Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

adultube.info virus

Started by VinodAntony10 , Apr 14 2015 04:06 AM
google chrome malware

  • This topic is locked This topic is locked

#1
VinodAntony10
Posted 14 April 2015 - 04:06 AM

VinodAntony10

    Member

  • Member
  • PipPip
  • 19 posts

Hello 

Google Chrome keeps getting redirected to a website called "http://adultube.info/community".Even while trying to type this message, I got redirected about 5 times. It is very irksome and keeps coming.

 

I've tried system restore but that didn't help. 

 

Please help. 

Attached Thumbnails

  • deeeee.jpg

  • 0

Advertisements

#2
zep516
Posted 14 April 2015 - 10:15 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


  • 0

#3
zep516
Posted 15 April 2015 - 06:35 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

Hello,

 

Try posting the log reports now.

 

Thanks

Joe :)


  • 0

#4
VinodAntony10
Posted 15 April 2015 - 06:59 AM

VinodAntony10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Here are the logs 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 01
Ran by Administrator (administrator) on ANTONY-3054D97E on 15-04-2015 17:34:06
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(LG Electronics) C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IDMan.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IEMonitor.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Garena Plus\GarenaMessenger.exe
(BitTorrent Inc.) C:\Documents and Settings\Administrator\Application Data\BitTorrent\BitTorrent.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
() C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17567744 2009-03-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-03-26] (APN)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [bluebirds] => C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [IDMan] => D:\idm\Internet Download Manager\IDMan.exe [3604048 2013-06-20] (Tonec Inc.)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {561a9b10-dc1e-11e2-9771-806d6172696f} - G:\BlueBirds.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {855889d6-6cac-11e3-9712-002618bd9288} - H:\.\StartModem.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {e2419e63-e178-11e2-95ee-002618bd9288} - I:\setup.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNOWYDSK.SCR
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\idm\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\idm\Internet Download Manager\IDMIECC.dll [2013-06-20] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-14] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-22] (Oracle Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-22] (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-14] (IObit)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 5.104.175.150 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-27] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: @videolan.org/vlc,version=1.1.0-rc -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2010-05-21] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\user.js [2015-04-14]
FF Extension: Weather Now - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2013-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2015-04-14]
FF Extension: Firebug - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2013-07-06]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2014-04-15]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [aaaaipkbmjkakicapiinmamgjlkaeehh] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [dgadkdfaoaaboghcnjmbcppkalapgkmb] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\idm\Internet Download Manager\IDMGCExt.crx [2013-06-20]
CHR HKLM\...\Chrome\Extension: [kllhllgiijehpamgcmeciagegjecoaod] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S4 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation) [File not signed]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [180632 2015-03-26] (APN LLC.)
S4 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-22] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [115912 2013-05-25] (Tonec Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-15] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 mtkmbim; C:\WINDOWS\System32\DRIVERS\mtkmbimx.sys [176896 2012-12-13] (MediaTek Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-08-04] (Duplex Secure Ltd.)
S3 wdf_usb; C:\WINDOWS\System32\DRIVERS\usb2ser.sys [68480 2013-02-21] (MediaTek Inc.)
R3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
S3 GGSAFERDriver; No ImagePath
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 acqdwj3n; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 17:34 - 2015-04-15 17:34 - 00000000 ____D () C:\FRST
2015-04-14 20:43 - 2015-04-15 10:41 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429024374.job
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2015-04-14 20:33 - 2015-04-14 20:43 - 00000000 ____D () C:\Program Files\Opera
2015-04-14 19:57 - 2015-04-15 13:23 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 19:56 - 2015-04-14 19:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-14 19:56 - 2015-03-17 06:15 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 19:56 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 19:44 - 2015-04-14 19:44 - 00000104 _____ () C:\Documents and Settings\Administrator\Desktop\Internet.lnk
2015-04-14 19:30 - 2015-04-15 10:41 - 00000236 _____ () C:\WINDOWS\wiadebug.log
2015-04-14 19:30 - 2015-04-15 10:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-14 19:30 - 2015-04-14 19:30 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-04-14 17:24 - 2015-04-14 19:23 - 28872704 _____ () C:\WINDOWS\system32\config\software.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00286720 _____ () C:\WINDOWS\system32\config\default.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-04-14 16:37 - 2015-04-15 10:41 - 00000296 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-04-14 16:37 - 2015-04-14 16:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2015-04-14 16:36 - 2015-04-14 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:06 - 00001822 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer
2015-04-14 16:35 - 2015-04-14 19:29 - 00000000 ____D () C:\Program Files\IObit
2015-04-14 15:50 - 2015-04-14 15:50 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Program Files\RichMediaViewV1
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FoxTab
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Babylon
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Babylon
2015-04-14 14:34 - 2015-04-14 14:34 - 00081920 _____ () C:\WINDOWS\Minidump\Mini041415-01.dmp
2015-04-14 14:19 - 2015-04-14 14:50 - 00000000 ____D () C:\Program Files\SystemConserve
2015-04-14 14:18 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Play
2015-04-14 14:17 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-14 14:15 - 2015-04-14 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\cncaklookhiljnimkipmolldampgfcmf
2015-04-14 13:50 - 2015-04-14 14:01 - 00000000 ____D () C:\AdwCleaner
2015-04-14 13:40 - 2015-04-14 13:43 - 00000000 ____D () C:\sh4ldr(2)
2015-04-14 11:52 - 2015-04-14 11:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-06 15:56 - 2015-04-06 15:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Tor Browser
2015-03-22 15:14 - 2015-03-22 15:14 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032215-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 17:34 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-04-15 17:32 - 2013-06-30 00:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\BitTorrent
2015-04-15 17:30 - 2014-01-30 10:30 - 00000416 _____ () C:\WINDOWS\Tasks\At2.job
2015-04-15 17:30 - 2013-11-03 22:30 - 00000416 _____ () C:\WINDOWS\Tasks\At1.job
2015-04-15 14:54 - 2013-06-27 11:32 - 00000000 ____D () C:\Program Files\The KMPlayer
2015-04-15 14:25 - 2013-06-27 16:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-04-15 14:09 - 2014-04-15 18:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IDM
2015-04-15 13:25 - 2013-06-24 08:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\GarenaPlus
2015-04-15 13:25 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2015-04-15 11:56 - 2013-06-23 16:45 - 00000000 ____D () C:\Program Files\Garena Plus
2015-04-15 10:42 - 2013-06-23 16:18 - 01532801 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-15 10:41 - 2013-06-23 16:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 10:40 - 2013-06-23 21:33 - 00000000 ____D () C:\WINDOWS\system
2015-04-14 21:41 - 2013-06-23 16:22 - 00012618 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-14 21:41 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-04-14 21:11 - 2014-03-22 08:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\vam
2015-04-14 20:43 - 2013-11-10 14:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera Software
2015-04-14 20:26 - 2013-07-21 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-04-14 20:24 - 2014-01-30 10:30 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\FoxTab
2015-04-14 20:24 - 2013-09-01 08:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
2015-04-14 19:36 - 2013-06-23 16:43 - 00000000 ____D () C:\Program Files\Google
2015-04-14 19:36 - 2013-06-23 16:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-04-14 19:35 - 2013-06-23 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DMCache
2015-04-14 19:23 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-14 19:23 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-14 18:30 - 2014-09-06 17:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-04-14 18:13 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2015-04-14 17:44 - 2013-07-02 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2015-04-14 16:36 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-04-14 16:14 - 2013-06-23 21:38 - 00000211 ___SH () C:\boot.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000791 _____ () C:\WINDOWS\win.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-14 15:30 - 2013-12-19 13:30 - 00000103 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2015-04-14 14:51 - 2004-08-04 17:30 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-14 14:49 - 2013-06-23 16:15 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-14 14:46 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2015-04-14 13:00 - 2013-06-23 16:22 - 00001593 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001593 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-04-03 20:34 - 2013-06-23 16:24 - 00075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:30 - 2013-12-23 00:30 - 00000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2015-03-22 15:14 - 2014-05-30 14:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-21 12:44 - 2013-11-27 22:29 - 00000038 _____ () C:\WINDOWS\AviSplitter.INI
2015-03-20 19:21 - 2014-05-30 15:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FlowStone
2015-03-19 18:12 - 2014-09-07 18:24 - 00000499 _____ () C:\Documents and Settings\Administrator\Desktop\vargheses phone.txt
 
==================== Files in the root of some directories =======
 
2013-09-19 14:35 - 2013-09-19 14:37 - 0000364 _____ () C:\Documents and Settings\Administrator\Application Data\burnaware.ini
2013-06-24 09:25 - 2015-01-24 12:40 - 0045194 _____ () C:\Documents and Settings\Administrator\Application Data\room_v3.dat
2013-12-23 00:30 - 2015-04-01 20:30 - 0000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2013-06-23 16:24 - 2015-04-03 20:34 - 0075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 22:37 - 2014-04-05 22:37 - 0000090 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ASCSetup_1323593.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 01
Ran by Administrator (administrator) on ANTONY-3054D97E on 15-04-2015 17:34:06
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(LG Electronics) C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IDMan.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IEMonitor.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Garena Plus\GarenaMessenger.exe
(BitTorrent Inc.) C:\Documents and Settings\Administrator\Application Data\BitTorrent\BitTorrent.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
() C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17567744 2009-03-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-03-26] (APN)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [bluebirds] => C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [IDMan] => D:\idm\Internet Download Manager\IDMan.exe [3604048 2013-06-20] (Tonec Inc.)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {561a9b10-dc1e-11e2-9771-806d6172696f} - G:\BlueBirds.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {855889d6-6cac-11e3-9712-002618bd9288} - H:\.\StartModem.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {e2419e63-e178-11e2-95ee-002618bd9288} - I:\setup.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNOWYDSK.SCR
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\idm\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\idm\Internet Download Manager\IDMIECC.dll [2013-06-20] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-14] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-22] (Oracle Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-22] (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-14] (IObit)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 5.104.175.150 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-27] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: @videolan.org/vlc,version=1.1.0-rc -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2010-05-21] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\user.js [2015-04-14]
FF Extension: Weather Now - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2013-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2015-04-14]
FF Extension: Firebug - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2013-07-06]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2014-04-15]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [aaaaipkbmjkakicapiinmamgjlkaeehh] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [dgadkdfaoaaboghcnjmbcppkalapgkmb] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\idm\Internet Download Manager\IDMGCExt.crx [2013-06-20]
CHR HKLM\...\Chrome\Extension: [kllhllgiijehpamgcmeciagegjecoaod] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S4 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation) [File not signed]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [180632 2015-03-26] (APN LLC.)
S4 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-22] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [115912 2013-05-25] (Tonec Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-15] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 mtkmbim; C:\WINDOWS\System32\DRIVERS\mtkmbimx.sys [176896 2012-12-13] (MediaTek Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-08-04] (Duplex Secure Ltd.)
S3 wdf_usb; C:\WINDOWS\System32\DRIVERS\usb2ser.sys [68480 2013-02-21] (MediaTek Inc.)
R3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
S3 GGSAFERDriver; No ImagePath
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 acqdwj3n; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 17:34 - 2015-04-15 17:34 - 00000000 ____D () C:\FRST
2015-04-14 20:43 - 2015-04-15 10:41 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429024374.job
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2015-04-14 20:33 - 2015-04-14 20:43 - 00000000 ____D () C:\Program Files\Opera
2015-04-14 19:57 - 2015-04-15 13:23 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 19:56 - 2015-04-14 19:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-14 19:56 - 2015-03-17 06:15 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 19:56 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 19:44 - 2015-04-14 19:44 - 00000104 _____ () C:\Documents and Settings\Administrator\Desktop\Internet.lnk
2015-04-14 19:30 - 2015-04-15 10:41 - 00000236 _____ () C:\WINDOWS\wiadebug.log
2015-04-14 19:30 - 2015-04-15 10:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-14 19:30 - 2015-04-14 19:30 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-04-14 17:24 - 2015-04-14 19:23 - 28872704 _____ () C:\WINDOWS\system32\config\software.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00286720 _____ () C:\WINDOWS\system32\config\default.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-04-14 16:37 - 2015-04-15 10:41 - 00000296 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-04-14 16:37 - 2015-04-14 16:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2015-04-14 16:36 - 2015-04-14 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:06 - 00001822 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer
2015-04-14 16:35 - 2015-04-14 19:29 - 00000000 ____D () C:\Program Files\IObit
2015-04-14 15:50 - 2015-04-14 15:50 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Program Files\RichMediaViewV1
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FoxTab
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Babylon
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Babylon
2015-04-14 14:34 - 2015-04-14 14:34 - 00081920 _____ () C:\WINDOWS\Minidump\Mini041415-01.dmp
2015-04-14 14:19 - 2015-04-14 14:50 - 00000000 ____D () C:\Program Files\SystemConserve
2015-04-14 14:18 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Play
2015-04-14 14:17 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-14 14:15 - 2015-04-14 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\cncaklookhiljnimkipmolldampgfcmf
2015-04-14 13:50 - 2015-04-14 14:01 - 00000000 ____D () C:\AdwCleaner
2015-04-14 13:40 - 2015-04-14 13:43 - 00000000 ____D () C:\sh4ldr(2)
2015-04-14 11:52 - 2015-04-14 11:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-06 15:56 - 2015-04-06 15:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Tor Browser
2015-03-22 15:14 - 2015-03-22 15:14 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032215-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 17:34 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-04-15 17:32 - 2013-06-30 00:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\BitTorrent
2015-04-15 17:30 - 2014-01-30 10:30 - 00000416 _____ () C:\WINDOWS\Tasks\At2.job
2015-04-15 17:30 - 2013-11-03 22:30 - 00000416 _____ () C:\WINDOWS\Tasks\At1.job
2015-04-15 14:54 - 2013-06-27 11:32 - 00000000 ____D () C:\Program Files\The KMPlayer
2015-04-15 14:25 - 2013-06-27 16:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-04-15 14:09 - 2014-04-15 18:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IDM
2015-04-15 13:25 - 2013-06-24 08:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\GarenaPlus
2015-04-15 13:25 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2015-04-15 11:56 - 2013-06-23 16:45 - 00000000 ____D () C:\Program Files\Garena Plus
2015-04-15 10:42 - 2013-06-23 16:18 - 01532801 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-15 10:41 - 2013-06-23 16:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 10:40 - 2013-06-23 21:33 - 00000000 ____D () C:\WINDOWS\system
2015-04-14 21:41 - 2013-06-23 16:22 - 00012618 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-14 21:41 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-04-14 21:11 - 2014-03-22 08:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\vam
2015-04-14 20:43 - 2013-11-10 14:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera Software
2015-04-14 20:26 - 2013-07-21 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-04-14 20:24 - 2014-01-30 10:30 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\FoxTab
2015-04-14 20:24 - 2013-09-01 08:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
2015-04-14 19:36 - 2013-06-23 16:43 - 00000000 ____D () C:\Program Files\Google
2015-04-14 19:36 - 2013-06-23 16:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-04-14 19:35 - 2013-06-23 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DMCache
2015-04-14 19:23 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-14 19:23 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-14 18:30 - 2014-09-06 17:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-04-14 18:13 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2015-04-14 17:44 - 2013-07-02 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2015-04-14 16:36 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-04-14 16:14 - 2013-06-23 21:38 - 00000211 ___SH () C:\boot.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000791 _____ () C:\WINDOWS\win.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-14 15:30 - 2013-12-19 13:30 - 00000103 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2015-04-14 14:51 - 2004-08-04 17:30 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-14 14:49 - 2013-06-23 16:15 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-14 14:46 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2015-04-14 13:00 - 2013-06-23 16:22 - 00001593 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001593 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-04-03 20:34 - 2013-06-23 16:24 - 00075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:30 - 2013-12-23 00:30 - 00000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2015-03-22 15:14 - 2014-05-30 14:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-21 12:44 - 2013-11-27 22:29 - 00000038 _____ () C:\WINDOWS\AviSplitter.INI
2015-03-20 19:21 - 2014-05-30 15:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FlowStone
2015-03-19 18:12 - 2014-09-07 18:24 - 00000499 _____ () C:\Documents and Settings\Administrator\Desktop\vargheses phone.txt
 
==================== Files in the root of some directories =======
 
2013-09-19 14:35 - 2013-09-19 14:37 - 0000364 _____ () C:\Documents and Settings\Administrator\Application Data\burnaware.ini
2013-06-24 09:25 - 2015-01-24 12:40 - 0045194 _____ () C:\Documents and Settings\Administrator\Application Data\room_v3.dat
2013-12-23 00:30 - 2015-04-01 20:30 - 0000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2013-06-23 16:24 - 2015-04-03 20:34 - 0075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 22:37 - 2014-04-05 22:37 - 0000090 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ASCSetup_1323593.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
Addition.txt
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 01
Ran by Administrator at 2015-04-15 17:35:26
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Apache HTTP Server 2.2.22 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.22 - Apache Software Foundation)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
BitTorrent (HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\BitTorrent) (Version: 7.8.1.30016 - BitTorrent Inc.)
DefaultTab (HKLM\...\DefaultTab) (Version: 2.2.8.0 - Search Results, LLC) <==== ATTENTION
DefaultTab Chrome (HKLM\...\DefaultTab Chrome) (Version: 1.1.25 - ) <==== ATTENTION
D-Link Connection Manager v7.0.1IN (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version:  - )
Farm Frenzy 2 (HKLM\...\Farm Frenzy 2_is1) (Version: 1.0 - MyPlayCity, Inc.)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time)
Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.1 - IObit)
Garena HostBot v6.0 (HKLM\...\Garena HostBot v6.06.0) (Version: 6.0 - GarenaWorld)
Garena Plus (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
iMeme 1.0 (HKLM\...\{66CA7D93-1FDD-4152-B241-42971934D8E0}_is1) (Version:  - Michael Fogleman)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Juniper_Setup_Client) (Version: 7.1.9.20595 - Juniper Networks, Inc.)
KMP Media Toolbar (HKLM\...\{4B4D5056-3700-A76A-76A7-A758B70C1B00}) (Version: 12.27.0.798 - APN, LLC)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
NX Client for Windows 3.4.0-5 (HKLM\...\nxclient_is1) (Version: 3.4.0-5 - NoMachine)
Opera Stable 28.0.1750.51 (HKLM\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RAMRush 1.0.6.917 (HKLM\...\RAMRush_is1) (Version:  - FTweak, Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5821 - Realtek Semiconductor Corp.)
Rich Media View (HKLM\...\RichMediaViewV1release4985) (Version: 1.1 - Rich Media View) <==== ATTENTION
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Trust Media Viewer (HKLM\...\TrustMediaViewerV1alpha1683) (Version: 1.1 - Trust Media Viewer) <==== ATTENTION
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VLC media player 1.1.0-rc (HKLM\...\VLC media player) (Version: 1.1.0-rc - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Worms Forts Under Siege (HKLM\...\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}) (Version: 1.00.0001 - Team17 Software Ltd)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
16-01-2015 21:00:29 System Checkpoint
23-01-2015 10:08:00 System Checkpoint
24-01-2015 11:56:29 System Checkpoint
25-01-2015 13:31:34 System Checkpoint
28-01-2015 21:22:45 System Checkpoint
24-02-2015 20:48:50 System Checkpoint
26-02-2015 20:25:58 System Checkpoint
27-02-2015 20:32:20 System Checkpoint
04-03-2015 20:42:37 System Checkpoint
07-03-2015 20:16:54 System Checkpoint
08-03-2015 20:47:08 System Checkpoint
10-03-2015 20:24:23 System Checkpoint
14-03-2015 21:32:47 System Checkpoint
20-03-2015 11:50:38 System Checkpoint
21-03-2015 14:00:31 System Checkpoint
01-04-2015 20:45:46 System Checkpoint
02-04-2015 22:07:50 System Checkpoint
04-04-2015 10:34:50 System Checkpoint
05-04-2015 12:27:47 System Checkpoint
06-04-2015 17:34:59 System Checkpoint
14-04-2015 09:42:42 System Checkpoint
14-04-2015 13:40:31 Installed SpyHunter
14-04-2015 13:43:57 Removed SpyHunter
14-04-2015 14:47:57 Restore Operation
15-04-2015 15:48:59 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 17:30 - 2004-08-04 17:30 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429024374.job => C:\Program Files\Opera\launcher.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-14 16:36 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2015-04-14 16:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2013-06-23 16:35 - 2010-02-02 17:46 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2008-04-14 18:12 - 2008-04-14 18:12 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 18:11 - 2008-04-14 18:11 - 00498742 _____ () C:\WINDOWS\system32\dxmasf.dll
2013-07-12 22:20 - 2015-01-20 17:50 - 00055896 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2013-03-19 14:25 - 2015-03-23 15:47 - 00797120 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2015-04-14 16:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-04-14 16:36 - 2014-07-11 16:04 - 01106720 _____ () C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
2013-03-19 14:25 - 2015-01-20 17:50 - 09981528 _____ () C:\Program Files\Garena Plus\GarenaMessenger.exe
2013-03-19 14:25 - 2015-01-20 17:50 - 00111192 _____ () C:\Program Files\Garena Plus\CommonLib.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00040024 _____ () C:\Program Files\Garena Plus\DibModule.dll
2013-03-19 14:25 - 2015-04-14 13:56 - 00034752 _____ () C:\Program Files\Garena Plus\VersionModule.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00057944 _____ () C:\Program Files\Garena Plus\FileLoader.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00093784 _____ () C:\Program Files\Garena Plus\PluginKernel.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00493656 _____ () C:\Program Files\Garena Plus\CxImage.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00031832 _____ () C:\Program Files\Garena Plus\PluginModule.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00177240 _____ () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00380504 _____ () C:\Program Files\Garena Plus\lib\Http.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00191064 _____ () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 14:22 - 2012-02-22 14:22 - 00162304 _____ () C:\Program Files\Garena Plus\lame_enc.DLL
2013-03-19 14:25 - 2015-01-20 17:50 - 00226392 _____ () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00112728 _____ () C:\Program Files\Garena Plus\lib\UILayout.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00964696 _____ () C:\Program Files\Garena Plus\lib\XLL.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00061528 _____ () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 14:22 - 2012-02-22 14:22 - 00573100 _____ () C:\Program Files\Garena Plus\sqlite3.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00231000 _____ () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2013-03-19 14:25 - 2015-04-14 13:56 - 01128384 _____ () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00199256 _____ () C:\Program Files\Garena Plus\ImageModule.dll
2013-06-25 13:35 - 2015-01-20 17:50 - 00161880 _____ () C:\Program Files\Garena Plus\libmpg123.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 02947672 _____ () C:\Program Files\Garena Plus\ggdownloader.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00072280 _____ () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00023128 _____ () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 01551960 _____ () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 11:12 - 2013-02-01 11:12 - 00153088 _____ () C:\Program Files\Garena Plus\libzmq.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00962648 _____ () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00251480 _____ () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00032856 _____ () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00523352 _____ () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00074840 _____ () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00153688 _____ () C:\Program Files\Garena Plus\xIM.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00596568 _____ () C:\Program Files\Garena Plus\xim\plugin_msn.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00467032 _____ () C:\Program Files\Garena Plus\xim\plugin_xmpp.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00201304 _____ () C:\Program Files\Garena Plus\xim\plugin_yahoo.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00107608 _____ () C:\Program Files\Garena Plus\Plugins\PlatformPlugin.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00243288 _____ () C:\Program Files\Garena Plus\Plugins\PluginNews.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00404056 _____ () C:\Program Files\Garena Plus\Plugins\GarenaTalkPlugin.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00293464 _____ () C:\Program Files\Garena Plus\Plugins\DailyTaskPlugin.dll
2013-07-12 22:20 - 2015-01-20 17:50 - 00222808 _____ () C:\Program Files\Garena Plus\Plugins\GameSalePlugin.dll
2015-04-14 20:43 - 2015-04-07 12:43 - 00484472 _____ () C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
2015-04-14 20:43 - 2015-04-07 12:43 - 09625720 _____ () C:\Program Files\Opera\28.0.1750.51\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF3D62E7
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22944368.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22944368.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 5.104.175.150 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Warcraft Config.lnk => C:\WINDOWS\pss\Warcraft Config.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: ftweak_RAMRush => C:\Program Files\RAMRush\RAMRush.exe
MSCONFIG\startupreg: GoogleDriveSync => 
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-299502267-1935655697-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-1935655697-1417001333-1011 - Limited - Enabled)
Guest (S-1-5-21-299502267-1935655697-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-1935655697-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-1935655697-1417001333-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: A7HUOOQU IDE Controller
Description: A7HUOOQU IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: acqdwj3n
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2015 03:51:54 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName     .
 
Error: (04/14/2015 02:53:25 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.
 
Error: (04/14/2015 02:51:05 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (04/14/2015 02:34:06 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (04/14/2015 02:02:54 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName     .
 
Error: (04/14/2015 01:37:34 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (04/14/2015 09:19:19 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName     .
 
Error: (04/13/2015 09:18:45 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (04/13/2015 08:42:32 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName     .
 
Error: (04/13/2015 07:55:19 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName     .
 
 
System errors:
=============
Error: (04/15/2015 05:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 05:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 04:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 04:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 03:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 03:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 02:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 02:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 01:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (04/15/2015 01:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
 
Microsoft Office Sessions:
=========================
Error: (07/26/2014 01:04:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 80%
Total physical RAM: 1014.11 MB
Available physical RAM: 201.93 MB
Total Pagefile: 2440.86 MB
Available Pagefile: 1381.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.62 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.29 GB) (Free:9.91 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (vinod) (Fixed) (Total:39.06 GB) (Free:3.89 GB) NTFS
Drive e: () (Fixed) (Total:39.06 GB) (Free:3.71 GB) NTFS
Drive f: () (Fixed) (Total:41.63 GB) (Free:3.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 059A0599)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.7 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
 
 
Another update on my malware problem is that now I got a new problem which causes my webpage to be redirected to this website with the domain name rdsrv. It started today and more often happens when I use this website.  

  • 0

#5
zep516
Posted 15 April 2015 - 06:40 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

Hello,

 

Yes.There is a lot of adware on the computer, so anything is possible at this juncture, lets start following the instructions and cleaning it up.

 

First do this:

I don't see any Anti Virus running. Please download & install This  Anti Virus program for now. You can change it later to one that you like, but it's important we install this now.

 

Then
Please remove these listed adware programs below from your installed programs list. (Add/Remove)
1. DefaultTab!
2. DefaultTab Chrome!
3. Rich Media View!
4. Trust Media Viewer!
If a program will not remove, please try the next and just keep following the instructions.

 

Next

Download the attached Fixlist.txt file--> Attached File  fixlist.txt   4.84KB   251 downloads.  Save it in the location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished. The tool will make a log in the location FRST64 is,(Fixlog.txt). Please post it to your next reply.


  • 0

#6
VinodAntony10
Posted 26 April 2015 - 12:13 AM

VinodAntony10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

here is the fix log 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 01
Ran by Administrator at 2015-04-26 11:31:17 Run:1
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Loaded Profiles: Administrator (Available profiles: Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [dgadkdfaoaaboghcnjmbcppkalapgkmb] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\idm\Internet Download Manager\IDMGCExt.crx [2013-06-20]
CHR HKLM\...\Chrome\Extension: [kllhllgiijehpamgcmeciagegjecoaod] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
R3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
S3 GGSAFERDriver; No ImagePath
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 acqdwj3n; No ImagePath 
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Program Files\RichMediaViewV1
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FoxTab
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Babylon
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Babylon
2015-04-14 14:19 - 2015-04-14 14:50 - 00000000 ____D () C:\Program Files\SystemConserve
2015-04-14 14:17 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-14 14:15 - 2015-04-14 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\cncaklookhiljnimkipmolldampgfcmf
2015-04-15 17:30 - 2014-01-30 10:30 - 00000416 _____ () C:\WINDOWS\Tasks\At2.job
2015-04-15 17:30 - 2013-11-03 22:30 - 00000416 _____ () C:\WINDOWS\Tasks\At1.job
2015-04-14 20:24 - 2014-01-30 10:30 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\FoxTab
2015-04-14 20:24 - 2013-09-01 08:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
C:\Documents and Settings\Administrator\Local Settings\Temp\ASCSetup_1323593.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\DOCUME~1\ADMINI~1\APPLIC~1\FoxTab
C:\DOCUME~1\NETWOR~1\APPLIC~1\FoxTab
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF3D62E7
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22944368.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22944368.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\user.js [2015-04-14]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CMD: ipconfig /flushdns
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dgadkdfaoaaboghcnjmbcppkalapgkmb" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jmolcgpienlcieaajfkkdamlngancncm" => Key deleted successfully.
D:\idm\Internet Download Manager\IDMGCExt.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\kllhllgiijehpamgcmeciagegjecoaod" => Key deleted successfully.
"HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
"HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm" => Key deleted successfully.
cpuz137 => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
acqdwj3n => Service not found.
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137" => File/Directory not found.
C:\Program Files\RichMediaViewV1 => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\FoxTab => Moved successfully.
C:\Program Files\Conduit => Moved successfully.
 
"C:\Program Files\AskPartnerNetwork" directory move:
 
Could not move "C:\Program Files\AskPartnerNetwork" directory. => Scheduled to move on reboot.
 
C:\Documents and Settings\All Users\Application Data\Babylon => Moved successfully.
C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork => Moved successfully.
C:\Documents and Settings\All Users\Application Data\APN => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Babylon => Moved successfully.
C:\Program Files\SystemConserve => Moved successfully.
C:\Program Files\bestadblocker => Moved successfully.
C:\Documents and Settings\All Users\Application Data\cncaklookhiljnimkipmolldampgfcmf => Moved successfully.
C:\WINDOWS\Tasks\At2.job => Moved successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\Documents and Settings\NetworkService\Application Data\FoxTab => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE => Moved successfully.
"C:\Documents and Settings\Administrator\Local Settings\Temp\ASCSetup_1323593.exe" => File/Directory not found.
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe => Moved successfully.
"C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe" => File/Directory not found.
C:\WINDOWS\Tasks\At1.job not found.
C:\WINDOWS\Tasks\At2.job not found.
"C:\DOCUME~1\ADMINI~1\APPLIC~1\FoxTab" => File/Directory not found.
"C:\DOCUME~1\NETWOR~1\APPLIC~1\FoxTab" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":BF3D62E7" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\22944368.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\22944368.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\user.js => Moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1 GB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-26 11:33:07)<=
 
C:\Program Files\AskPartnerNetwork => Moved successfully.
 
==== End of Fixlog 11:33:07 ====

  • 0

#7
zep516
Posted 26 April 2015 - 10:14 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

If you get time this is next to do

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#8
VinodAntony10
Posted 26 April 2015 - 11:32 AM

VinodAntony10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Malwarebytes log :) 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/26/2015
Scan Time: 10:25:30 PM
Logfile: send.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.04.26.04
Rootkit Database: v2015.04.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299920
Time Elapsed: 28 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\My Documents\Downloads\Spyhunter 4 Crack.exe, Quarantined, [44e875fccbbfbe78a2c6dd6bab570bf5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#9
zep516
Posted 26 April 2015 - 11:34 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    Thanks
    Joe :)

  • 0

#10
VinodAntony10
Posted 26 April 2015 - 11:43 AM

VinodAntony10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

The page redirect problem has not shown since the last time I used the internet. I suppose it has gone. But malwarebytes keeps giving me notifications of malicious websites being blocked. It does so every few minutes. 

 

I believe the problem is fixed ? 


  • 0

Advertisements

#11
zep516
Posted 26 April 2015 - 11:45 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Please do the exercise in post # 9 and post the log reports from adwCleaner and JRT.
  • 0

#12
VinodAntony10
Posted 02 May 2015 - 09:05 PM

VinodAntony10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

here is the adwcleaner log 

 

 

 

# AdwCleaner v4.203 - Logfile created 03/05/2015 at 08:12:43
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - ANTONY-3054D97E
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\Play
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Bundled software uninstaller
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\ApnTBMon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[a1zf5h3p.default\prefs.js] - Line Deleted : user_pref("extensions.TykfLPKEb1S1QDpo.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjrEpdYFrdYGrdr4rTg8rjC5pjg\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[a1zf5h3p.default\prefs.js] - Line Deleted : user_pref("extensions.q0NR93rkvCnNVeGW.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjrEpdYFrdYGrdr4rTg8rjC5pjg\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Opera v29.0.1795.47
 
 
*************************
 
AdwCleaner[R0].txt - [4499 bytes] - [03/05/2015 08:10:52]
AdwCleaner[S0].txt - [4520 bytes] - [03/05/2015 08:12:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4579  bytes] ##########
 
 
 
 
 
 
 
here is the jrt log 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Sun 05/03/2015 at  8:20:07.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81FA428925F22ACB3A965
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09F45BAFAAE1D7546ED4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050B2E46B9C4B67A8F59577
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606D43BB064BD63CBD87E
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28C944FBC7579CF4949414
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3DC1468548785DC856EDA
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8D249B526503432F99D4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4BA46856BF57969F6A36
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56C49B56F6B83E293C15
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927C4E9B7BC1D3FD1E49F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327DC64C9A8B641A9E89646
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/03/2015 at  8:24:33.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

i keep getting this malicious website blocked outbound message .. every now and then 

Attached Thumbnails

  • ScreenShot_20150503081725.png

Edited by VinodAntony10, 02 May 2015 - 09:11 PM.

  • 0

#13
zep516
Posted 02 May 2015 - 09:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
How is the computer ? I need to look at another scan of frst logs.


Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.


  • 0

#14
VinodAntony10
Posted 02 May 2015 - 11:29 PM

VinodAntony10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

If offline, my computer is absolutely fine. Problems come when I use the net. It's fine most of the time. I can use websites which have https.. like facebook, google yahoo youtube etc. the problems come in other sites.

 

I even got the blue error screen message twice. "  A problem has been detected and windows has been shut down..." 
*** stop: 0x00000006(0x00000000,0x00000000,,0x00000000,0x00000000)

 

 

 

here are the logs : 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by Administrator (administrator) on ANTONY-3054D97E on 03-05-2015 10:55:53
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(LG Electronics) C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe
() C:\Program Files\Garena Plus\GarenaMessenger.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IDMan.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IEMonitor.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17567744 2009-03-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [bluebirds] => C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [IDMan] => D:\idm\Internet Download Manager\IDMan.exe [3604048 2013-06-20] (Tonec Inc.)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {855889d6-6cac-11e3-9712-002618bd9288} - H:\.\StartModem.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {e2419e63-e178-11e2-95ee-002618bd9288} - I:\setup.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNOWYDSK.SCR
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\idm\Internet Download Manager\IDMShellExt.dll [2012-11-16] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\idm\Internet Download Manager\IDMIECC.dll [2013-06-20] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2013-10-29] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2013-10-29] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.163.64.81 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-27] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.0-rc -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2010-05-21] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Extension: Weather Now - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2013-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2015-04-14]
FF Extension: Firebug - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\[email protected] [2013-07-06]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2014-04-15]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (KMP Media Toolbar) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaipkbmjkakicapiinmamgjlkaeehh [2015-04-15]
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-15]
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-15]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-15]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-15]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-15]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR HKLM\...\Chrome\Extension: [aaaaipkbmjkakicapiinmamgjlkaeehh] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\idm\Internet Download Manager\IDMGCExt.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S4 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation) [File not signed]
S4 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-22] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [115912 2013-05-25] (Tonec Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-03] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 mtkmbim; C:\WINDOWS\System32\DRIVERS\mtkmbimx.sys [176896 2012-12-13] (MediaTek Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-08-04] (Duplex Secure Ltd.)
S3 wdf_usb; C:\WINDOWS\System32\DRIVERS\usb2ser.sys [68480 2013-02-21] (MediaTek Inc.)
U3 afvdollc; C:\WINDOWS\system32\Drivers\afvdollc.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
R3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 10:45 - 2015-05-03 10:45 - 00081920 _____ () C:\WINDOWS\Minidump\Mini050315-01.dmp
2015-05-03 08:24 - 2015-05-03 08:24 - 00004210 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2015-05-03 08:20 - 2015-05-03 08:20 - 00000000 ____D () C:\RegBackup
2015-05-03 08:10 - 2015-05-03 08:12 - 00000000 ____D () C:\AdwCleaner
2015-05-02 07:44 - 2015-05-02 07:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2015-05-02 07:44 - 2015-05-02 07:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-26 23:49 - 2015-04-26 23:49 - 00081920 _____ () C:\WINDOWS\Minidump\Mini042615-03.dmp
2015-04-26 23:01 - 2015-04-26 23:01 - 00001225 _____ () C:\Documents and Settings\Administrator\Desktop\send.txt
2015-04-26 11:31 - 2015-05-03 10:55 - 00000000 ____D () C:\FRST
2015-04-26 11:23 - 2015-04-26 11:23 - 00081920 _____ () C:\WINDOWS\Minidump\Mini042615-02.dmp
2015-04-26 11:17 - 2015-04-26 11:17 - 00081920 _____ () C:\WINDOWS\Minidump\Mini042615-01.dmp
2015-04-26 09:52 - 2015-05-02 07:54 - 00017705 _____ () C:\WINDOWS\setupapi.log
2015-04-24 21:54 - 2015-05-03 10:46 - 00000237 _____ () C:\WINDOWS\wiadebug.log
2015-04-24 21:54 - 2015-05-03 10:46 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-04-24 21:54 - 2015-04-24 21:54 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-04-15 18:48 - 2015-05-02 08:54 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-15 18:48 - 2015-04-15 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-04-15 18:36 - 2015-05-03 10:46 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 18:36 - 2015-05-03 08:41 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 18:36 - 2015-04-15 18:36 - 00880208 _____ (Google Inc.) C:\Documents and Settings\Administrator\My Documents\ChromeSetup.exe
2015-04-14 20:43 - 2015-05-03 10:45 - 00000402 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429024374.job
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2015-04-14 20:33 - 2015-04-28 21:57 - 00000000 ____D () C:\Program Files\Opera
2015-04-14 19:57 - 2015-05-03 10:46 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 19:56 - 2015-04-25 22:14 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-14 19:56 - 2015-04-25 22:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-25 22:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-14 19:56 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 19:56 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 17:24 - 2015-05-03 07:44 - 28872704 _____ () C:\WINDOWS\system32\config\software.iobit
2015-04-14 17:24 - 2015-05-03 07:44 - 00286720 _____ () C:\WINDOWS\system32\config\default.iobit
2015-04-14 17:24 - 2015-05-03 07:44 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-04-14 17:24 - 2015-05-03 07:44 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-04-14 16:37 - 2015-05-03 10:45 - 00000296 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-04-14 16:37 - 2015-04-14 16:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ProductData
2015-04-14 16:36 - 2015-05-03 08:05 - 00001822 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk
2015-04-14 16:36 - 2015-04-28 21:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer
2015-04-14 16:35 - 2015-04-14 19:29 - 00000000 ____D () C:\Program Files\IObit
2015-04-14 14:34 - 2015-04-14 14:34 - 00081920 _____ () C:\WINDOWS\Minidump\Mini041415-01.dmp
2015-04-14 11:52 - 2015-04-14 11:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-06 15:56 - 2015-04-06 15:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Tor Browser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 10:56 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-05-03 10:49 - 2013-06-24 08:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\GarenaPlus
2015-05-03 10:49 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2015-05-03 10:47 - 2013-06-23 16:18 - 01811263 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-03 10:45 - 2014-05-30 14:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-03 10:45 - 2013-06-23 16:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-03 08:59 - 2013-06-23 16:22 - 00032424 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-03 08:59 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-05-03 08:41 - 2013-06-27 16:35 - 00154624 ___SH () C:\Documents and Settings\Administrator\Desktop\Thumbs.db
2015-05-03 08:19 - 2014-04-15 18:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IDM
2015-05-03 08:18 - 2013-06-23 16:45 - 00000000 ____D () C:\Program Files\Garena Plus
2015-05-03 07:56 - 2013-06-30 00:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\BitTorrent
2015-05-03 07:44 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-05-03 07:44 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-02 09:37 - 2013-06-27 11:32 - 00000000 ____D () C:\Program Files\The KMPlayer
2015-05-02 08:30 - 2013-06-23 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DMCache
2015-05-01 22:38 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2015-05-01 15:57 - 2004-08-04 17:30 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-26 11:33 - 2014-05-14 19:47 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-04-26 11:31 - 2013-07-06 19:16 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-15 18:49 - 2013-06-23 16:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-04-15 18:48 - 2013-06-23 16:43 - 00000000 ____D () C:\Program Files\Google
2015-04-15 18:17 - 2014-03-22 08:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\vam
2015-04-15 17:54 - 2015-02-06 21:56 - 00000383 _____ () C:\Documents and Settings\Administrator\Desktop\project.txt
2015-04-15 14:25 - 2013-06-27 16:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-04-15 10:40 - 2013-06-23 21:33 - 00000000 ____D () C:\WINDOWS\system
2015-04-14 20:43 - 2013-11-10 14:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera Software
2015-04-14 20:26 - 2013-07-21 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-04-14 18:30 - 2014-09-06 17:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-04-14 17:44 - 2013-07-02 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2015-04-14 16:36 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-04-14 16:14 - 2013-06-23 21:38 - 00000211 ___SH () C:\boot.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000791 _____ () C:\WINDOWS\win.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-14 15:30 - 2013-12-19 13:30 - 00000103 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2015-04-14 14:49 - 2013-06-23 16:15 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-14 14:46 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2015-04-14 13:00 - 2013-06-23 16:22 - 00001593 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001593 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-04-03 20:34 - 2013-06-23 16:24 - 00075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2013-09-19 14:35 - 2013-09-19 14:37 - 0000364 _____ () C:\Documents and Settings\Administrator\Application Data\burnaware.ini
2013-06-24 09:25 - 2015-01-24 12:40 - 0045194 _____ () C:\Documents and Settings\Administrator\Application Data\room_v3.dat
2013-12-23 00:30 - 2015-04-01 20:30 - 0000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2013-06-23 16:24 - 2015-04-03 20:34 - 0075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 22:37 - 2014-04-05 22:37 - 0000090 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-05-2015
Ran by Administrator at 2015-05-03 10:56:44
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-299502267-1935655697-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-1935655697-1417001333-1011 - Limited - Enabled)
Guest (S-1-5-21-299502267-1935655697-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-1935655697-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-1935655697-1417001333-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Apache HTTP Server 2.2.22 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.22 - Apache Software Foundation)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
BitTorrent (HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\BitTorrent) (Version: 7.8.1.30016 - BitTorrent Inc.)
D-Link Connection Manager v7.0.1IN (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version:  - )
Farm Frenzy 2 (HKLM\...\Farm Frenzy 2_is1) (Version: 1.0 - MyPlayCity, Inc.)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time)
Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.1 - IObit)
Garena HostBot v6.0 (HKLM\...\Garena HostBot v6.06.0) (Version: 6.0 - GarenaWorld)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
iMeme 1.0 (HKLM\...\{66CA7D93-1FDD-4152-B241-42971934D8E0}_is1) (Version:  - Michael Fogleman)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Juniper_Setup_Client) (Version: 7.1.9.20595 - Juniper Networks, Inc.)
KMP Media Toolbar (HKLM\...\{4B4D5056-3700-A76A-76A7-A758B70C1B00}) (Version: 12.27.0.798 - APN, LLC)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
NX Client for Windows 3.4.0-5 (HKLM\...\nxclient_is1) (Version: 3.4.0-5 - NoMachine)
Opera Stable 29.0.1795.47 (HKLM\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RAMRush 1.0.6.917 (HKLM\...\RAMRush_is1) (Version:  - FTweak, Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5821 - Realtek Semiconductor Corp.)
Rich Media View (HKLM\...\RichMediaViewV1release4985) (Version: 1.1 - Rich Media View) <==== ATTENTION
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Trust Media Viewer (HKLM\...\TrustMediaViewerV1alpha1683) (Version: 1.1 - Trust Media Viewer) <==== ATTENTION
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VLC media player 1.1.0-rc (HKLM\...\VLC media player) (Version: 1.1.0-rc - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Worms Forts Under Siege (HKLM\...\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}) (Version: 1.00.0001 - Team17 Software Ltd)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-01-2015 21:22:45 System Checkpoint
24-02-2015 20:48:50 System Checkpoint
26-02-2015 20:25:58 System Checkpoint
27-02-2015 20:32:20 System Checkpoint
04-03-2015 20:42:37 System Checkpoint
07-03-2015 20:16:54 System Checkpoint
08-03-2015 20:47:08 System Checkpoint
10-03-2015 20:24:23 System Checkpoint
14-03-2015 21:32:47 System Checkpoint
20-03-2015 11:50:38 System Checkpoint
21-03-2015 14:00:31 System Checkpoint
01-04-2015 20:45:46 System Checkpoint
02-04-2015 22:07:50 System Checkpoint
04-04-2015 10:34:50 System Checkpoint
05-04-2015 12:27:47 System Checkpoint
06-04-2015 17:34:59 System Checkpoint
14-04-2015 09:42:42 System Checkpoint
14-04-2015 13:40:31 Installed SpyHunter
14-04-2015 13:43:57 Removed SpyHunter
14-04-2015 14:47:57 Restore Operation
15-04-2015 15:48:59 System Checkpoint
25-04-2015 13:02:23 System Checkpoint
26-04-2015 11:31:28 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 17:30 - 2015-04-26 11:31 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429024374.job => C:\Program Files\Opera\launcher.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-14 16:36 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 09981528 _____ () C:\Program Files\Garena Plus\GarenaMessenger.exe
2013-03-19 14:25 - 2015-01-20 17:50 - 00111192 _____ () C:\Program Files\Garena Plus\CommonLib.dll
2013-03-19 14:25 - 2015-03-23 15:47 - 00797120 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00040024 _____ () C:\Program Files\Garena Plus\DibModule.dll
2013-03-19 14:25 - 2015-04-14 13:56 - 00034752 _____ () C:\Program Files\Garena Plus\VersionModule.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00057944 _____ () C:\Program Files\Garena Plus\FileLoader.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00093784 _____ () C:\Program Files\Garena Plus\PluginKernel.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00493656 _____ () C:\Program Files\Garena Plus\CxImage.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00031832 _____ () C:\Program Files\Garena Plus\PluginModule.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00177240 _____ () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00380504 _____ () C:\Program Files\Garena Plus\lib\Http.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00191064 _____ () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 14:22 - 2012-02-22 14:22 - 00162304 _____ () C:\Program Files\Garena Plus\lame_enc.DLL
2013-03-19 14:25 - 2015-01-20 17:50 - 00226392 _____ () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00112728 _____ () C:\Program Files\Garena Plus\lib\UILayout.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00964696 _____ () C:\Program Files\Garena Plus\lib\XLL.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00061528 _____ () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 14:22 - 2012-02-22 14:22 - 00573100 _____ () C:\Program Files\Garena Plus\sqlite3.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00231000 _____ () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2013-03-19 14:25 - 2015-04-14 13:56 - 01128384 _____ () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00199256 _____ () C:\Program Files\Garena Plus\ImageModule.dll
2013-06-25 13:35 - 2015-01-20 17:50 - 00161880 _____ () C:\Program Files\Garena Plus\libmpg123.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 02947672 _____ () C:\Program Files\Garena Plus\ggdownloader.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00072280 _____ () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00023128 _____ () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 01551960 _____ () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 11:12 - 2013-02-01 11:12 - 00153088 _____ () C:\Program Files\Garena Plus\libzmq.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00962648 _____ () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00251480 _____ () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00032856 _____ () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00523352 _____ () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00074840 _____ () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2015-04-14 16:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-04-14 16:36 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2013-07-12 22:20 - 2015-01-20 17:50 - 00055896 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2015-04-14 16:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-04-14 16:36 - 2014-07-11 16:04 - 01106720 _____ () C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
2008-04-14 18:11 - 2008-04-14 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 18:12 - 2008-04-14 18:12 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 213.163.64.81 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Warcraft Config.lnk => C:\WINDOWS\pss\Warcraft Config.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: ftweak_RAMRush => C:\Program Files\RAMRush\RAMRush.exe
MSCONFIG\startupreg: GoogleDriveSync => 
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\Room\garena_room.exe] => Enabled:garena_room
StandardProfile\AuthorizedApplications: [C:\Program Files\VideoLAN\VLC\vlc.exe] => Enabled:VLC media player
StandardProfile\AuthorizedApplications: [C:\Program Files\NX Client for Windows\nxclient.exe] => Enabled:nxclient
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\ggdllhost.exe] => Enabled:ggdllhost
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\bbtalk\BBTalk.exe] => Enabled:Garena Talk
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\usmt\migwiz.exe] => Enabled:Files and Settings Transfer Wizard
StandardProfile\AuthorizedApplications: [D:\vin\app\fls\FL Studio 11\FL.exe] => Disabled:FL Studio 11
StandardProfile\AuthorizedApplications: [D:\vin\app\HOSTBOT\GarenaHostBot.exe] => Enabled:Garena HostBot - advanced hosting bot for garena
StandardProfile\AuthorizedApplications: [D:\vin\app\HOSTBOT\ghost.exe] => Enabled:ghost
StandardProfile\AuthorizedApplications: [C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe] => Enabled:WF
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\slowWV2.exe] => Enabled:slowWV2
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/01/2015 04:43:54 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (04/24/2015 10:47:04 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (04/16/2015 04:33:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (04/15/2015 10:27:40 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (04/15/2015 08:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 42.0.2311.90, faulting module chrome.dll, version 42.0.2311.90, fault address 0x00b9be22.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (04/14/2015 03:51:54 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName     .
 
Error: (04/14/2015 02:53:25 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.
 
Error: (04/14/2015 02:51:05 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (04/14/2015 02:34:06 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (04/14/2015 02:02:54 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName     .
 
 
System errors:
=============
Error: (05/03/2015 10:46:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (05/03/2015 10:31:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (05/03/2015 08:56:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (05/03/2015 08:20:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/03/2015 08:20:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 8 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/03/2015 08:17:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cpuz137 service failed to start due to the following error: 
%%2
 
Error: (05/03/2015 08:14:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (05/03/2015 08:12:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/03/2015 08:12:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/03/2015 08:12:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (07/26/2014 01:04:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 72%
Total physical RAM: 1014.11 MB
Available physical RAM: 275.04 MB
Total Pagefile: 2440.91 MB
Available Pagefile: 1651.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.32 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.29 GB) (Free:10.28 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (vinod) (Fixed) (Total:39.06 GB) (Free:3.93 GB) NTFS
Drive e: () (Fixed) (Total:39.06 GB) (Free:3.69 GB) NTFS
Drive f: () (Fixed) (Total:41.63 GB) (Free:3.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 059A0599)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.7 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

  • 0

#15
zep516
Posted 03 May 2015 - 07:44 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

First
Please remove these programs from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
  • Trust Media Viewer
If a program will not remove skip it and keep following instructions please.

Next

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\idm\Internet Download Manager\IDMGCExt.crx [Not Found]
R3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location) you might have to move the fixlist to your downloads folder and then run frst.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: google chrome, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP