Jump to content

Infected need help

farhanghani

By farhanghani
in Resolved Malware Removal Logs

 Share

Recommended Posts

farhanghani

farhanghani

Posted
Posted

dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by FARHAN at 18:48:13 on 2013-12-19
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.7650.5415 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\dashost.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\FARHAN\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\syswow64\wwahost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [uTorrent] "C:\Users\FARHAN\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\FARHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 172.20.10.1
TCP: Interfaces\{1BB33AA0-89B5-4251-A20C-F43BC021B4BA} : DHCPNameServer = 40.22.1.201 40.22.1.203
TCP: Interfaces\{79A7F3AC-CCB8-4B37-B9C0-8F1A4B765F2A} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{80C0699A-3E19-4AA0-8C17-0FAD1D79FB28} : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-9-17 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-9-17 26280]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2013-6-10 30304]
R1 klpd;klpd;C:\Windows\System32\Drivers\klpd.sys [2013-4-12 15456]
R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-5-7 64608]
R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2013-6-6 178272]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-19 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-10-18 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-6-17 214512]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-11-9 227936]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-23 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-5-31 2451456]
R2 IDMWFP;IDMWFP;C:\Windows\System32\Drivers\idmwfp.sys [2013-11-9 174968]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-19 701512]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-8-29 2100024]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-8-22 91648]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-5-5 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-5-5 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-19 25928]
R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\Drivers\netaapl64.sys [2013-7-25 23040]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-5-31 272016]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-5-31 690832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-8-21 14112]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-5-31 58536]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-27 29792]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-8-25 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-25 43832]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S4 klflt;klflt;C:\Windows\System32\Drivers\klflt.sys [2013-12-18 112224]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-12-19 18:31:07 -------- d-----w- C:\Users\FARHAN\AppData\Roaming\Malwarebytes
2013-12-19 18:30:53 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-19 18:30:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-19 18:30:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-19 18:30:34 -------- d-----w- C:\Users\FARHAN\AppData\Local\Programs
2013-12-18 23:22:05 34048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2013-12-18 22:51:14 110176 ----a-w- C:\Windows\System32\klfphc.dll
2013-12-18 22:49:50 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-12-18 22:49:50 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-12-18 22:49:34 112224 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-12-18 22:15:54 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C18FBC5-6DBD-4E10-A59D-EFADF21A8E56}\mpengine.dll
2013-12-17 18:14:45 965000 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NISBackup\gapaengine.dll
2013-12-17 18:14:45 965000 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C981741-CAE7-4E76-A6E2-254A04AC21C2}\gapaengine.dll
2013-12-17 18:14:18 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-17 18:14:09 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-17 18:06:35 965000 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DE20633-225D-4139-8968-8673E31FD6FF}\gapaengine.dll
2013-12-16 22:59:44 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-16 22:59:42 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 21:07:28 289792 ----a-w- C:\Users\FARHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
2013-12-13 00:25:17 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-13 00:24:52 222720 ----a-w- C:\Windows\System32\scrobj.dll
2013-12-13 00:24:52 194048 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-13 00:24:52 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2013-12-13 00:24:52 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-13 00:24:52 146944 ----a-w- C:\Windows\System32\cscript.exe
2013-12-13 00:24:52 143872 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-13 00:24:52 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-13 00:24:51 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-13 00:24:51 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-13 00:24:51 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-13 00:24:51 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-08 10:38:05 87392 ------w- C:\Windows\twain.dll
2013-12-08 10:36:32 306688 ----a-w- C:\Windows\IsUninst.exe
2013-12-02 13:14:07 -------- d-----w- C:\Users\FARHAN\AppData\Local\CyberLink
2013-11-30 23:52:43 -------- d-----r- C:\Users\FARHAN\SkyDrive
2013-11-27 12:32:09 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-27 12:32:09 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-27 12:28:22 -------- d-----r- C:\Windows\BrowserChoice
2013-11-27 12:22:24 -------- d-----w- C:\ProgramData\Microsoft Toolkit
2013-11-27 11:56:51 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-11-27 11:55:53 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-11-27 11:52:50 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-11-27 11:52:50 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-11-27 11:52:42 -------- d-----w- C:\Users\FARHAN\AppData\Local\Microsoft Help
2013-11-27 00:41:56 -------- d-----w- C:\Windows\System32\MRT
2013-11-26 22:50:14 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll
2013-11-26 22:49:58 150016 ----a-w- C:\Windows\System32\discan.dll
2013-11-26 22:47:22 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-11-26 22:47:22 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-11-26 22:47:22 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-11-26 22:47:22 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-11-26 22:30:41 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
2013-11-26 22:30:41 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe
2013-11-26 22:29:41 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-11-26 22:29:41 112872 ----a-w- C:\Windows\System32\consent.exe
2013-11-25 23:29:38 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-11-25 23:29:38 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-11-25 23:29:38 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-25 23:29:26 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-25 23:29:04 652288 ----a-w- C:\Windows\System32\comctl32.dll
2013-11-25 23:29:04 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-11-25 23:29:03 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-11-25 23:29:03 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-11-25 23:29:03 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-11-25 23:29:03 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-11-25 23:29:03 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-11-25 23:29:03 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-11-25 23:29:03 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-11-25 23:27:12 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-25 23:27:12 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-25 23:26:36 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-11-25 23:26:36 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-11-25 23:26:36 54488 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-11-25 23:26:36 32768 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-11-25 23:26:36 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2013-11-25 23:26:36 25600 ----a-w- C:\Windows\System32\drivers\usbprint.sys
2013-11-25 23:26:34 99328 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-11-25 23:26:34 210560 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2013-11-25 23:25:06 79192 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-25 23:25:06 623448 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-25 23:25:06 498008 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-25 23:25:06 32256 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-25 23:25:06 21848 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-25 23:25:06 1838080 ----a-w- C:\Windows\System32\DWrite.dll
2013-11-25 23:25:06 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-11-25 23:25:06 120832 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-25 23:25:05 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-11-25 23:25:04 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-11-25 23:24:41 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-25 23:24:41 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-25 23:24:18 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-11-25 23:24:18 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-11-25 23:24:17 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-11-25 23:24:17 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-11-25 23:24:14 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-11-25 23:24:14 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-11-25 23:24:02 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-11-25 23:24:02 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-11-25 23:22:36 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-11-25 23:22:36 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-11-25 23:22:15 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-11-25 23:22:15 362496 ----a-w- C:\Windows\System32\atmfd.dll
2013-11-25 23:22:15 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-11-25 23:22:15 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-11-25 23:22:13 733184 ----a-w- C:\Windows\System32\win32spl.dll
2013-11-24 23:54:53 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-11-24 23:54:53 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-11-24 22:27:08 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-11-24 22:27:08 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-11-24 22:27:08 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-11-24 22:27:08 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-11-24 22:27:08 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-11-24 22:27:08 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-11-24 22:27:08 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-11-24 21:01:17 337752 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-11-24 21:01:17 213336 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-11-24 20:29:42 861184 ----a-w- C:\Windows\System32\drivers\http.sys
2013-11-24 18:03:43 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-24 18:03:42 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-24 16:35:21 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-11-24 16:35:21 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-11-24 16:35:20 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-11-24 16:35:20 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-11-24 16:35:20 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-24 16:35:20 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-24 13:47:59 2382336 ----a-w- C:\Windows\SysWow64\esent.dll
2013-11-24 13:47:57 2851840 ----a-w- C:\Windows\System32\esent.dll
2013-11-23 22:19:52 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-11-23 22:19:52 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-11-23 19:56:50 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2013-11-23 19:56:50 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2013-11-23 19:56:50 1184256 ----a-w- C:\Windows\System32\Display.dll
2013-11-23 19:56:50 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2013-11-23 19:55:04 13661696 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-11-22 22:16:05 40760 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-11-22 22:16:04 29496 ----a-w- C:\Windows\System32\authuitu.dll
2013-11-22 22:16:04 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll
2013-11-22 22:15:40 -------- d-----w- C:\Users\FARHAN\AppData\Roaming\TuneUp Software
2013-11-22 22:15:15 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2014
2013-11-22 22:14:36 -------- d-----w- C:\ProgramData\TuneUp Software
2013-11-22 22:14:27 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-22 22:14:27 -------- d--h--w- C:\ProgramData\Common Files
2013-11-22 21:42:50 156 ----a-w- C:\ProgramData\patch.dll
2013-11-22 21:41:26 -------- d-----w- C:\Users\FARHAN\AppData\Roaming\IDM
2013-11-22 21:41:26 -------- d-----w- C:\Users\FARHAN\AppData\Roaming\DMCache
2013-11-22 21:41:26 -------- d-----w- C:\ProgramData\IDM
2013-11-22 21:41:15 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2013-11-22 21:38:16 -------- d-----w- C:\Users\FARHAN\AppData\Roaming\WinRAR 5.00 Final + Key 100 % Clean
2013-11-21 18:39:48 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-11-21 18:39:48 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-11-21 18:39:48 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-11-21 18:39:48 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-11-21 18:39:47 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-11-21 18:39:47 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
==================== Find3M  ====================
.
2013-12-19 16:31:18 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-12-19 16:31:18 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2013-12-19 16:31:18 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-12-19 16:31:17 30304 ----a-w- C:\Windows\System32\drivers\klim6.sys
2013-12-19 16:31:16 29792 ----a-w- C:\Windows\System32\drivers\klelam.sys
2013-12-19 16:31:15 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-11-14 14:32:01 524016 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2013-11-14 14:32:01 264432 ----a-w- C:\Windows\System32\SynTPAPI.dll
2013-11-14 14:32:01 192240 ----a-w- C:\Windows\System32\SynTPCo19.dll
2013-11-14 14:32:01 151280 ----a-w- C:\Windows\SysWow64\SynTPCom.dll
2013-11-14 14:31:58 819440 ----a-w- C:\Windows\System32\SynCOM.dll
2013-11-14 14:31:58 351984 ----a-w- C:\Windows\SysWow64\SynCom.dll
2013-11-07 23:41:38 174968 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-10-28 13:38:48 189952 ----a-w- C:\Windows\SysWow64\service.exe
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-19 04:04:07 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
2013-10-05 06:10:20 285016 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-10-02 02:50:07 447320 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-10-01 23:37:53 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-01 23:26:45 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-09-28 05:48:00 778752 ----a-w- C:\Windows\System32\oleaut32.dll
2013-09-28 03:58:44 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-09-28 03:35:36 288768 ----a-w- C:\Windows\System32\drivers\portcls.sys
.
============= FINISH: 18:48:56.26 ===============

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 13/11/2013 20:39:57
System Uptime: 19/12/2013 18:10:10 (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 193B
Processor: AMD A4-4355M APU with Radeon HD Graphics    | Socket FT1 | 1900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 905 GiB total, 828.135 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 3.052 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 27/11/2013 11:51:24 - PROPLUS
RP10: 04/12/2013 20:53:54 - Scheduled Checkpoint
RP12: 13/12/2013 15:20:28 - Windows Modules Installer
RP13: 16/12/2013 23:22:29 - Windows Update
RP14: 19/12/2013 15:15:17 - HPSF Applying updates
RP15: 19/12/2013 15:15:24 - HPSF Applying updates
.
==== Installed Programs ======================
.
4 Elements II
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Shockwave Player 11.6
Airport Mania
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Azteca
Bejeweled 3
Bonjour
Bounce Symphony
Build-a-lot
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Connected Music powered by Universal Music Group version 1.0
CyberLink PhotoDirector
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Energy Star
FATE: The Cursed King
Final Drive Fury
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Remote
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
IDT Audio
Internet Download Manager
iTunes
Jewel Match 3
John Deere Drive Green
Kaspersky Internet Security
Letters from Nowhere 2
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Word MUI (English) 2013
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery of Mortlake Mansion
Outils de vérification linguistique 2013 de Microsoft Office - Français
Penguins!
Photo Common
Photo Gallery
Polar Bowler
Polar Golfer
Qualcomm Atheros Driver Installation Program
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2817623) 64-Bit Edition
Setup
swMSM
Synaptics Pointing Device Driver
The Treasures of Mystery Island: The Ghost Ship
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827228) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827235) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2810016) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2825632) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition
Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2825633) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition
Update for Microsoft Word 2013 (KB2827218) 64-Bit Edition
Update Installer for WildTangent Games App
VLC media player 2.1.1
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 5.00 (64-bit)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
19/12/2013 18:20:56, Error: Service Control Manager [7034]  - The Microsoft Ms service terminated unexpectedly. It has done this 1 time(s).
19/12/2013 18:09:58, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19/12/2013 18:08:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19/12/2013 18:08:27, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
19/12/2013 18:06:43, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19/12/2013 18:06:00, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
19/12/2013 18:05:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/12/2013 17:54:58, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
19/12/2013 16:31:50, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
17/12/2013 18:14:36, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.165.98.0).
16/12/2013 23:19:35, Error: Schannel [36887]  - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
13/12/2013 00:03:31, Error: MTConfig [1]  - An attempt to configure the input mode of a multitouch device failed.
.
==== End Of File ===========================

 

 

 

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : FARHAN [Admin rights]
Mode : Scan -- Date : 12/19/2013 19:07:03
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registdridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS 541010A9E680 SATA Disk Device +++++
--- User ---
[MBR] b021d637ffef2edc7f8fdd87796a0123
[bSP] b0c1a0a37a9e77d6742afa7c2067e01c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 953869 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12192013_190703.txt >>

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
FARHAN :: NIMI2 [administrator]

Protection: Enabled

19/12/2013 18:33:03
MBAM-log-2013-12-19 (19-15-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208819
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\Service1 (Backdoor.Bot) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\SYSTEM32\SERVICE.EXE (Backdoor.Bot) -> Data: 2 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\FARHAN\AppData\Roaming\WinRAR 5.00 Final + Key 100 % Clean\RunTime.exe (Spyware.Password) -> No action taken.
C:\Windows\System32\service.exe (Backdoor.Bot) -> No action taken.
C:\Windows\SysWOW64\service.exe (Backdoor.Bot) -> No action taken.

(end)

 

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello farhanghani

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.