Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with Malware

Unread postby Castilho » February 12th, 2015, 5:46 pm

Hi there, good afternoon.

First and foremost i'd like to thank you for reading this and would be very happy if you could spare some time to help me out with a problem of mine.

Description: A couple things actually:
- Massive, constant slowdown
- Avira won`t open, tried re-installing and was no good. I have downloaded Bitdefender and while it loads, it crashes sometime after. (Tried malwarebytes, didn't find anything)
- I've noted most of my processes are running *32 while they didn't before... not sure if this has anything to do with it, but is weird to me.

Again, thank you so much... I use this PC to work at home, so... anyways thank you.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 10.40.2
Run by Philippe at 19:31:07 on 2015-02-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1033.18.6143.3611 [GMT -2:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Program Files (x86)\KMPConnect\KMPConnectService.exe
C:\Program Files (x86)\KMPConnect\KMPConnectCore.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://asus.msn.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [CPN Notifier] C:\Program Files (x86)\Rox Poker\PokerNotifier.exe
uRun: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe"
mRun: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: itau.com.br
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} - ms-its:C:\Program Files (x86)\The Tournament Director 2\TD.lib::/comdlg32.cab
TCP: Interfaces\{51610C28-CCA2-4349-AC5E-BA1F87F3DCC8} : DHCPNameServer = 201.17.0.43 201.17.0.74 201.6.4.116
TCP: Interfaces\{B6297368-00D4-4A53-9687-8890C2EAC1E8}\346383 : DHCPNameServer = 201.17.0.43 201.17.0.74 201.6.4.116
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\
FF - prefs.js: browser.search.selectedEngine -
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
FF - plugin: C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
FF - plugin: C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll
FF - plugin: C:\Users\Philippe\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2015-2-12 718840]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-28 21184]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2015-2-12 121928]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-6-4 95152]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2009-11-15 16384]
R1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2015-2-12 148696]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-4-20 74432]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-11-15 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-11-15 14904]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ClickToRunSvc;Serviço Clique para Executar do Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-19 2449592]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2015-2-12 593144]
R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-15 215040]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-4-20 129472]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-12-7 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-15 79360]
S3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-12-7 12032]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-2-21 1051088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-24 48488]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-16 129752]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\D275.tmp [2011-7-9 6144]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\Windows\System32\drivers\s916bus.sys [2007-11-2 108072]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-14 59392]
S3 WRfiltv;WRfiltv;C:\Windows\System32\drivers\WRfiltv.sys [2009-7-31 25600]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-02-12 21:27:40 169350 ----a-w- C:\ProgramData\1423776360.bdinstall.bin
2015-02-12 21:26:45 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2015-02-12 21:26:44 261056 ----a-w- C:\Windows\System32\drivers\SETF365.tmp
2015-02-12 21:26:42 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2015-02-12 21:26:42 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2015-02-12 21:26:42 0 ----a-w- C:\Windows\System32\drivers\avchv.sys
2015-02-12 21:20:43 9133 ----a-w- C:\ProgramData\1423775997.4668.bin
2015-02-12 21:20:43 4426 ----a-w- C:\ProgramData\1423775997.5544.bin
2015-02-12 21:20:43 2122 ----a-w- C:\ProgramData\1423775997.5948.bin
2015-02-12 21:20:43 -------- d-----w- C:\Program Files\Bitdefender
2015-02-12 21:20:34 148696 ------w- C:\Windows\System32\drivers\gzflt.sys
2015-02-12 21:20:31 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2015-02-12 21:20:31 13548 ----a-w- C:\ProgramData\1423775997.5812.bin
2015-02-12 21:20:05 43572 ----a-w- C:\ProgramData\1423775997.5636.bin
2015-02-12 21:20:03 5918 ----a-w- C:\ProgramData\1423775997.4548.bin
2015-02-12 21:19:57 48689 ----a-w- C:\ProgramData\1423775997.4512.bin
2015-02-12 21:19:52 -------- d-----w- C:\Users\Philippe\AppData\Roaming\QuickScan
2015-02-12 08:17:32 -------- d-----w- C:\Riot Games
2015-02-12 03:17:50 -------- d-----w- C:\OETemp
2015-02-12 02:25:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-02-12 02:24:02 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2015-02-12 02:24:01 229376 ----a-w- C:\Windows\System32\wintrust.dll
2015-02-12 02:24:01 187904 ----a-w- C:\Windows\System32\cryptsvc.dll
2015-02-12 02:24:01 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2015-02-12 02:24:00 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2015-02-12 02:24:00 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2015-02-12 02:22:52 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-02-12 02:22:52 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-02-12 02:22:50 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-02-12 02:22:49 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-02-12 02:22:40 3722752 ----a-w- C:\Windows\System32\mstscax.dll
2015-02-12 02:22:39 3221504 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-02-12 02:22:37 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2015-02-12 02:22:28 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-12 02:22:28 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-12 02:11:34 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-12 02:11:26 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-12 02:11:26 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-12 02:11:24 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-12 02:11:24 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-12 02:11:24 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-12 02:11:24 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-12 02:10:30 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-10 22:03:39 -------- d-----w- C:\Users\Philippe\AppData\Local\Aspyr
2015-01-29 18:04:32 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2015-01-25 13:36:55 -------- d-----w- C:\Program Files (x86)\The Vanishing of Ethan Carter
2015-01-14 10:42:02 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 10:42:02 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 10:42:01 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 10:42:01 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 10:42:01 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 10:42:01 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
.
==================== Find3M ====================
.
2015-02-12 08:26:52 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-05 22:16:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 22:16:11 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-14 13:32:32 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:33:52 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-01-12 02:32:57 6041088 ----a-w- C:\Windows\System32\jscript9.dll
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:55:00 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29:46 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 16:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 19:34:33,20 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/01/2010 10:22:12
System Uptime: 12/02/2015 17:00:47 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | G72GX
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | LGA775 | 1595/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 93,633 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP719: 12/02/2015 17:53:54 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3 Stars of Destiny
7-Zip 9.20 (x64 edition)
888poker
A-PDF Merger 4.6
Academagia version 1.1.4
Acrobat.com
Active@ Partition Recovery
Adobe AIR
Adobe Community Help
Adobe Digital Editions 3.0
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Media Player
Adobe Reader 9.3.2 MUI
Adobe Shockwave Player 11.5
Alpha Kimori™ Episode One
Apple Software Update
Arquivo do WinRAR
ASUS AP Bank
ASUS Data Security Manager
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Splendid Video Enhancement Technology
ASUS Turbo Gear Enhanced VGA Driver
ASUS Virtual Camera
Asus WebStorage
ASUS_ScreenSaver_GSeries
Atheros Client Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
Aveyond Lord of Twilight
Awesomenauts
Battle.net
Beat Hazard
Bestpoker Classic 1.0.0
Bitdefender Antivirus Free Edition
Blades of Time
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CariocaPokerClub
CCleaner
CDisplay 1.8
Citrix Authentication Manager
Citrix online plug-in (Web)
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Cockatrice
Compatibility Pack for the 2007 Office system
ControlDeck
Costume Quest
Counter-Strike: Global Offensive
Crazy Machines Elements
Creative MediaSource 5
Creative System Information
Curse
CyberLink LabelPrint
CyberLink Power2Go
D2SE V2.1.0
D3DX10
Deadly Premonition: The Director's Cut
Deadly Sin 2
Defraggler
Desura
Desura: Doom and Destiny
Desura: Miner Warfare
DivXLand Media Subtitler
Dragon Age: Origins
Dual-Core Optimizer
ePub Converter
Evoland
Express Gate
Fallout 2
Fast Boot
FCR v1.1 final or Flash Mod v1.01
FO2 Restoration Project 2.2
Folding@home-x86
Full Tilt Poker
Google Chrome
Google Update Helper
GoToMeeting 5.0.0.799
Guardião - Itaú 30 horas
Half Minute Hero: Super Mega Neo Climax Ultimate Boy
Hammerwatch
Hearthstone
Heileen 1: Sail Away
How to Survive
HxD Hex Editor version 1.7.7.0
ICY Hexplorer (remove only)
ImgBurn
Inquisitor
Instalação do DivX
Java 7 Update 40
Java Auto Updater
Java(TM) 6 Update 17
JavaFX 2.1.1
JDownloader
Junk Mail filter update
K-Lite Mega Codec Pack 9.0.0
KMP Connect Program
Kotor Tool
Last Dream
League of Legends
LogMeIn Hamachi
Long Live the Queen
Módulo de Proteção Santander 3.2.0.2
Magic The Gathering Online
Magic Workstation 0.94f
Magical Diary
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Compact Framework 2.0 SP1
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2013 - pt-br
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Windows Application Compatibility Database
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Might & Magic: Heroes VI
Millennium - A New Hope
mIRC
Mozilla Firefox 7.0.1 (x86 pt-BR)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MV RegClean 6.9
MyDefrag v4.3.1
Mythos: The Beginning
NetLimiter 3
Nosgoth
NVIDIA Drivers
NVIDIA PhysX
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Online Plug-in
Origin
Patchelp
PAYDAY 2
PC Wizard 2010.1.94
PCSX2 - Playstation 2 Emulator
PERT Chart EXPERT
Planescape - Torment
PlugY, The Survival Kit
PokerStars
PTDD Partition Table Doctor 3.5
PunkBuster Services
Quest for Infamy
QuickTime 7
RaidCall
Razer Comms
Razer Core
Razer DeathAdder(TM) Mouse
Real Alternative 2.0.2
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Richard & Alice
RICOH R5U8xx Media Driver ver.3.62.02
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956097) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956098) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2920788) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2956099) 32-Bit Edition
Self-service Plug-in
Shadowrun Returns
Sierra Utilities
Signup Calc
Skyborn
Skype Click to Call
Skype™ 7.0
Smart Defrag 3
Sophos Anti-Rootkit 1.5.4
Sound Blaster Audigy HD
Sound Blaster World of Warcraft Headset
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Steam
Subtitle Workshop 2.51
Suporte para Aplicativos Apple
sXe Injected
Synaptics Pointing Device Driver
System Requirements Lab
TeamSpeak 3 Client
TES Construction Set
The Banner Saga
The Elder Scrolls III: Morrowind
The Elder Scrolls IV: Oblivion
The KMPlayer (remove only)
The Walking Dead: Season Two
The Witcher Alchemy Mod
The Wolf Among Us
Thumbplug TGA
Tower Torneos Poker
TSLRCM 1.6
Turbo Gear Extreme
Unrest version 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956096) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
VC80CRTRedist - 8.0.50727.6195
Warsaw 1.3.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinDS PRO 2010.9.07 (Philippe)
WinFlash
Wireless Console 3
WTFast 2.11
Ys Chronicles Plus II (c) Xseed version 1
.
==== Event Viewer Messages From Past Week ========
.
12/02/2015 19:27:18, Error: Service Control Manager [7000] - The bdfwfpf service failed to start due to the following error: The system cannot find the file specified.
12/02/2015 17:10:54, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/02/2015 17:05:22, Error: Service Control Manager [7022] - The NetLimiter 3 Service service hung on starting.
12/02/2015 17:03:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.
12/02/2015 17:02:44, Error: Microsoft-Windows-Time-Service [4] - The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)
12/02/2015 08:26:22, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/02/2015 03:20:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/02/2015 03:20:29, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/02/2015 23:29:57, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
11/02/2015 23:11:50, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
11/02/2015 21:00:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/02/2015 19:59:08, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
10/02/2015 06:18:38, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105.
10/02/2015 03:52:33, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================
Castilho
Active Member
 
Posts: 2
Joined: February 12th, 2015, 5:36 pm
Advertisement
Register to Remove

Re: Help with Malware

Unread postby Gary R » February 15th, 2015, 2:22 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with Malware

Unread postby Gary R » February 15th, 2015, 2:25 am

Hi Castilho,

You say you use your computer to work from home. Can you tell me please if you use it to interface with your place of work, by which I mean do you at any time connect it to your work's network ?

Do you have any customer data stored on your computer ?

Also, can you please run the following scans for me ...


  • Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the programme.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
  • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply please.

And then ...

Download CKScanner to your Desktop.
  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
  • Please run the program once only.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with Malware

Unread postby Castilho » February 15th, 2015, 5:23 pm

Thanks for your help, Gary. I do not have any customer data or confidential documents in my PC. Also I do not work with a company.

Below, the logs. Again, thank you.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
Windows Product ID: 00359-OEM-8992687-00007
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {3A62853D-2096-476B-9F5C-1E175968BD10}(2)
Is Admin: No
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150113-1808
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
Microsoft Office Home and Student 2007 - 101 Not Activated
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3A62853D-2096-476B-9F5C-1E175968BD10}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-3275748955-1752506241-411057531</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>G72GX</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0401 </Version><SMBIOSVersion major="2" minor="4"/><Date>20091016000000.000000+000</Date></BIOS><HWID>74B93F07018400F8</HWID><UserLCID>0416</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. South America Standard Time(GMT-03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65093</Pid><PidType>14</PidType></Product><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>101</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>7B346FE747BB70E</Val><Hash>PxJQkgQsrWdg+R2ep+lnGj0uQSQ=</Hash><Pid>81602-903-6966942-68365</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
Installation ID: 097880176605614972158330530106293896217763574414925726
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 9YQTR
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 15/02/2015 19:10:04

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:14:2014 20:03
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAQABAAAAAwABAAEAonasbmyAK3S+vBiwcKjkQpz0jM6N7+oncOIiEHpDRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A_M_I_ OEMAPIC
FACP A_M_I_ OEMFACP
HPET A_M_I_ OEMHPET
MCFG A_M_I_ OEMMCFG
SLIC _ASUS_ Notebook
OEMB A_M_I_ AMI_OEM
OSFR A_M_I_ OEMOSFR
SSDT PmRef CpuPm



CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\bethesda softworks\morrowind\data files\meshes\weapons\pf_crackhammer.nif
c:\program files (x86)\bethesda softworks\morrowind\data files\textures\pf_crackhammer.dds
c:\program files (x86)\bethesda softworks\morrowind\data files\textures\tx_crackedplaster00.dds
c:\program files (x86)\bethesda softworks\morrowind\data files\textures\tx_ma_crackedearth.dds
c:\program files (x86)\bethesda softworks\morrowind\data files\textures\tx_ma_crackedearth01.dds
c:\program files (x86)\bethesda softworks\morrowind\data files\textures\tx_ma_crackedearth03.dds
c:\program files (x86)\black isle\torment\tormentcrack.exe
c:\program files (x86)\desura\common\miner-warfare\content\cracks.xnb
c:\program files (x86)\ebookconverter\epub converter\lib\bnkeygen.py
c:\program files (x86)\ebookconverter\epub converter\lib\bnkeygen.pyc
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\maps\cs_crackhouse.bsp
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\maps\cs_crackhouse.nav
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\maps\cs_crackhouse_fmk.bsp
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\maps\cs_crackhouse_fmk.nav
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\maps\cs_crackhouse_xz_5.bsp
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\maps\cs_crackhouse_xz_5.nav
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\maps\de_crackhouse.bsp
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\maps\de_crackhouse.nav
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\screenshots\cs_crackhouse_fmk0012.tga
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\screenshots\cs_crackhouse_xz_50000.tga
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\screenshots\de_crackhouse0000.tga
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\screenshots\de_crackhouse0008.tga
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\screenshots\de_crackhouse0017.tga
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\screenshots\de_crackhouse0019.tga
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\dundefenvironment7.texture.stonewall_crackedbottom_tower.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\dundefenvironment7.texture.stonewall_crackedbottom_tower.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\dundefvfx.textures.lavacracks_o.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\dundefvfx.textures.lavacracks_o.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\dundef_jordan_atlantis2.tombset.crackedstonefloor.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\dundef_jordan_atlantis2.tombset.crackedstonefloor.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\dundef_jordan_atlantis2.tombset.crackedstonefloor_n.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\dundef_jordan_atlantis2.tombset.crackedstonefloor_n.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jesus_mines2.textures.lavacracks_e.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jesus_mines2.textures.lavacracks_e.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jesus_mines2.textures.lavacracks_nm.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jesus_mines2.textures.lavacracks_nm.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jesus_mines2.textures.lavacracks_o.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jesus_mines2.textures.lavacracks_o.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jesus_mines2.textures.lavacracks_opac.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jesus_mines2.textures.lavacracks_opac.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jordans_royalgarden_assets3.texture.stonewall_crackedbottom.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jordans_royalgarden_assets3.texture.stonewall_crackedbottom.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jordans_royalgarden_assets3.texture.stonewall_crackedbottom_nrm.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jordans_royalgarden_assets3.texture.stonewall_crackedbottom_nrm.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jordans_royalgarden_assets3.texture.stonewall_crackedbottom_spec.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\jordans_royalgarden_assets3.texture.stonewall_crackedbottom_spec.tfc.info
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\newdundef_base_collection_fx.textures.shieldcrack.tfc
c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternity\udkgame\cookedpcconsole\newdundef_base_collection_fx.textures.shieldcrack.tfc.info
c:\program files (x86)\steam\steamapps\common\how to survive\island_06\assets\puit01_\compiled\puit01_crack01.mat
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked01.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked02.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked03.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked04.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked05.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_decor_wallcrack01.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_ground_groundcrack01.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_ground_groundcrack02.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks01.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks02.pb.bytes
c:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks03.pb.bytes
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 www.adobeereg.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
scanner sequence 3.ZZ.11.KINACZ
----- EOF -----
Castilho
Active Member
 
Posts: 2
Joined: February 12th, 2015, 5:36 pm

Re: Help with Malware

Unread postby Gary R » February 16th, 2015, 2:14 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 132 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware