010-05-11 16:44 - 2010-05-11 16:44 - 00035160 _____ () C:\Program Files\Logitech\Vid\plugins\imageformats\qico4.dll
2010-05-11 16:45 - 2010-05-11 16:45 - 00138072 _____ () C:\Program Files\Logitech\Vid\plugins\imageformats\qjpeg4.dll
2010-05-14 17:55 - 2010-05-14 17:55 - 00181592 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2013-10-23 00:31 - 2013-10-23 00:31 - 01241088 _____ () C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
2013-10-23 00:31 - 2013-10-23 00:31 - 02010624 _____ () C:\Program Files\ManyCam\Bin\opencv_core220.dll
2013-08-30 22:45 - 2013-08-30 22:45 - 00095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1291597386-3153512252-1289185995-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9BDB0A3F-6601-46D9-A357-4DECBBB984B1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3FA98EDD-B2A4-4D04-A0CD-7762DD48DE7A}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{A9B29616-8929-4881-B1DE-D5B1997DEC12}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{603E2966-CE14-4D56-887F-63C0336CE4DC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F3F455C5-149C-4B2A-9CE7-9FCFFDFB9964}I:\game house\allfours.exe] => (Allow) I:\game house\allfours.exe
FirewallRules: [UDP Query User{B48B85E4-C372-4BF8-AD88-D43D741F6504}I:\game house\allfours.exe] => (Allow) I:\game house\allfours.exe
FirewallRules: [{7DC278EB-C5A9-4C3D-8933-BBFF63B6B508}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9564F48C-52EB-435B-9CE3-C58359D022DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AB1A4711-4077-4941-B7C2-912BE0ED111C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8710A976-40A5-4743-8B93-ED1D107FC769}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{516450C4-0818-4F46-9E8E-B0E3C66AD5C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C27A3382-BC21-40E8-914F-549A946982F3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{90ABA691-D4BB-40AA-BC7D-CB2896025BF9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{2347E66A-0A1E-4A73-96FB-377A2DB6C00D}] => (Allow) C:\Program Files\Logitech\Vid\Vid.exe
FirewallRules: [{628CFD96-C165-48EF-9B58-5C488CB56126}] => (Allow) C:\Program Files\Logitech\Vid\Vid.exe
FirewallRules: [{002F21FF-E9F6-4200-9FB9-4F098EB42796}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{628DC98D-CD69-4BA1-B253-3F7212410B9D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A7970535-762A-4D11-97A3-55231C02E226}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{9EC5FD99-2F7C-4659-B1E1-84D8A0DF353B}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe

==================== Faulty Device Manager Devices =============

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2015 09:13:34 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/29/2015 09:32:25 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/28/2015 07:07:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TS3W.exe version 0.2.0.209 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14cc

Start Time: 01d12a306fcda12e

Termination Time: 84

Application Path: C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe

Report Id:

Error: (11/28/2015 06:53:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TS3W.exe version 0.2.0.209 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d0

Start Time: 01d12a29e37b4e1c

Termination Time: 178

Application Path: C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe

Report Id:

Error: (11/27/2015 11:25:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TS3W.exe version 0.2.0.209 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1378

Start Time: 01d12980e88d479e

Termination Time: 7323

Application Path: C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe

Report Id:

Error: (11/27/2015 03:14:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 42.0.0.5780 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12f4

Start Time: 01d12912f11ba77c

Termination Time: 1415

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 01442e6f-953b-11e5-9645-d43d7e9908ec

Error: (11/27/2015 03:14:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0x14b8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/26/2015 10:47:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0x1434
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/26/2015 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Faulting module name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Exception code: 0xc0000005
Fault offset: 0x00a9e17b
Faulting process id: 0x1664
Faulting application start time: 0xTS3W.exe0
Faulting application path: TS3W.exe1
Faulting module path: TS3W.exe2
Report Id: TS3W.exe3

Error: (11/26/2015 11:07:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Faulting module name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Exception code: 0xc0000005
Fault offset: 0x00a9e17b
Faulting process id: 0xfd4
Faulting application start time: 0xTS3W.exe0
Faulting application path: TS3W.exe1
Faulting module path: TS3W.exe2
Report Id: TS3W.exe3


System errors:
=============
Error: (11/30/2015 07:37:14 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume F: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (11/30/2015 09:13:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (11/30/2015 09:13:18 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume F: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (11/29/2015 09:32:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (11/29/2015 09:32:13 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume F: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (11/29/2015 09:29:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/29/2015 09:29:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/29/2015 09:29:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/29/2015 09:29:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberGhost 5 Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/29/2015 09:29:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Android Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: AMD A4-4000 APU with Radeon™ HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 2271.02 MB
Available physical RAM: 656.24 MB
Total Virtual: 4540.32 MB
Available Virtual: 2727.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:312.4 GB) (Free:153.12 GB) NTFS
Drive d: () (Fixed) (Total:153.26 GB) (Free:151.76 GB) NTFS
Drive f: () (Fixed) (Total:48.83 GB) (Free:48.63 GB) NTFS
Drive g: () (Fixed) (Total:100.21 GB) (Free:52.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3D22BE0B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=312.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: A7C6A7C6)
Partition 1: (Active) - (Size=100.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================



#12 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 30 November 2015 - 09:07 PM

ESET SCAN

 

C:\Program Files\DAEMON Tools Lite\Extractor.exe    a variant of Win32/Amonetize.LM potentially unwanted application
C:\Users\User\AppData\Local\Temp\ZKxral+y.exe.part    a variant of Win32/Amonetize.MA potentially unwanted application
C:\Users\User\AppData\Local\Temp\HYD967B.tmp.1448299508\HTA\install.1448299508.zip    a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\User\AppData\Local\Temp\HYDC284.tmp.1448774335\HTA\install.1448774335.zip    a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\User\AppData\Local\Temp\HYDC284.tmp.1448774335\HTA\3rdparty\OCSetupHlp.dll    a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\User\AppData\Local\Temp\ns6C7051C9\236AC3DC_stp\icmac.dll    a variant of Win32/InstallCore.ACL potentially unwanted application
C:\Users\User\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso    a variant of Win32/Keygen.GU potentially unsafe application
 



#13 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 01 December 2015 - 05:27 PM

Hello keronkkumar,
 
Thank you for the provided logs. I can see that you have installed Daemon Tools Lite on the system. The software is often bundled with adware and one of the detections from ESET Online Scanner points to an executable that is related to it. I highly suggest removing it from the system using the Programs and Features applet in the Control Panel, as explained in post number four. More information can be found here. As for alternative, you may use Virtual Clone Drive.

 

Another detection from ESET Online Scanner points to a downloaded ISO image of a game in the Downloads folder. There is a keygen which may contain malicious code in itself and may cause additional issues. Because of that, I plan to remove the file but I will wait for your response to ensure that you have acknowledged the plan. If you want, you can manually delete it by yourself.

********************
 
Note: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached file Attached File  fixlist.txt   2.83KB   4 downloads and save it to the same location as FRST.

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Downloads folder

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.
 
********************
 
When ready, please, right-click over FRST.exe and choose Run as Administrator. In the main window of the program, please, put a checkmark in the checkbox in front of Addition.txt. Push the Scan button to start the scanning process. When ready, the tool will create to files named FRST.txt and Addition.txt on your Desktop. Please, paste their content in your next reply. We are almost ready.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#14 keronkkumar

keronkkumar
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:home
  • Local time:09:59 AM

Posted 01 December 2015 - 07:19 PM

Before i run the script i just want to make sure we are on the same page and every thing is clear. i just have a few questions.

I use demon tool so i can mount an image so run the sims 3.
i am not acquainted with Virtual Clone Drive. But will it be able to do the same thing ?

the iso image you speak of is " The Sims 3 - Razor1911 Final MAXSPEED ". i was told that the keygen appear as a virus, but is not. but i value your word over any 1 else. If i delete the folder, will i still be able to play the sims 3?

sorry for giving you more trouble.



#15 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 02 December 2015 - 12:44 AM

Hello keronkkumar,

 

I appreciate your questions.

I use demon tool so i can mount an image so run the sims 3.
i am not acquainted with Virtual Clone Drive. But will it be able to do the same thing ?

Yes, it does the same thing as Daemon Tools in most simple manner without putting much resources on the hard drive. Last time I used it was quite a while ago, but as far as I can see, the software is still as stable as before.

 

the iso image you speak of is " The Sims 3 - Razor1911 Final MAXSPEED ". i was told that the keygen appear as a virus, but is not. but i value your word over any 1 else. If i delete the folder, will i still be able to play the sims 3?

In normal conditions, if after mounting the ISO image you have installed the game, than this should not be a problem. The image contains the resource files, which, if installed, are now placed in the installation folder.

sorry for giving you more trouble.

You are not giving me any troubles. This is why I'm here. :)
 


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users