Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help, not sure if virus is the problem, is re-install necessary?


  • This topic is locked This topic is locked
28 replies to this topic

#1 Milla-Bach

Milla-Bach

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 04:47 AM

Hello, I am unsure of what is going on with my system, I have Windows 7 64-bit Home Premium Sp1 on Dell Inspiron 530s. This was not running Windows 7 when I received it a few months ago. After I installed Windows 7 it seemed to be fine until now??? I know that something is not right, just not sure if a virus might be causing problems or if it is something else. Any advise/help would be much appreciated. Thank you.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by MILLA (administrator) on MARA-PC on 10-02-2015 03:32:41
Running from C:\Users\MILLA\Desktop
Loaded Profiles: MILLA (Available profiles: MARA & MILLA)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1686480 2014-12-17] (Bitdefender)
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3290119370-742891325-88322259-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2014-11-25] (Bitdefender)
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3290119370-742891325-88322259-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3290119370-742891325-88322259-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3290119370-742891325-88322259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\MILLA\AppData\Roaming\Mozilla\Firefox\Profiles\iax09hwq.default
FF DefaultSearchEngine: Google
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @update.safer.com/Safer Update;version=9 -> C:\Program Files (x86)\Safer Technologies\Update\1.3.23.33\npSaferUpdate3.dll No File
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-02-06]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-02-06]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 
Chrome: 
=======
CHR Profile: C:\Users\MILLA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\MILLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MILLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-09]
CHR Extension: (YouTube) - C:\Users\MILLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09]
CHR Extension: (Google Search) - C:\Users\MILLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-09]
CHR Extension: (Google Wallet) - C:\Users\MILLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR Extension: (Gmail) - C:\Users\MILLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S4 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064880 2015-02-04] ()
S4 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S4 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
S4 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S4 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
S4 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S4 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
S2 vsserv; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2014-12-15] (Bitdefender)
S4 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-02-06] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-09-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-10-03] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2014-12-02] (BitDefender SRL)
S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2014-08-07] (CrystalIdea Software)
S3 cleanhlp; C:\EEK\BIN\cleanhlp64.sys [57024 2015-02-06] (Emsisoft GmbH)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2014-10-22] (BitDefender LLC)
S3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-06] ()
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esihdrv; \??\C:\Users\MARA\AppData\Local\Temp\esihdrv.sys [X]
U2 KillEmAllPlusService; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 03:32 - 2015-02-10 03:33 - 00010990 _____ () C:\Users\MILLA\Desktop\FRST.txt
2015-02-10 03:31 - 2015-02-10 03:32 - 00000000 ____D () C:\FRST
2015-02-10 03:30 - 2015-02-10 03:31 - 02132992 _____ (Farbar) C:\Users\MILLA\Desktop\FRST64.exe
2015-02-10 03:10 - 2015-02-10 03:10 - 00401920 _____ (Farbar) C:\Users\MILLA\Desktop\MiniToolBox (1).exe
2015-02-10 02:33 - 2015-02-10 02:33 - 00013945 _____ () C:\Users\MILLA\Desktop\Result.minitool.txt
2015-02-10 02:26 - 2015-02-10 03:11 - 00015354 _____ () C:\Users\MILLA\Desktop\Result.txt
2015-02-10 02:23 - 2015-02-10 02:23 - 00401920 _____ (Farbar) C:\Users\MILLA\Desktop\MiniToolBox.exe
2015-02-10 02:12 - 2015-02-10 02:12 - 00000056 _____ () C:\Windows\setupact.log
2015-02-10 02:12 - 2015-02-10 02:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 02:03 - 2015-02-10 02:03 - 00000829 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-02-10 02:03 - 2015-02-10 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-02-10 02:03 - 2015-02-10 02:03 - 00000000 ____D () C:\Program Files\CPUID
2015-02-10 02:02 - 2015-02-10 02:02 - 00000919 _____ () C:\Users\MILLA\Desktop\TechPowerUp GPU-Z.lnk
2015-02-10 02:02 - 2015-02-10 02:02 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-02-10 02:02 - 2015-02-10 02:02 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2015-02-10 02:01 - 2015-02-10 02:01 - 01710888 _____ (techPowerUp (www.techpowerup.com)) C:\Users\MILLA\Desktop\GPU-Z.0.8.1.exe
2015-02-10 01:58 - 2015-02-10 01:58 - 01577464 _____ ( ) C:\Users\MILLA\Desktop\cpu-z_1.71.1-en.exe
2015-02-10 01:36 - 2015-02-10 01:36 - 00002088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-02-10 01:36 - 2015-02-10 01:36 - 00002076 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2015-02-10 01:36 - 2015-02-10 01:36 - 00000000 ____D () C:\Program Files (x86)\Belarc
2015-02-10 01:35 - 2015-02-10 01:35 - 03683312 _____ () C:\Users\MILLA\Desktop\advisorinstaller.exe
2015-02-10 01:31 - 2015-02-10 01:31 - 00000756 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-02-10 01:31 - 2015-02-10 01:31 - 00000000 ____D () C:\Program Files\Speccy
2015-02-10 01:30 - 2015-02-10 01:30 - 05135288 _____ (Piriform Ltd) C:\Users\MILLA\Desktop\spsetup128 (1).exe
2015-02-10 01:26 - 2015-02-10 03:01 - 00049228 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 00:22 - 2015-02-10 00:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 00:20 - 2015-02-10 00:20 - 20447176 _____ (Malwarebytes Corporation ) C:\Users\MILLA\Desktop\mbam-setup.exe
2015-02-09 20:47 - 2015-02-10 02:11 - 00000688 _____ () C:\Windows\PFRO.log
2015-02-09 20:23 - 2015-02-09 20:23 - 00000000 ____D () C:\Users\MILLA\AppData\Local\Innovative Solutions
2015-02-09 16:13 - 2015-02-09 16:13 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-09 16:13 - 2015-02-09 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-09 16:12 - 2015-02-09 16:13 - 00000000 ____D () C:\Users\MILLA\AppData\Local\Google
2015-02-09 15:33 - 2011-05-09 16:13 - 00001409 _____ () C:\Users\MILLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-09 15:32 - 2015-02-09 15:32 - 00326484 _____ () C:\Users\MILLA\Desktop\win7-x64-sm-reset.exe
2015-02-08 05:13 - 2015-02-08 05:13 - 00165376 _____ () C:\Users\MILLA\Desktop\SystemLook_x64.exe
2015-02-08 05:09 - 2015-02-08 05:09 - 00852594 _____ () C:\Users\MILLA\Desktop\SecurityCheck.exe
2015-02-08 01:54 - 2015-02-08 01:54 - 00000252 _____ () C:\Windows\Tasks\RunUninstallTool_SkipUac.job
2015-02-08 01:54 - 2015-02-08 01:54 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\CrystalIdea Software
2015-02-08 01:54 - 2015-02-08 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool
2015-02-08 01:54 - 2015-02-08 01:54 - 00000000 ____D () C:\Program Files\Uninstall Tool
2015-02-08 01:54 - 2014-08-07 02:08 - 00033360 _____ (CrystalIdea Software) C:\Windows\system32\Drivers\CisUtMonitor.sys
2015-02-08 01:33 - 2015-02-08 01:40 - 00000000 ____D () C:\Users\MILLA\Desktop\d7
2015-02-08 01:08 - 2015-02-08 01:08 - 00000000 ____D () C:\Users\MARA\AppData\Local\EmieUserList
2015-02-08 01:08 - 2015-02-08 01:08 - 00000000 ____D () C:\Users\MARA\AppData\Local\EmieSiteList
2015-02-08 01:08 - 2015-02-08 01:08 - 00000000 ____D () C:\Users\MARA\AppData\Local\EmieBrowserModeList
2015-02-08 00:41 - 2015-02-08 00:41 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-02-07 19:53 - 2015-02-07 19:53 - 00913408 ____N (Microsoft Corporation) C:\Users\MARA\Desktop\mssstool64.exe
2015-02-07 19:06 - 2015-02-07 19:06 - 00001728 ____N () C:\Users\MARA\Desktop\Google Earth Pro - Shortcut.lnk
2015-02-07 19:02 - 2015-02-07 18:34 - 02872256 ____N (Innovative Solutions ) C:\Users\MARA\Documents\advanced_task_manager.exe
2015-02-07 18:53 - 2015-02-07 18:53 - 00001106 ____N () C:\Users\MARA\Desktop\Advanced Task Manager.lnk
2015-02-07 18:53 - 2015-02-07 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Task Manager
2015-02-07 18:39 - 2015-02-10 02:12 - 00000340 _____ () C:\Windows\Tasks\Health-Check-auto.job
2015-02-07 18:39 - 2015-02-07 20:27 - 00000342 _____ () C:\Windows\Tasks\Health-Check-deep.job
2015-02-07 18:39 - 2015-02-07 20:27 - 00000334 _____ () C:\Windows\Tasks\Health-Check.job
2015-02-07 18:39 - 2015-02-07 18:53 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions
2015-02-07 18:39 - 2015-02-07 18:39 - 00002916 _____ () C:\Windows\System32\Tasks\Health-Check-deep
2015-02-07 18:39 - 2015-02-07 18:39 - 00002908 _____ () C:\Windows\System32\Tasks\Health-Check
2015-02-07 18:39 - 2015-02-07 18:39 - 00002612 _____ () C:\Windows\System32\Tasks\Health-Check-auto
2015-02-07 18:39 - 2015-02-07 18:39 - 00001597 ____N () C:\Users\MARA\Desktop\Advanced Uninstaller PRO 11.lnk
2015-02-07 18:39 - 2015-02-07 18:39 - 00001481 _____ () C:\Users\MILLA\Desktop\Advanced Uninstaller PRO 11.lnk
2015-02-07 18:39 - 2015-02-07 18:39 - 00000000 ____D () C:\Users\MARA\AppData\Local\Innovative Solutions
2015-02-07 18:39 - 2015-02-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2015-02-07 18:39 - 2015-02-07 18:39 - 00000000 ____D () C:\ProgramData\Innovative Solutions
2015-02-07 18:39 - 2014-03-07 09:25 - 00042496 _____ () C:\Windows\SysWOW64\AdvUninstCPL.cpl
2015-02-07 18:33 - 2015-02-07 18:33 - 18186904 ____N (Innovative Solutions ) C:\Users\MARA\Documents\Advanced_Uninstaller11.exe
2015-02-07 18:16 - 2015-02-09 15:47 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-07 18:09 - 2015-02-07 18:09 - 00001037 ____N () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-02-07 18:09 - 2015-02-07 18:09 - 00000000 ____D () C:\Users\MARA\AppData\Local\VS Revo Group
2015-02-07 18:08 - 2015-02-07 18:08 - 10801480 ____N (VS Revo Group ) C:\Users\MARA\Documents\RevoUninProSetup.exe
2015-02-07 18:04 - 2015-02-07 18:10 - 00000000 ____D () C:\Users\MARA\AppData\Local\Mozilla
2015-02-07 17:53 - 2015-02-07 17:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-07 17:47 - 2015-02-09 16:06 - 00000000 ____D () C:\Qoobox
2015-02-07 17:44 - 2015-02-07 17:44 - 00000385 _____ () C:\Users\MARA\AppData\Roaminguser_gensett.xml
2015-02-07 17:43 - 2015-02-07 17:49 - 00000000 ____D () C:\Users\MARA\AppData\Roaming\Bitdefender
2015-02-07 03:50 - 2015-02-07 03:50 - 00000000 ____D () C:\Users\Default
2015-02-07 03:27 - 2015-02-07 03:27 - 03717824 _____ (CrystalIdea Software ) C:\Users\MILLA\Documents\uninstalltool_setup.exe
2015-02-07 02:58 - 2015-02-07 02:58 - 10318832 ____N () C:\Users\MILLA\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-02-07 00:45 - 2015-02-07 00:45 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-07 00:43 - 2015-02-07 00:43 - 00000385 _____ () C:\Users\MILLA\AppData\Roaminguser_gensett.xml
2015-02-07 00:41 - 2015-02-07 00:41 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-02-06 22:40 - 2015-02-06 22:45 - 00000682 ____H () C:\bdr-cf01
2015-02-06 22:40 - 2015-02-06 22:40 - 00002078 ____N () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2015-02-06 22:39 - 2015-02-07 02:48 - 00000000 ____D () C:\ProgramData\BDLogging
2015-02-06 22:39 - 2015-02-06 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-02-06 22:39 - 2015-02-06 22:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-06 22:39 - 2014-12-02 16:40 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-02-06 22:39 - 2014-12-02 16:37 - 00074000 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2015-02-06 22:39 - 2014-10-03 20:11 - 00263032 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-06 22:39 - 2014-09-25 15:57 - 01288472 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-06 22:39 - 2014-05-16 13:04 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-06 22:39 - 2013-11-13 15:41 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-02-06 22:39 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-02-06 22:39 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-06 22:39 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-02-06 22:38 - 2015-02-07 02:30 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\Bitdefender
2015-02-06 22:37 - 2015-02-06 22:40 - 00253404 ____H () C:\bdr-ld01
2015-02-06 22:37 - 2015-02-06 22:40 - 00009216 ____H () C:\bdr-ld01.mbr
2015-02-06 22:37 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz
2015-02-06 22:37 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2015-02-06 22:35 - 2015-02-06 22:41 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-02-06 22:35 - 2014-12-02 16:37 - 00084336 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2015-02-06 22:35 - 2014-12-02 13:37 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2015-02-06 22:35 - 2014-10-22 09:29 - 00155912 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-02-06 22:35 - 2014-10-15 16:14 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-02-06 22:32 - 2015-02-06 22:37 - 00000000 ____D () C:\Program Files\Bitdefender
2015-02-06 22:31 - 2015-02-06 22:35 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-02-06 22:31 - 2015-02-06 22:31 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\QuickScan
2015-02-06 22:26 - 2015-02-06 22:30 - 02867616 ____N () C:\Users\MILLA\Desktop\bitdefender_tsecurity.exe
2015-02-06 21:55 - 2015-02-06 21:55 - 11231944 ____N (ESET) C:\Users\MILLA\Desktop\avremover_nt64_enu.exe
2015-02-06 21:55 - 2015-02-06 21:55 - 03757728 ____N (ESET) C:\Users\MILLA\Desktop\SysInspector.exe
2015-02-06 20:57 - 2015-02-06 20:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-06 19:24 - 2015-02-06 19:25 - 00000000 ____D () C:\Users\MILLA\Documents\d7II
2015-02-06 19:24 - 2015-02-06 19:24 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll
2015-02-06 19:24 - 2015-02-06 19:24 - 00000000 ____D () C:\Support
2015-02-06 19:24 - 2014-08-18 11:17 - 00265376 ____N (Foolish IT LLC) C:\Users\MILLA\Desktop\BootSafe.exe
2015-02-06 19:06 - 2015-02-06 19:06 - 05135288 ____N (Piriform Ltd) C:\Users\MILLA\Desktop\spsetup128.exe
2015-02-06 19:01 - 2015-02-06 19:01 - 00000782 ____N () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-06 19:01 - 2015-02-06 19:01 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-06 15:48 - 2015-02-06 15:48 - 170191752 ____N () C:\Users\MILLA\Documents\EmsisoftEmergencyKit.exe
2015-02-06 11:24 - 2015-02-06 11:27 - 00000000 ____D () C:\EEK
2015-02-06 11:24 - 2015-02-06 11:24 - 00000743 ____N () C:\Users\MILLA\Desktop\Start Emsisoft Emergency Kit.lnk
2015-02-06 11:05 - 2015-02-06 11:11 - 00002806 ____N () C:\Users\MILLA\Desktop\unhide.txt
2015-02-06 10:40 - 2015-02-06 10:40 - 00288563 _____ () C:\Users\MILLA\AppData\Local\census.cache
2015-02-06 10:40 - 2015-02-06 10:40 - 00128831 _____ () C:\Users\MILLA\AppData\Local\ars.cache
2015-02-06 10:36 - 2015-02-06 10:36 - 00000010 _____ () C:\Users\MILLA\AppData\Local\sponge.last.runtime.cache
2015-02-06 09:54 - 2015-02-06 09:55 - 170191752 _____ () C:\Users\MILLA\Desktop\EmsisoftEmergencyKit.exe
2015-02-06 08:42 - 2015-02-06 08:42 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\SUPERAntiSpyware.com
2015-02-06 08:17 - 2015-02-06 08:17 - 07792813 _____ () C:\Users\MILLA\Documents\d7.zip
2015-02-06 08:00 - 2015-02-06 08:00 - 02398079 ____N () C:\Users\MILLA\Desktop\d7II_Core_v3.zip
2015-02-06 07:50 - 2015-02-06 07:50 - 05325208 ____N (Piriform Ltd) C:\Users\MILLA\Desktop\ccsetup502.exe
2015-02-06 06:56 - 2015-02-07 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-02-06 06:56 - 2015-02-06 06:56 - 00000000 ____D () C:\Users\MILLA\AppData\Local\VS Revo Group
2015-02-06 06:56 - 2015-02-06 06:56 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-02-06 06:56 - 2015-02-06 06:56 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-06 06:56 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-02-06 06:52 - 2015-02-06 06:52 - 10801480 ____N (VS Revo Group ) C:\Users\MILLA\Desktop\RevoUninProSetup.exe
2015-02-06 06:50 - 2015-02-09 15:55 - 05611930 ____R (Swearware) C:\Users\MILLA\Desktop\ComboFix.exe
2015-02-06 06:42 - 2015-02-06 06:42 - 01943800 ____N (Bleeping Computer, LLC) C:\Users\MILLA\Desktop\rkill.scr
2015-02-05 08:01 - 2015-02-05 08:02 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\Mozilla
2015-02-05 08:01 - 2015-02-05 08:02 - 00000000 ____D () C:\Users\MILLA\AppData\Local\Mozilla
2015-02-05 08:00 - 2015-02-05 08:00 - 00000000 ____D () C:\Users\MILLA\AppData\Local\VirtualStore
2015-02-03 09:10 - 2015-02-03 09:10 - 00000000 __SHD () C:\Users\MILLA\AppData\Local\EmieUserList
2015-02-03 09:10 - 2015-02-03 09:10 - 00000000 __SHD () C:\Users\MILLA\AppData\Local\EmieSiteList
2015-02-03 09:10 - 2015-02-03 09:10 - 00000000 __SHD () C:\Users\MILLA\AppData\Local\EmieBrowserModeList
2015-02-03 09:09 - 2015-02-03 09:09 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\Adobe
2015-02-03 05:44 - 2015-02-03 05:44 - 00058408 _____ () C:\Users\MILLA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-03 04:10 - 2015-02-09 15:33 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-03 04:10 - 2015-02-09 15:33 - 00000000 ____D () C:\Users\MILLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-03 04:10 - 2015-02-06 18:33 - 00000000 ____D () C:\Users\MILLA
2015-02-03 04:10 - 2015-02-03 04:10 - 00000020 ___SH () C:\Users\MILLA\ntuser.ini
2015-02-03 04:10 - 2011-05-09 16:13 - 00001443 _____ () C:\Users\MILLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 14:42 - 2015-02-02 14:42 - 58130592 ____N (Microsoft Corporation) C:\Users\MARA\Desktop\EIE11_EN-US_WOL_WIN764(1).EXE
2015-02-01 17:53 - 2015-02-01 17:53 - 00000000 ____D () C:\Windows\pss
2015-02-01 16:19 - 2015-02-01 16:19 - 01056768 _____ () C:\Windows\sectest.db
2015-02-01 09:46 - 2015-02-01 09:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-01 09:06 - 2015-02-01 09:06 - 02023848 ____N (WiseCleaner.com ) C:\Users\MARA\Documents\WPUSetup.exe
2015-02-01 07:34 - 2015-02-07 18:12 - 00000000 ____D () C:\Program Files (x86)\MRU-Blaster
2015-02-01 07:30 - 2015-02-01 07:30 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-01 07:30 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-02-01 07:30 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-02-01 06:54 - 2012-07-30 11:14 - 00031616 _____ () C:\Windows\system32\FoolishEventLogMsgHelper.dll
2015-02-01 06:00 - 2015-02-01 06:00 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2015-02-01 06:00 - 2015-02-01 06:00 - 00000000 ____D () C:\Windows\system32\msmq
2015-02-01 06:00 - 2015-02-01 06:00 - 00000000 ____D () C:\Windows\system32\BestPractices
2015-02-01 06:00 - 2015-02-01 06:00 - 00000000 ____D () C:\inetpub
2015-02-01 05:44 - 2015-02-01 05:44 - 00001052 ____N () C:\Users\MARA\Documents\LEGACY_SPLDR.reg
2015-02-01 02:09 - 2014-08-18 14:17 - 00265376 ____N (Foolish IT LLC) C:\Users\MARA\Desktop\BootSafe.exe
2015-02-01 01:03 - 2015-02-01 01:03 - 00000000 ____D () C:\Windows\CheckSur
2015-02-01 00:56 - 2015-02-01 00:56 - 02077392 ____N (Microsoft Corporation) C:\Users\MARA\Desktop\IE11-Windows6.1.exe
2015-02-01 00:01 - 2015-02-01 00:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2015-01-31 22:19 - 2015-01-31 22:19 - 00347816 ____N (Microsoft Corporation) C:\Users\MARA\Documents\MicrosoftFixit.WinSecurity.Run.exe
2015-01-31 21:57 - 2015-01-31 21:57 - 00960688 ____N (Adobe Systems Incorporated) C:\Users\MARA\Documents\uninstall_flash_player.exe
2015-01-31 21:42 - 2015-01-31 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2015-01-31 21:41 - 2015-01-31 21:41 - 00880784 ____N (Google Inc.) C:\Users\MARA\Documents\GoogleEarthProSetup.exe
2015-01-31 13:25 - 2015-01-31 13:25 - 18126512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-27 08:52 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-27 08:52 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-27 08:52 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-27 08:52 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-27 07:44 - 2015-01-27 07:44 - 00003116 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay
2015-01-27 04:59 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-27 04:58 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-27 04:58 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-27 04:58 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-27 04:58 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-27 04:58 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-27 04:58 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-27 04:58 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-27 04:58 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 21:32 - 2015-01-13 21:34 - 00000000 ____D () C:\Users\MARA\Documents\ICON SETUPS
2015-01-13 21:31 - 2015-01-13 21:32 - 00000000 ____D () C:\Users\MARA\Documents\PDF
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 03:02 - 2015-01-02 21:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 03:02 - 2009-07-13 22:45 - 00027920 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 03:01 - 2009-07-13 22:45 - 00027920 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 02:18 - 2009-07-13 23:13 - 00889200 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 02:12 - 2015-01-02 21:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 02:12 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 20:40 - 2009-07-13 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-09 16:13 - 2015-01-02 21:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-09 16:03 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-09 15:33 - 2009-07-13 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-09 15:33 - 2009-07-13 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-07 18:46 - 2014-12-16 18:12 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-06 22:38 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-06 20:57 - 2014-12-31 04:49 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-06 18:35 - 2014-12-16 06:41 - 00000000 ____D () C:\Users\MARA
2015-02-06 06:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-05 13:57 - 2015-01-02 21:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 13:57 - 2015-01-02 21:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 10:59 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-05 07:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\spool
2015-02-03 04:10 - 2009-07-13 22:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-01 18:45 - 2014-12-31 04:30 - 00000000 ____D () C:\Users\MARA\Desktop\d7
2015-02-01 16:59 - 2014-12-31 06:52 - 00000042 _____ () C:\Windows\system32\tempreg.bat
2015-02-01 16:59 - 2009-07-13 20:34 - 00000439 _____ () C:\Windows\win.ini
2015-02-01 16:05 - 2014-12-17 21:31 - 00889072 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-01 15:59 - 2014-12-31 04:37 - 00000638 _____ () C:\Windows\system32\zerobyte_files_deleted.txt
2015-02-01 15:59 - 2014-12-31 04:37 - 00000512 _____ () C:\Windows\zerobyte_files_deleted.txt
2015-02-01 12:25 - 2014-12-29 04:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-01 07:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-01 06:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-02-01 06:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-31 23:30 - 2014-12-18 22:25 - 00000000 ____D () C:\NPE
2015-01-31 13:26 - 2014-12-16 18:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 13:25 - 2014-12-16 17:08 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
 
==================== Files in the root of some directories =======
 
2015-02-06 10:40 - 2015-02-06 10:40 - 0128831 _____ () C:\Users\MILLA\AppData\Local\ars.cache
2015-02-06 10:40 - 2015-02-06 10:40 - 0288563 _____ () C:\Users\MILLA\AppData\Local\census.cache
2015-02-06 10:36 - 2015-02-06 10:36 - 0000010 _____ () C:\Users\MILLA\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-05 10:51
 
==================== End Of Log ============================Attached File  Addition.txt   24.57KB   0 downloads


BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 AM

Posted 10 February 2015 - 06:51 AM

:welcome:

Hello Milla-Bach,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 07:06 AM

Hi Jo, Thanks for helping me and here are the results of Security Check

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Disabled!  
Bitdefender Antivirus   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Mozilla Firefox (35.0.1) 
 Google Chrome (40.0.2214.111) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 


#4 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 07:36 AM

Results of Malwarebytes Anti-Rootkit

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17501
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2136133632, free: 1396297728
 
Downloaded database version: v2015.02.10.07
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     02/10/2015 06:09:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\e1e6032e.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\KMWDFILTER.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\oleaut32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\lpk.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.02.10.07
  rootkit: v2015.02.03.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002751060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002751b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002751060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002234e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002241680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C
 
Partition information:
 
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 96327
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 96390  Numsec = 618486435
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 618582825  Numsec = 6554520
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800324b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800324b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800324b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003250750, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8003266060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003266b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003266060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800324c060, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8003269060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003269b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003269060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800324d060, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8003268060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003268b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003268060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003267060, DeviceName: \Device\0000006a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-96390-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


#5 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 07:42 AM

Results from AdwCleaner

 

# AdwCleaner v4.110 - Logfile created 10/02/2015 at 06:39:06
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : MILLA - MARA-PC
# Running from : C:\Users\MILLA\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.111
 
*************************
 
AdwCleaner[R0].txt - [652 bytes] - [10/02/2015 06:39:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [710 bytes] ##########


#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 AM

Posted 10 February 2015 - 07:45 AM

why is your Boot Mode: Safe Mode ?

Can you boot in normal mode?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 12:29 PM

I can boot in normal mode, it just takes longer than what it use to so I use safe mode until I know for sure that my system is not infected with a virus.



#8 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 AM

Posted 10 February 2015 - 12:38 PM

Hello Milla-Bach,

please boot in normal mode, before we run the next tools.
 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs



***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

***


On your Desktop:
Now please go to the MBAR folder and then run the "fixdamage.exe" tool that's inside the mbar\plugins\ sub-folder.

Restart the system after running fixdamage.

Run Farbar Service Scanner again and post the log.
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 01:17 PM

ComboFix 15-02-09.01 - MILLA 02/10/2015  12:07:02.16.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2037.1032 [GMT -6:00]
Running from: c:\users\MILLA\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1423576065.bdinstall.bin
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-10 to 2015-02-10  )))))))))))))))))))))))))))))))
.
.
2015-02-10 18:13 . 2015-02-10 18:13 -------- d-----w- c:\users\MARA\AppData\Local\temp
2015-02-10 13:58 . 2015-02-10 13:58 33360 ----a-w- c:\windows\system32\bdsandboxuh.dll
2015-02-10 13:48 . 2013-08-13 19:38 3271472 ---ha-w- C:\bdr-bz01
2015-02-10 13:48 . 2014-10-15 22:14 452040 ----a-w- c:\windows\system32\drivers\trufos.sys
2015-02-10 13:48 . 2014-10-22 15:29 155912 ----a-w- c:\windows\system32\drivers\gzflt.sys
2015-02-10 13:16 . 2015-02-10 13:16 74000 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2015-02-10 13:16 . 2015-02-10 13:16 677104 ----a-w- c:\windows\system32\drivers\avckf.sys
2015-02-10 12:38 . 2015-02-10 12:40 -------- d-----w- C:\AdwCleaner
2015-02-10 12:09 . 2015-02-10 12:33 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-10 12:09 . 2015-02-10 12:09 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-10 12:08 . 2015-02-10 12:08 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-10 11:29 . 2015-02-10 11:29 -------- d-----w- c:\program files\Microsoft Silverlight
2015-02-10 11:29 . 2015-02-10 11:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-02-10 11:04 . 2015-02-10 11:05 -------- d-----w- c:\program files (x86)\SpywareBlaster
2015-02-10 10:09 . 2015-02-10 10:09 -------- d-----w- c:\windows\SysWow64\AdvancedInstallers
2015-02-10 10:09 . 2015-02-10 10:09 -------- d-----w- c:\windows\Downloaded Program Files
2015-02-10 09:31 . 2015-02-10 09:34 -------- d-----w- C:\FRST
2015-02-10 07:36 . 2015-02-10 07:36 -------- d-----w- c:\program files (x86)\Belarc
2015-02-10 06:22 . 2015-02-10 12:09 -------- d-----w- c:\programdata\Malwarebytes
2015-02-08 07:54 . 2014-08-07 08:08 33360 ----a-w- c:\windows\system32\drivers\CisUtMonitor.sys
2015-02-08 07:54 . 2015-02-08 07:54 -------- d-----w- c:\program files\Uninstall Tool
2015-02-08 07:08 . 2015-02-08 07:08 -------- d-----w- c:\users\MARA\AppData\Local\EmieUserList
2015-02-08 07:08 . 2015-02-08 07:08 -------- d-----w- c:\users\MARA\AppData\Local\EmieSiteList
2015-02-08 07:08 . 2015-02-08 07:08 -------- d-----w- c:\users\MARA\AppData\Local\EmieBrowserModeList
2015-02-08 06:41 . 2015-02-08 06:41 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2015-02-08 00:39 . 2015-02-08 00:39 -------- d-----w- c:\users\MARA\AppData\Local\Innovative Solutions
2015-02-08 00:39 . 2015-02-08 00:39 -------- d-----w- c:\programdata\Innovative Solutions
2015-02-08 00:39 . 2014-03-07 15:25 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2015-02-08 00:39 . 2015-02-08 00:53 -------- d-----w- c:\program files (x86)\Innovative Solutions
2015-02-08 00:09 . 2015-02-08 00:09 -------- d-----w- c:\users\MARA\AppData\Local\VS Revo Group
2015-02-08 00:08 . 2015-02-08 00:08 -------- d-----w- c:\users\MARA\AppData\Local\Programs
2015-02-08 00:04 . 2015-02-08 00:10 -------- d-----w- c:\users\MARA\AppData\Local\Mozilla
2015-02-07 23:43 . 2015-02-07 23:49 -------- d-----w- c:\users\MARA\AppData\Roaming\Bitdefender
2015-02-07 23:41 . 2015-02-08 07:08 -------- d-----w- c:\users\MARA\AppData\Local\Microsoft
2015-02-07 09:50 . 2015-02-07 09:50 -------- d-----w- c:\users\Default
2015-02-07 04:39 . 2009-07-14 20:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2015-02-07 04:39 . 2015-02-07 08:48 -------- d-----w- c:\programdata\BDLogging
2015-02-07 04:39 . 2012-04-17 20:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2015-02-07 04:39 . 2015-02-10 13:58 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2015-02-07 04:39 . 2014-12-02 22:37 74000 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll
2015-02-07 04:39 . 2013-11-13 21:41 93600 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2015-02-07 04:39 . 2007-04-11 17:11 511328 ----a-w- c:\windows\capicom.dll
2015-02-07 04:39 . 2015-02-10 13:16 262544 ----a-w- c:\windows\system32\drivers\avchv.sys
2015-02-07 04:39 . 2015-02-10 13:16 1306464 ----a-w- c:\windows\system32\drivers\avc3.sys
2015-02-07 04:35 . 2015-02-10 13:58 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2015-02-07 04:35 . 2015-02-10 13:53 -------- d-----w- c:\programdata\Bitdefender
2015-02-07 04:32 . 2015-02-10 13:48 -------- d-----w- c:\program files\Bitdefender
2015-02-07 04:31 . 2015-02-10 13:48 -------- d-----w- c:\program files\Common Files\Bitdefender
2015-02-07 02:57 . 2015-02-07 02:57 -------- d-----w- c:\programdata\RogueKiller
2015-02-07 01:24 . 2015-02-07 01:24 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2015-02-07 01:24 . 2015-02-07 01:24 -------- d-----w- C:\Support
2015-02-07 01:01 . 2015-02-10 10:09 -------- d-----w- c:\users\Public
2015-02-07 01:01 . 2015-02-07 01:01 -------- d-----w- c:\program files\CCleaner
2015-02-06 17:24 . 2015-02-06 17:27 -------- d-----w- C:\EEK
2015-02-06 12:56 . 2015-02-06 12:56 -------- d-----w- c:\programdata\VS Revo Group
2015-02-06 12:56 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-02-06 12:56 . 2015-02-06 12:56 -------- d-----w- c:\program files\VS Revo Group
2015-02-03 10:10 . 2015-02-10 17:15 -------- d-----w- c:\users\MILLA
2015-02-02 20:51 . 2015-02-07 09:51 -------- d-----w- c:\windows\system32\catroot2
2015-02-01 13:34 . 2015-02-08 00:12 -------- d-----w- c:\program files (x86)\MRU-Blaster
2015-02-01 13:30 . 2015-02-01 13:30 -------- d-----w- c:\programdata\Licenses
2015-02-01 13:30 . 2011-11-04 11:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2015-02-01 13:30 . 2009-03-24 18:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2015-02-01 12:54 . 2012-07-30 17:14 31616 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2015-02-01 12:03 . 2015-02-07 09:48 196608 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2015-02-01 12:00 . 2015-02-01 12:00 -------- d-----w- c:\windows\SysWow64\BestPractices
2015-02-01 12:00 . 2015-02-01 12:00 -------- d-----w- c:\windows\system32\BestPractices
2015-02-01 12:00 . 2015-02-10 16:00 -------- d-----w- C:\inetpub
2015-02-01 07:03 . 2015-02-01 07:03 -------- d-----w- c:\windows\CheckSur
2015-01-31 19:25 . 2015-01-31 19:25 18126512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-27 15:05 . 2014-12-15 12:13 11870360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3C41757-1D0C-4D20-92B3-2310B1E80C2E}\mpengine.dll
2015-01-27 14:52 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-27 14:52 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-27 14:52 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-27 14:52 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-27 10:59 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-27 10:58 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-27 10:58 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-27 10:58 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-27 10:58 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-27 10:58 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-27 10:58 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-27 10:58 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-27 10:58 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 02:57 . 2014-12-31 10:49 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-01 22:59 . 2014-12-31 12:52 42 ----a-w- c:\windows\system32\tempreg.bat
2014-12-17 01:49 . 2014-12-17 01:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-12-17 01:49 . 2014-12-17 01:49 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-12-17 01:49 . 2014-12-17 01:49 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-12-16 22:05 . 2014-12-16 22:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-12-16 22:05 . 2014-12-16 22:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-12-16 22:05 . 2014-12-16 22:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-12-16 22:05 . 2014-12-16 22:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-12-16 22:05 . 2014-12-16 22:05 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-12-16 22:05 . 2014-12-16 22:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-12-16 22:05 . 2014-12-16 22:05 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-12-16 22:05 . 2014-12-16 22:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-12-16 22:05 . 2014-12-16 22:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-12-16 22:05 . 2014-12-16 22:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-12-16 22:05 . 2014-12-16 22:05 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-12-16 22:05 . 2014-12-16 22:05 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-16 22:05 . 2014-12-16 22:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-12-16 22:05 . 2014-12-16 22:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-12-16 22:05 . 2014-12-16 22:05 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-12-16 22:05 . 2014-12-16 22:05 633856 ----a-w- c:\windows\system32\ieui.dll
2014-12-16 22:05 . 2014-12-16 22:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-12-16 22:05 . 2014-12-16 22:05 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-12-16 22:05 . 2014-12-16 22:05 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-12-16 22:05 . 2014-12-16 22:05 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-16 22:05 . 2014-12-16 22:05 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-12-16 22:05 . 2014-12-16 22:05 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-12-16 22:05 . 2014-12-16 22:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-12-16 22:05 . 2014-12-16 22:05 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-12-16 22:05 . 2014-12-16 22:05 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-12-16 22:05 . 2014-12-16 22:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-12-16 22:05 . 2014-12-16 22:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-12-16 22:05 . 2014-12-16 22:05 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-12-16 22:05 . 2014-12-16 22:05 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-12-16 22:05 . 2014-12-16 22:05 413696 ----a-w- c:\windows\system32\html.iec
2014-12-16 22:05 . 2014-12-16 22:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-12-16 22:05 . 2014-12-16 22:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-12-16 22:05 . 2014-12-16 22:05 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-12-16 22:05 . 2014-12-16 22:05 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-12-16 22:05 . 2014-12-16 22:05 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-12-16 22:05 . 2014-12-16 22:05 247808 ----a-w- c:\windows\system32\msls31.dll
2014-12-16 22:05 . 2014-12-16 22:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-12-16 22:05 . 2014-12-16 22:05 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-12-16 22:05 . 2014-12-16 22:05 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-12-16 22:05 . 2014-12-16 22:05 199680 ----a-w- c:\windows\system32\msrating.dll
2014-12-16 22:05 . 2014-12-16 22:05 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-12-16 22:05 . 2014-12-16 22:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-12-16 22:05 . 2014-12-16 22:05 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-12-16 22:05 . 2014-12-16 22:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-12-16 22:05 . 2014-12-16 22:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-12-16 22:05 . 2014-12-16 22:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-12-16 22:05 . 2014-12-16 22:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-12-16 22:05 . 2014-12-16 22:05 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-12-16 22:05 . 2014-12-16 22:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-12-16 22:05 . 2014-12-16 22:05 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-12-16 22:05 . 2014-12-16 22:05 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-12-16 22:05 . 2014-12-16 22:05 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-12-16 22:05 . 2014-12-16 22:05 81408 ----a-w- c:\windows\system32\icardie.dll
2014-12-16 22:05 . 2014-12-16 22:05 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-12-16 22:05 . 2014-12-16 22:05 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-12-16 22:05 . 2014-12-16 22:05 774144 ----a-w- c:\windows\system32\jscript.dll
2014-12-16 22:05 . 2014-12-16 22:05 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-12-16 22:05 . 2014-12-16 22:05 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-12-16 22:05 . 2014-12-16 22:05 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-12-16 22:05 . 2014-12-16 22:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-12-16 22:05 . 2014-12-16 22:05 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-12-16 22:05 . 2014-12-16 22:05 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-12-16 22:05 . 2014-12-16 22:05 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-12-16 22:05 . 2014-12-16 22:05 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-12-16 22:05 . 2014-12-16 22:05 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-12-16 22:05 . 2014-12-16 22:05 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-12-16 22:05 . 2014-12-16 22:05 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-12-16 22:05 . 2014-12-16 22:05 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-16 22:05 . 2014-12-16 22:05 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-12-16 22:05 . 2014-12-16 22:05 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-12-16 22:05 . 2014-12-16 22:05 235520 ----a-w- c:\windows\system32\url.dll
2014-12-16 22:05 . 2014-12-16 22:05 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-12-16 22:05 . 2014-12-16 22:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-12-16 22:05 . 2014-12-16 22:05 147968 ----a-w- c:\windows\system32\occache.dll
2014-12-16 22:05 . 2014-12-16 22:05 143872 ----a-w- c:\windows\system32\wextract.exe
2014-12-16 22:05 . 2014-12-16 22:05 13824 ----a-w- c:\windows\system32\mshta.exe
2014-12-16 22:05 . 2014-12-16 22:05 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-12-16 22:05 . 2014-12-16 22:05 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-12-16 22:05 . 2014-12-16 22:05 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-12-16 22:05 . 2014-12-16 22:05 101376 ----a-w- c:\windows\system32\inseng.dll
2014-12-16 22:03 . 2014-12-16 22:03 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-12-16 22:03 . 2014-12-16 22:03 859648 ----a-w- c:\windows\system32\tdh.dll
2014-12-16 22:03 . 2014-12-16 22:03 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2014-12-16 22:03 . 2014-12-16 22:03 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2014-12-16 22:03 . 2014-12-16 22:03 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-12-16 22:03 . 2014-12-16 22:03 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-12-16 22:02 . 2014-12-16 22:02 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-12-16 22:02 . 2014-12-16 22:02 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-12-16 22:02 . 2014-12-16 22:02 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-12-16 21:57 . 2014-12-16 21:57 9728 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 9728 ----a-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 5632 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 5632 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 5632 ----a-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 5632 ----a-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-02-10 790880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LocalAccountTokenFilterPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\CisUtMonitor.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\BIN\cleanhlp64.sys;c:\eek\BIN\cleanhlp64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 esihdrv;esihdrv;c:\users\MARA\AppData\Local\Temp\esihdrv.sys;c:\users\MARA\AppData\Local\Temp\esihdrv.sys [x]
R3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;c:\program files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe;c:\program files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R4 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\BIN\a2ddax64.sys;c:\eek\BIN\a2ddax64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-03 03:51]
.
2015-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-03 03:51]
.
2015-02-10 c:\windows\Tasks\Health-Check-auto.job
- c:\program files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-02-08 18:27]
.
2015-02-08 c:\windows\Tasks\Health-Check-deep.job
- c:\program files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-02-08 18:27]
.
2015-02-08 c:\windows\Tasks\Health-Check.job
- c:\program files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-02-08 18:27]
.
2015-02-08 c:\windows\Tasks\RunUninstallTool_SkipUac.job
- c:\program files\Uninstall Tool\UninstallTool.exe [2015-02-08 07:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2014-07-04 23:58 206352 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2014-07-04 23:58 206352 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2014-07-04 23:58 206352 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2014-07-04 23:58 206352 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-02-10 1689576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\MILLA\AppData\Roaming\Mozilla\Firefox\Profiles\iax09hwq.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3290119370-742891325-88322259-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6B0DA6F-56B2-8925-C98A-BB9F206EADAE}*]
"jalhlpbnnehoipighood"=hex:62,61,6a,6a,00,00
"ialahhebcjbdafodjj"=hex:6b,61,63,6a,68,61,61,6d,6f,6f,66,6b,6e,70,68,6b,65,6f,
   69,61,67,61,00,00
"habbjahlmaamdjbp"=hex:6b,61,63,6a,68,61,61,6d,6f,6f,66,6b,6e,70,68,6b,65,6f,
   69,61,67,61,00,00
"jalhlpbnnehoipighoce"=hex:62,61,6a,6a,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-10  12:15:57
ComboFix-quarantined-files.txt  2015-02-10 18:15
ComboFix2.txt  2015-02-08 07:02
ComboFix3.txt  2015-02-08 02:42
ComboFix4.txt  2015-02-07 23:58
.
Pre-Run: 235,624,976,384 bytes free
Post-Run: 235,607,429,120 bytes free
.
- - End Of File - - 6779E447956193E32B43D030BAE65D8B
A36C5E4F47E84449FF07ED3517B43A31


#10 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 01:21 PM

Farbar Service Scanner Version: 17-01-2015
Ran by MILLA (administrator) on 10-02-2015 at 12:19:52
Running from "C:\Users\MILLA\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#11 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 02:17 PM

Farbar Service Scanner Version: 17-01-2015
Ran by MILLA (administrator) on 10-02-2015 at 13:14:57
Running from "C:\Users\MILLA\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 AM

Posted 10 February 2015 - 02:47 PM

do you have Internet Access with that pc?

What Problems do you see on this Computer?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 03:17 PM

Yes sir, I have Comcast for my cable and internet service provider. I decided to use Norton Security Suite, a free add-on for all Comcast-Xfinity internet subscribers. After the third un-install and re-install of Norton I decided that maybe that what was causing problems so I looked for another antivirus program and chose Bitdefender Total Security 2015, it is the trial-good for 27 more days. After running a full scan with Bitdefender, it didnt find anything wrong with my computer. After making the mistake of trying Norton, I have never had to wait so long for the system to boot, when it does finally does it is interrupted by a pop-up that tells me Windows is not genuine Your computer might be running a counterfeit copy of Windows then the choice of Get Genuine Now or Ask Me Later 0xC004F07C  Then when my desktop loads after I choose one or the other options another warning-flashing triangle icon appears and tells me I may be a victim of software counterfeiting Go Online To Resolve Now then when I get rid of that (i usually go to task manager and end the process) another flashing-warning appears, it says Optional Update Delivery is Not Working and also on the bottom right hand side just above the time and date it will say Windows 7 build 7601 This Copy of Windows is Not Genuine. None of the above happens in safe mode, that's why I have been booting in safe mode, to avoid all the non-sense and ridiculous amount of time having to wait to boot in normal mode. I've also had problems with my services. I've been told that I am not authorized to make changes to certain services even though I am running in administrator. I believe that somehow installing the Norton product had something to do with this mess. I appreciate all you have done and if you can't do anymore to help me further then thank you once again for your time and patience :)



#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:36 AM

Posted 10 February 2015 - 05:09 PM

n1eMMmT.jpg Download Windows Repair (all in one) from this site
Install and then run the program.
On the Start Repairs tab click Start
DwysfIW.jpg
When the Repair Options screen populates, be sure to select all items and also check Restart System When Finished.
Now press Start

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:36 PM

Posted 10 February 2015 - 10:10 PM

Hello Jo, I ran Windows Repair on a Clean Boot and in Safe Mode, followed instructions and not much seemed to change other than I cannot get Bitdefender to start. It's services are set to disabled and tells me I am not allowed to make changes so here we go again in Safe Mode for at least a bit longer :) Had to get some dinner and now it's time to get things moving again.  I did run Combofix one time after I couldn't get Bitdefender started in hopes of a solution, just wanted you to know. I'm going to do what you told me to in the next message, reading the tutorial on it as soon as I send this message to you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users