Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help!


  • This topic is locked This topic is locked
28 replies to this topic

#1 george0000

george0000

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 10 February 2015 - 03:28 PM

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : g3rman [Administrator]
Mode : Delete -- Date : 02/10/2015 14:46:50

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 21 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PGPwded @ Unknown (\SystemRoot\System32\Drivers\PGPwded.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\PGPwded @ Unknown (\SystemRoot\System32\Drivers\PGPwded.sys)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7783010a (jmp 0x16ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7783010a (jmp 0x16ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7783010a (jmp 0x16e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7783010a (jmp 0x16ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7783010a (jmp 0x16e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7783010a (jmp 0x16dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7783010a (jmp 0x16ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7783010a (jmp 0x16e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7783010a (jmp 0x16f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7783010a (jmp 0x16e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7783010a (jmp 0x16e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7783010a (jmp 0x16e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7783010a (jmp 0x16e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7783010a (jmp 0x16e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7783010a (jmp 0x16e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7783010a (jmp 0x16d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7783010a (jmp 0x16de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7783010a (jmp 0x16d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x7783010a (jmp 0x16e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 856051236732f4bcb0b7ced845e78769
[BSP] e61ad225d8409c49374434f4787d253a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

 

ComboFix 15-02-02.01 - g3rman 02/10/2015  13:38:09.10.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3991.2292 [GMT 2:00]
Running from: c:\users\g3rman\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: COMODO Antivirus *Disabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-10 to 2015-02-10  )))))))))))))))))))))))))))))))
.
.
2015-02-10 11:46 . 2015-02-10 11:46    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-02-10 11:46 . 2015-02-10 11:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-02-05 05:28 . 2015-02-05 05:28    --------    d-----w-    c:\program files (x86)\GUM81CC.tmp
2015-02-05 05:28 . 2015-02-05 05:28    6103040    ----a-w-    c:\program files (x86)\GUT81CD.tmp
2015-02-05 05:25 . 2015-02-05 05:26    --------    d-----w-    c:\windows\SysWow64\vbox
2015-02-05 05:25 . 2015-02-05 05:26    --------    d-----w-    c:\windows\system32\vbox
2015-02-05 05:23 . 2015-02-05 05:23    --------    d-----w-    c:\users\g3rman\AppData\Roaming\AVAST Software
2015-02-05 05:22 . 2015-02-05 05:22    --------    d-----w-    c:\users\g3rman\AppData\Local\Google
2015-02-05 05:22 . 2015-02-05 05:22    --------    d-----w-    c:\program files (x86)\Google
2015-02-05 05:21 . 2015-02-05 05:21    116728    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-02-05 05:21 . 2015-02-05 05:21    267632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-02-05 05:21 . 2015-02-05 05:21    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-02-05 05:21 . 2015-02-05 05:21    83280    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-02-05 05:21 . 2015-02-05 05:21    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-02-05 05:21 . 2015-02-05 05:21    436624    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-02-05 05:21 . 2015-02-05 05:21    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-02-05 05:21 . 2015-02-05 23:01    1050432    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2015-02-05 05:21 . 2015-02-05 05:21    364512    ----a-w-    c:\windows\system32\aswBoot.exe
2015-02-05 05:21 . 2015-02-05 05:21    43152    ----a-w-    c:\windows\avastSS.scr
2015-02-05 05:19 . 2015-02-05 05:20    --------    d-----w-    c:\programdata\AVAST Software
2015-02-05 05:05 . 2015-02-05 05:20    --------    d-----w-    c:\program files\AVAST Software
2015-02-05 01:18 . 2015-02-05 04:19    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-02-05 01:18 . 2015-02-05 01:18    --------    d-----w-    c:\programdata\RogueKiller
2015-02-05 00:36 . 2015-02-05 00:36    --------    d-----w-    C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 05:06 . 2014-04-29 04:32    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-05 05:02 . 2014-04-29 04:31    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-02-05 05:02 . 2014-04-29 04:31    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-02-05 05:02 . 2014-04-29 04:31    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-02-04 21:36 . 2014-04-26 15:14    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 21:36 . 2014-04-26 15:14    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 12:27 . 2014-04-16 19:12    45880    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
2015-01-30 12:27 . 2014-04-16 19:12    104608    ----a-w-    c:\windows\system32\drivers\inspect.sys
2015-01-30 12:27 . 2014-04-16 19:12    792648    ----a-w-    c:\windows\system32\drivers\cmdguard.sys
2015-01-30 12:27 . 2014-04-16 19:12    20184    ----a-w-    c:\windows\system32\drivers\cmderd.sys
2015-01-30 12:27 . 2014-03-25 17:22    40736    ----a-w-    c:\windows\system32\cmdcsr.dll
2015-01-30 12:27 . 2014-03-25 17:22    386768    ----a-w-    c:\windows\SysWow64\guard32.dll
2015-01-30 12:27 . 2014-03-25 17:22    481576    ----a-w-    c:\windows\system32\guard64.dll
2015-01-30 12:27 . 2014-03-25 17:22    354520    ----a-w-    c:\windows\system32\cmdvrt64.dll
2015-01-30 12:27 . 2014-03-25 17:22    45784    ----a-w-    c:\windows\system32\cmdkbd64.dll
2015-01-30 12:27 . 2014-03-25 17:22    286424    ----a-w-    c:\windows\SysWow64\cmdvrt32.dll
2015-01-30 12:27 . 2014-03-25 17:22    40664    ----a-w-    c:\windows\SysWow64\cmdkbd32.dll
2015-01-15 01:01 . 2014-04-26 15:47    113365784    ----a-w-    c:\windows\system32\MRT.exe
2014-12-18 10:12 . 2014-12-18 10:12    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-12-18 10:12 . 2014-12-18 10:12    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-11-28 03:45 . 2014-11-28 03:45    48392    ----a-w-    c:\windows\SysWow64\certsentry.dll
2014-11-28 03:45 . 2014-11-24 16:28    57096    ----a-w-    c:\windows\system32\certsentry.dll
2014-11-27 01:43 . 2014-12-11 09:53    389296    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 09:53    25059840    ----a-w-    c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 09:53    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 09:53    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 09:53    66560    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 09:53    580096    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 09:53    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 09:53    2885120    ----a-w-    c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 09:53    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 09:53    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 09:53    34304    ----a-w-    c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 09:53    633856    ----a-w-    c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 09:53    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 09:53    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 09:53    6039552    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 09:53    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 09:53    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 09:53    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 09:53    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 09:53    199680    ----a-w-    c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 09:53    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 09:53    501248    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 09:53    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 09:53    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 09:53    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 09:53    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 09:53    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 09:53    718848    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 09:53    800768    ----a-w-    c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 09:53    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 09:53    2125312    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 09:53    14412800    ----a-w-    c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 09:53    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 09:53    4299264    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 09:53    2358272    ----a-w-    c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 09:53    2052096    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 09:53    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 09:53    1548288    ----a-w-    c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 09:53    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 09:53    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-01-12 18:45    1056888    ----a-w-    c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Simp"="c:\program files (x86)\Secway\SimpLite-Yahoo 2.5\SimpLite-Yahoo.exe" [2012-04-17 2044416]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-08-13 835288]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-05 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys;c:\windows\SYSNATIVE\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys;c:\windows\SYSNATIVE\DRIVERS\Pgpwdefs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-26 21:36]
.
2015-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2932890408-3273430557-4101837277-1000Core.job
- c:\users\g3rman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12 20:35]
.
2015-02-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2932890408-3273430557-4101837277-1000UA.job
- c:\users\g3rman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12 20:35]
.
2015-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05 05:22]
.
2015-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05 05:22]
.
2015-02-10 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-05 05:21    860984    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-01-12 18:45    589432    ----a-w-    c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-05 441152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-05 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-05 398656]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-02-03 1297624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\g3rman\AppData\Roaming\Mozilla\Firefox\Profiles\b773dk2x.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-MBAMSwissArmy
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
@DACL=(02 0000)
"Description"="Ag Player Plugin"
"GeckoVersion"="1.7.5"
"Path"="c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll"
"ProductName"="Ag Player"
"Vendor"="Microsoft"
"Version"="5.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll"
"Version"="11.0.07"
"Vendor"="Adobe Systems Incorporated. Copyright 1994-2010 All Rights Reserved"
"ProductName"="Adobe Reader Plugin for Firefox"
"Description"="Handles PDFs in-place in Firefox"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-02-10  13:50:15
ComboFix-quarantined-files.txt  2015-02-10 11:50
ComboFix2.txt  2015-02-05 04:53
ComboFix3.txt  2014-09-30 12:18
ComboFix4.txt  2014-08-29 14:50
ComboFix5.txt  2015-02-10 11:35
.
Pre-Run: 414,128,279,552 bytes free
Post-Run: 414,073,638,912 bytes free
.
- - End Of File - - 538AACAEC491CBC617F06D43D0837777
A36C5E4F47E84449FF07ED3517B43A31

 

 

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 10 February 2015 - 04:26 PM

Hello george0000 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 10 February 2015 - 05:08 PM

Hi george0000,
 
What types of specific problems you are experiencing right now?
--------------------------------------
Do you use Comodo GeekBuddy software ?
-------------------------------------
:multiple Anti Virus programs:

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
  • AV: COMODO Internet Security
    AV: Avast! Antivirus


    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
     
  • Please remove all but one of them.

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.
 
How to Uninstall Comodo Internet Security/Comodo Firewall (CIS/CF)

https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/143/9/
https://www.avast.com/uninstall-utility

 

Let me know when you get that done.


Edited by olgun52, 10 February 2015 - 05:12 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 george0000

george0000
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 11 February 2015 - 01:20 AM

done, removed 1 antivirus.

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software


¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\PGPwded.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PGPwded @ Unknown (\SystemRoot\System32\Drivers\PGPwded.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\PGPwded @ Unknown (\SystemRoot\System32\Drivers\PGPwded.sys)
 


Edited by george0000, 11 February 2015 - 05:34 AM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 11 February 2015 - 03:20 PM

done, removed 1 antivirus.

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software

¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\PGPwded.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PGPwded @ Unknown (\SystemRoot\System32\Drivers\PGPwded.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\PGPwded @ Unknown (\SystemRoot\System32\Drivers\PGPwded.sys)
 

 

http://www.systemlookup.com/Drivers/7586-PGPwded_sys.html

 

What is the problem? I do not see a problem.

---------------------------------------------------------

 

What did you delete the software ?

 

---------------------------------

 

Please do the following.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 george0000

george0000
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 12 February 2015 - 01:42 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by g3rman (administrator) on G3RMAN-PC on 12-02-2015 08:22:51
Running from C:\Users\g3rman\Desktop
Loaded Profiles: g3rman (Available profiles: g3rman)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(PGP Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(PGP Corporation) C:\Windows\SysWOW64\PGPserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
() C:\Program Files (x86)\BlueStacks\HD-Adb.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Farbar) C:\Users\g3rman\Desktop\FRST64(1).exe
Failed to access process -> wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-03] (COMODO)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Run: [Simp] => C:\Program Files (x86)\Secway\SimpLite-Yahoo 2.5\SimpLite-Yahoo.exe [2044416 2012-04-17] (Secway)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\Windows\system32\PGPfsshl.dll (PGP Corporation)
ShellIconOverlayIdentifiers-x32: [IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\Windows\SysWOW64\PGPfsshl.dll (PGP Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\g3rman\AppData\Roaming\Mozilla\Firefox\Profiles\b773dk2x.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2932890408-3273430557-4101837277-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\g3rman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipediaro.xml
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2014-11-10]
FF HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-06-24] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-03] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-03] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-23] (Comodo Security Solutions, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [166520 2011-01-12] (PGP Corporation)
R2 PGPserv; C:\Windows\SysWOW64\PGPserv.exe [135288 2011-01-12] (PGP Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [274552 2011-01-12] (PGP Corporation)
R0 pgpfs; C:\Windows\System32\Drivers\PGPfsfd.sys [170104 2011-01-12] (PGP Corporation)
R2 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [50296 2011-01-12] (PGP Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [363128 2011-01-12] (PGP Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [14968 2011-01-12] (PGP Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 MFE_RR; \??\C:\Users\g3rman\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 08:22 - 2015-02-12 08:25 - 00011971 _____ () C:\Users\g3rman\Desktop\FRST.txt
2015-02-12 08:17 - 2015-02-12 08:17 - 02134016 _____ (Farbar) C:\Users\g3rman\Desktop\FRST64(1).exe
2015-02-11 08:48 - 2015-02-11 08:48 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 08:48 - 2015-02-11 08:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:48 - 2015-02-11 08:48 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 08:47 - 2015-02-11 08:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 08:44 - 2015-02-11 08:44 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:44 - 2015-02-11 08:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:43 - 2015-02-11 08:43 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:43 - 2015-02-11 08:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 08:43 - 2015-02-11 08:43 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 08:43 - 2015-02-11 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 08:43 - 2015-02-11 08:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 08:43 - 2015-02-11 08:43 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 08:43 - 2015-02-11 08:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:41 - 2015-02-11 08:41 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:41 - 2015-02-11 08:41 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:41 - 2015-02-11 08:41 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:41 - 2015-02-11 08:41 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 08:41 - 2015-02-11 08:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 08:41 - 2015-02-11 08:41 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 08:41 - 2015-02-11 08:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 08:41 - 2015-02-11 08:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 08:41 - 2015-01-12 05:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 08:41 - 2015-01-12 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 08:40 - 2015-02-11 08:40 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 08:40 - 2015-02-11 08:40 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:40 - 2015-02-11 08:40 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:37 - 2015-02-11 08:37 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:37 - 2015-02-11 08:37 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:37 - 2015-02-11 08:37 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:37 - 2015-02-11 08:37 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 08:37 - 2015-02-11 08:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 08:37 - 2015-02-11 08:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 08:37 - 2015-02-11 08:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 08:12 - 2015-02-11 08:12 - 00000197 _____ () C:\Windows\system32\2015-02-11-06-12-53.049-AvastVBoxSVC.exe-4952.log
2015-02-10 20:01 - 2015-02-10 20:01 - 00000310 _____ () C:\Users\g3rman\Downloads\RootkitRemover_20150210_200135.log
2015-02-10 19:52 - 2015-02-10 19:53 - 00000197 _____ () C:\Windows\system32\2015-02-10-17-52-55.014-AvastVBoxSVC.exe-3328.log
2015-02-10 19:48 - 2015-02-10 19:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\g3rman\Downloads\tdsskiller.exe
2015-02-10 15:24 - 2015-02-10 15:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-13-24-02.087-AvastVBoxSVC.exe-3200.log
2015-02-10 14:27 - 2015-02-10 14:28 - 00000310 _____ () C:\Users\g3rman\Downloads\RootkitRemover_20150210_142747.log
2015-02-10 14:26 - 2015-02-10 14:26 - 01472131 _____ () C:\Users\g3rman\Downloads\vba32arkit.zip
2015-02-10 14:26 - 2015-02-10 14:26 - 00783120 _____ (McAfee, Inc.) C:\Users\g3rman\Downloads\rootkitremover.exe
2015-02-10 14:26 - 2015-02-10 14:26 - 00380416 _____ () C:\Users\g3rman\Downloads\ojz39m5v.exe
2015-02-10 14:20 - 2015-02-10 14:20 - 00001065 _____ () C:\Users\g3rman\Desktop\JRT.txt
2015-02-10 13:59 - 2015-02-10 13:59 - 00000197 _____ () C:\Windows\system32\2015-02-10-11-59-13.082-AvastVBoxSVC.exe-2080.log
2015-02-10 13:50 - 2015-02-10 13:50 - 00025523 _____ () C:\ComboFix.txt
2015-02-10 09:06 - 2015-02-10 09:06 - 00000197 _____ () C:\Windows\system32\2015-02-10-07-06-38.045-AvastVBoxSVC.exe-4076.log
2015-02-10 08:49 - 2015-02-10 08:49 - 00000197 _____ () C:\Windows\system32\2015-02-10-06-49-38.002-AvastVBoxSVC.exe-3400.log
2015-02-09 20:48 - 2015-02-09 20:48 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-48-52.054-AvastVBoxSVC.exe-1448.log
2015-02-09 20:34 - 2015-02-09 20:34 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-34-04.008-AvastVBoxSVC.exe-3960.log
2015-02-09 20:27 - 2015-02-09 20:27 - 00000000 ____D () C:\Users\g3rman\Downloads\TSClean
2015-02-09 05:17 - 2015-02-09 05:17 - 00000197 _____ () C:\Windows\system32\2015-02-09-03-17-30.059-AvastVBoxSVC.exe-3404.log
2015-02-08 01:14 - 2015-02-08 01:15 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-14-58.041-AvastVBoxSVC.exe-5008.log
2015-02-07 08:45 - 2015-02-07 08:45 - 00117066 _____ () C:\Users\g3rman\Documents\s3.xps
2015-02-07 08:42 - 2015-02-07 08:42 - 00116536 _____ () C:\Users\g3rman\Documents\s1.xps
2015-02-07 08:42 - 2015-02-07 08:42 - 00112530 _____ () C:\Users\g3rman\Documents\s2.xps
2015-02-07 03:00 - 2015-02-07 03:00 - 00000197 _____ () C:\Windows\system32\2015-02-07-01-00-49.083-AvastVBoxSVC.exe-2180.log
2015-02-06 16:19 - 2015-02-06 16:19 - 00000197 _____ () C:\Windows\system32\2015-02-06-14-19-35.017-AvastVBoxSVC.exe-4664.log
2015-02-06 14:26 - 2015-02-06 14:26 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-26-54.007-AvastVBoxSVC.exe-3744.log
2015-02-06 14:14 - 2015-02-06 14:14 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-14-10.025-AvastVBoxSVC.exe-3272.log
2015-02-06 11:30 - 2015-02-06 11:30 - 00000197 _____ () C:\Windows\system32\2015-02-06-09-30-50.031-AvastVBoxSVC.exe-3476.log
2015-02-06 00:55 - 2015-02-06 00:56 - 00000197 _____ () C:\Windows\system32\2015-02-05-22-55-52.002-AvastVBoxSVC.exe-3264.log
2015-02-05 13:45 - 2015-02-05 13:45 - 04225895 _____ () C:\Users\g3rman\Downloads\gionyro_mp3s_archives_kavalla_-_ina_izvor_tu_paduri.rar
2015-02-05 12:35 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-35-13.085-aswFe.exe-4780.log
2015-02-05 12:24 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-24-30.084-aswFe.exe-3764.log
2015-02-05 12:24 - 2015-02-05 12:24 - 00000197 _____ () C:\Windows\system32\2015-02-05-10-24-26.029-AvastVBoxSVC.exe-972.log
2015-02-05 07:28 - 2015-02-05 07:28 - 06103040 _____ () C:\Program Files (x86)\GUT81CD.tmp
2015-02-05 07:28 - 2015-02-05 07:28 - 00000000 ____D () C:\Program Files (x86)\GUM81CC.tmp
2015-02-05 07:25 - 2015-02-05 07:26 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-05 07:25 - 2015-02-05 07:26 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-05 07:22 - 2015-02-12 08:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 07:22 - 2015-02-11 20:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 07:22 - 2015-02-05 12:27 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 07:22 - 2015-02-05 12:27 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 07:22 - 2015-02-05 07:22 - 00000000 ____D () C:\Users\g3rman\AppData\Local\Google
2015-02-05 07:22 - 2015-02-05 07:22 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-05 07:19 - 2015-02-11 08:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-05 07:18 - 2015-02-05 07:19 - 132469808 _____ (AVAST Software) C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe
2015-02-05 07:01 - 2015-02-05 07:01 - 05040384 _____ (AVAST Software) C:\Users\g3rman\Downloads\avastclear(1).exe
2015-02-05 06:59 - 2015-02-05 06:59 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-05 06:26 - 2015-02-10 13:33 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 06:26 - 2015-02-10 13:33 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 06:26 - 2015-02-10 13:33 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 06:26 - 2015-02-10 13:33 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 06:26 - 2015-02-10 13:33 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 06:26 - 2015-02-10 13:33 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 06:26 - 2015-02-10 13:33 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 06:26 - 2015-02-10 13:33 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 06:24 - 2015-02-05 06:24 - 00001278 _____ () C:\WinUpdateFix.txt
2015-02-05 06:24 - 2015-02-05 06:24 - 00000000 ____D () C:\Users\g3rman\Downloads\tsclean_1.1.0.5
2015-02-05 06:23 - 2015-02-05 06:23 - 05611380 ____R (Swearware) C:\Users\g3rman\Downloads\ComboFix.exe
2015-02-05 06:22 - 2015-02-05 06:22 - 00860160 _____ () C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe
2015-02-05 06:22 - 2015-02-05 06:22 - 00548774 _____ () C:\Users\g3rman\Downloads\winupdatefix_1.3.exe
2015-02-05 06:22 - 2015-02-05 06:22 - 00217144 _____ () C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip
2015-02-05 03:20 - 2015-02-05 03:20 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-02-05 03:18 - 2015-02-11 12:27 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-05 03:18 - 2015-02-05 03:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-05 03:17 - 2015-02-05 03:17 - 18570328 _____ () C:\Users\g3rman\Downloads\RogueKillerX64(1).exe
2015-02-05 03:04 - 2015-02-05 03:04 - 00000000 ____D () C:\Users\g3rman\Downloads\Fifa.13 - PS3
2015-02-05 03:01 - 2015-02-05 03:01 - 00003770 _____ () C:\Users\g3rman\Downloads\startuplist.txt
2015-02-05 02:49 - 2015-02-05 02:49 - 02194432 _____ () C:\Users\g3rman\Downloads\adwcleaner_4.109.exe
2015-02-05 02:49 - 2015-02-05 02:49 - 00278382 _____ () C:\Users\g3rman\Downloads\logonfix_1.1.exe
2015-02-05 02:36 - 2015-02-05 02:36 - 00000000 ____D () C:\found.000
2015-02-04 02:14 - 2015-02-11 11:30 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FAEE69C8-7A19-460F-86D3-E63F0557A4FA}
2015-02-04 02:08 - 2015-02-04 02:08 - 00000000 _____ () C:\Users\g3rman\Desktop\New Bitmap Image.bmp
2015-02-04 02:03 - 2015-02-05 06:26 - 00000000 ____D () C:\Users\g3rman\Desktop\655
2015-01-26 23:45 - 2015-02-05 06:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 00:27 - 2015-01-24 00:27 - 00112488 _____ () C:\Users\g3rman\Documents\sam.xps
2015-01-18 06:56 - 2015-01-18 06:56 - 00116071 _____ () C:\Users\g3rman\Documents\d4.xps
2015-01-18 06:55 - 2015-01-18 06:55 - 00116969 _____ () C:\Users\g3rman\Documents\d1.xps
2015-01-18 06:55 - 2015-01-18 06:55 - 00114557 _____ () C:\Users\g3rman\Documents\d31.xps
2015-01-18 06:55 - 2015-01-18 06:55 - 00112928 _____ () C:\Users\g3rman\Documents\d2.xps
2015-01-18 03:25 - 2015-01-18 03:25 - 00117849 _____ () C:\Users\g3rman\Documents\dq.xps
2015-01-14 15:44 - 2015-01-14 15:44 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:44 - 2015-01-14 15:44 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:44 - 2015-01-14 15:44 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:44 - 2015-01-14 15:44 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:44 - 2015-01-14 15:44 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:44 - 2015-01-14 15:44 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 08:23 - 2014-09-01 20:30 - 00000000 ____D () C:\FRST
2015-02-12 08:23 - 2014-04-27 02:26 - 01133163 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 08:22 - 2014-04-26 23:34 - 01353596 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-02-12 08:09 - 2014-11-20 13:20 - 00007728 _____ () C:\Windows\setupact.log
2015-02-12 08:09 - 2014-06-14 12:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-12 08:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 08:09 - 2009-07-14 06:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:09 - 2009-07-14 06:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 08:09 - 2009-07-14 06:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 08:08 - 2014-04-26 17:12 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-12 08:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:01 - 2014-11-10 08:14 - 00000258 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-02-11 20:40 - 2014-06-12 22:35 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2932890408-3273430557-4101837277-1000UA.job
2015-02-11 20:36 - 2014-10-04 16:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 08:31 - 2014-11-23 17:25 - 00434952 _____ () C:\Windows\PFRO.log
2015-02-11 08:29 - 2014-04-26 17:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 08:24 - 2014-04-26 17:47 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 23:40 - 2014-06-12 22:35 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2932890408-3273430557-4101837277-1000Core.job
2015-02-10 15:08 - 2014-08-22 22:20 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-10 14:05 - 2014-06-15 16:46 - 00000000 ____D () C:\Users\g3rman\AppData\Local\CrashDumps
2015-02-10 13:50 - 2014-06-27 19:12 - 00000000 ____D () C:\Qoobox
2015-02-10 13:47 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-10 13:33 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-02-10 09:01 - 2014-05-17 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-10 09:01 - 2014-05-17 19:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-02-10 08:58 - 2014-11-17 23:15 - 00000000 ____D () C:\Users\g3rman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-10 08:58 - 2014-11-17 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-10 08:58 - 2014-11-17 23:15 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-05 07:14 - 2014-05-17 11:08 - 00000000 ____D () C:\AdwCleaner
2015-02-05 07:06 - 2014-04-29 06:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 07:02 - 2014-04-29 06:31 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-05 07:02 - 2014-04-29 06:31 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-05 07:02 - 2014-04-29 06:31 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-05 07:02 - 2014-04-29 06:31 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-05 07:02 - 2014-04-29 06:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 07:02 - 2014-04-29 06:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 02:43 - 2014-09-30 14:04 - 00000000 ____D () C:\Users\g3rman\Downloads\FRST-OlderVersion
2015-02-05 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-02-04 23:36 - 2014-10-04 16:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 23:36 - 2014-04-26 17:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 23:36 - 2014-04-26 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 22:59 - 2014-05-30 18:47 - 00001985 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-02-02 20:13 - 2014-09-30 14:36 - 01388274 _____ (Thisisu) C:\Users\g3rman\Desktop\JRT_NEW.exe
2015-01-30 14:27 - 2014-04-16 21:12 - 00792648 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-01-30 14:27 - 2014-04-16 21:12 - 00104608 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-01-30 14:27 - 2014-04-16 21:12 - 00045880 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-01-30 14:27 - 2014-04-16 21:12 - 00020184 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-01-30 14:27 - 2014-03-25 19:22 - 00481576 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-01-30 14:27 - 2014-03-25 19:22 - 00386768 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-01-30 14:27 - 2014-03-25 19:22 - 00354520 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-01-30 14:27 - 2014-03-25 19:22 - 00286424 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-01-30 14:27 - 2014-03-25 19:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-01-30 14:27 - 2014-03-25 19:22 - 00040736 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-01-30 14:27 - 2014-03-25 19:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-01-27 17:33 - 2014-05-04 23:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-02-05 07:28 - 2015-02-05 07:28 - 6103040 _____ () C:\Program Files (x86)\GUT81CD.tmp
2014-11-10 08:12 - 2014-11-10 08:12 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\g3rman\AppData\Local\Temp\dllnt_dump.dll
C:\Users\g3rman\AppData\Local\Temp\{06D48137-20E6-45E2-AE4A-5B6F72CFC0EB}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 19:33

==================== End Of Log ============================

Attached Files



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 12 February 2015 - 11:57 AM

Hi george0000,
 
P2P:
I see you have P2P software ( BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.
----------------------------------------------
Uninstalling a Program using Add/Remove Program
I recommend the uninstalling of the below listed program(s).

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Bing Bar
McAfee Security Scan Plus
SimpLite-Yahoo

  • Reboot your computer

--------------------------------------------------------------------------------------------------
Step 1:
 
FRST Script:
Ensure your external and/or USB drives are inserted during the scan
Please download this attached txt.gif  fixlist.txt   14.32KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 
Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.

Attached Files


Edited by olgun52, 12 February 2015 - 03:26 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 george0000

george0000
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 12 February 2015 - 01:52 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-09-2014
Ran by g3rman at 2015-02-12 20:16:02 Run:3
Running from C:\Users\g3rman\Desktop
Loaded Profile: g3rman (Available profiles: g3rman)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
C:\Users\g3rman\Desktop\FRST64(1).exe
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Run: [Simp] => C:\Program Files (x86)\Secway\SimpLite-Yahoo 2.5\SimpLite-Yahoo.exe [2044416 2012-04-17]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipediaro.xml
FF HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
S3 MFE_RR; \??\C:\Users\g3rman\AppData\Local\Temp\mfe_rr.sys [X]
C:\Windows\system32\2015-02-11-06-12-53.049-AvastVBoxSVC.exe-4952.log
C:\Windows\system32\2015-02-10-11-59-13.082-AvastVBoxSVC.exe-2080.log
2015-02-10 20:01 - 2015-02-10 20:01 - 00000310 _____ () C:\Users\g3rman\Downloads\RootkitRemover_20150210_200135.log
2015-02-10 19:52 - 2015-02-10 19:53 - 00000197 _____ () C:\Windows\system32\2015-02-10-17-52-55.014-AvastVBoxSVC.exe-
2015-02-10 15:24 - 2015-02-10 15:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-13-24-02.087-AvastVBoxSVC.exe-3200.log
2015-02-10 14:26 - 2015-02-10 14:26 - 01472131 _____ () C:\Users\g3rman\Downloads\vba32arkit.zip
2015-02-10 14:26 - 2015-02-10 14:26 - 00783120 _____ (McAfee, Inc.) C:\Users\g3rman\Downloads\rootkitremover.exe
C:\Users\g3rman\Downloads\ojz39m5v.exe
2015-02-10 09:06 - 2015-02-10 09:06 - 00000197 _____ () C:\Windows\system32\2015-02-10-07-06-38.045-AvastVBoxSVC.exe-4076.log
2015-02-10 08:49 - 2015-02-10 08:49 - 00000197 _____ () C:\Windows\system32\2015-02-10-06-49-38.002-AvastVBoxSVC.exe-3400.log
2015-02-09 20:48 - 2015-02-09 20:48 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-48-52.054-AvastVBoxSVC.exe-1448.log
2015-02-09 20:34 - 2015-02-09 20:34 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-34-04.008-AvastVBoxSVC.exe-3960.log
2015-02-09 05:17 - 2015-02-09 05:17 - 00000197 _____ () C:\Windows\system32\2015-02-09-03-17-30.059-AvastVBoxSVC.exe-3404.log
2015-02-08 01:14 - 2015-02-08 01:15 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-14-58.041-AvastVBoxSVC.exe-5008.log
2015-02-07 03:00 - 2015-02-07 03:00 - 00000197 _____ () C:\Windows\system32\2015-02-07-01-00-49.083-AvastVBoxSVC.exe-2180.log
2015-02-06 16:19 - 2015-02-06 16:19 - 00000197 _____ () C:\Windows\system32\2015-02-06-14-19-35.017-AvastVBoxSVC.exe-4664.log
2015-02-06 14:26 - 2015-02-06 14:26 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-26-54.007-AvastVBoxSVC.exe-3744.log
2015-02-06 14:14 - 2015-02-06 14:14 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-14-10.025-AvastVBoxSVC.exe-3272.log
2015-02-06 11:30 - 2015-02-06 11:30 - 00000197 _____ () C:\Windows\system32\2015-02-06-09-30-50.031-AvastVBoxSVC.exe-3476.log
2015-02-06 00:55 - 2015-02-06 00:56 - 00000197 _____ () C:\Windows\system32\2015-02-05-22-55-52.002-AvastVBoxSVC.exe-3264.log
2015-02-05 12:35 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-35-13.085-aswFe.exe-4780.log
2015-02-05 12:24 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-24-30.084-aswFe.exe-3764.log
2015-02-05 12:24 - 2015-02-05 12:24 - 00000197 _____ () C:\Windows\system32\2015-02-05-10-24-26.029-AvastVBoxSVC.exe-972.log
2015-02-05 07:19 - 2015-02-11 08:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-05 07:18 - 2015-02-05 07:19 - 132469808 _____ (AVAST Software) C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe
2015-02-05 07:01 - 2015-02-05 07:01 - 05040384 _____ (AVAST Software) C:\Users\g3rman\Downloads\avastclear(1).exe
C:\Users\g3rman\Downloads\RogueKillerX64(1).exe
C:\ProgramData\Ament.ini
C:\Users\g3rman\AppData\Local\Temp\dllnt_dump.dll
C:\Users\g3rman\AppData\Local\Temp\{06D48137-20E6-45E2-AE4A-5B6F72CFC0EB}.exe
AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Desktop\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Desktop\udreatrai.jpg:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\adwcleaner_4.109.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\adwcleaner_4.109.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\avastclear(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\gionyro_mp3s_archives_kavalla_-_ina_izvor_tu_paduri.rar:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\kavalla_-_haidi_na_martsa_707_versuri.mp3:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\kavalla_-_ina_izvor_tu_paduri.mp3:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\logonfix_1.1.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\logonfix_1.1.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\ojz39m5v.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\RogueKillerX64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\RogueKillerX64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\rootkitremover.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\rootkitremover.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\tdsskiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\vba32arkit.zip:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\winupdatefix_1.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\winupdatefix_1.3.exe:$CmdZnID
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75871648.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75871648.sys
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************

CreateRestorePoint: => Error: No automatic fix found for this entry.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"C:\Users\g3rman\Desktop\FRST64(1).exe" => File/Directory not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Simp => Value not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\[00avast]" => Key not found.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION => Error: No automatic fix found for this entry.
 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/12/2015
Scan Time: 20:35:23
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.12.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: g3rman

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338839
Time Elapsed: 10 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by g3rman at 2015-02-12 20:28:39 Run:5
Running from C:\Users\g3rman\Desktop
Loaded Profiles: g3rman (Available profiles: g3rman)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
C:\Users\g3rman\Desktop\FRST64(1).exe
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Run: [Simp] => C:\Program Files (x86)\Secway\SimpLite-Yahoo 2.5\SimpLite-Yahoo.exe [2044416 2012-04-17]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipediaro.xml
FF HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
S3 MFE_RR; \??\C:\Users\g3rman\AppData\Local\Temp\mfe_rr.sys [X]
C:\Windows\system32\2015-02-11-06-12-53.049-AvastVBoxSVC.exe-4952.log
C:\Windows\system32\2015-02-10-11-59-13.082-AvastVBoxSVC.exe-2080.log
2015-02-10 20:01 - 2015-02-10 20:01 - 00000310 _____ () C:\Users\g3rman\Downloads\RootkitRemover_20150210_200135.log
2015-02-10 19:52 - 2015-02-10 19:53 - 00000197 _____ () C:\Windows\system32\2015-02-10-17-52-55.014-AvastVBoxSVC.exe-
2015-02-10 15:24 - 2015-02-10 15:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-13-24-02.087-AvastVBoxSVC.exe-3200.log
2015-02-10 14:26 - 2015-02-10 14:26 - 01472131 _____ () C:\Users\g3rman\Downloads\vba32arkit.zip
2015-02-10 14:26 - 2015-02-10 14:26 - 00783120 _____ (McAfee, Inc.) C:\Users\g3rman\Downloads\rootkitremover.exe
C:\Users\g3rman\Downloads\ojz39m5v.exe
2015-02-10 09:06 - 2015-02-10 09:06 - 00000197 _____ () C:\Windows\system32\2015-02-10-07-06-38.045-AvastVBoxSVC.exe-4076.log
2015-02-10 08:49 - 2015-02-10 08:49 - 00000197 _____ () C:\Windows\system32\2015-02-10-06-49-38.002-AvastVBoxSVC.exe-3400.log
2015-02-09 20:48 - 2015-02-09 20:48 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-48-52.054-AvastVBoxSVC.exe-1448.log
2015-02-09 20:34 - 2015-02-09 20:34 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-34-04.008-AvastVBoxSVC.exe-3960.log
2015-02-09 05:17 - 2015-02-09 05:17 - 00000197 _____ () C:\Windows\system32\2015-02-09-03-17-30.059-AvastVBoxSVC.exe-3404.log
2015-02-08 01:14 - 2015-02-08 01:15 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-14-58.041-AvastVBoxSVC.exe-5008.log
2015-02-07 03:00 - 2015-02-07 03:00 - 00000197 _____ () C:\Windows\system32\2015-02-07-01-00-49.083-AvastVBoxSVC.exe-2180.log
2015-02-06 16:19 - 2015-02-06 16:19 - 00000197 _____ () C:\Windows\system32\2015-02-06-14-19-35.017-AvastVBoxSVC.exe-4664.log
2015-02-06 14:26 - 2015-02-06 14:26 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-26-54.007-AvastVBoxSVC.exe-3744.log
2015-02-06 14:14 - 2015-02-06 14:14 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-14-10.025-AvastVBoxSVC.exe-3272.log
2015-02-06 11:30 - 2015-02-06 11:30 - 00000197 _____ () C:\Windows\system32\2015-02-06-09-30-50.031-AvastVBoxSVC.exe-3476.log
2015-02-06 00:55 - 2015-02-06 00:56 - 00000197 _____ () C:\Windows\system32\2015-02-05-22-55-52.002-AvastVBoxSVC.exe-3264.log
2015-02-05 12:35 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-35-13.085-aswFe.exe-4780.log
2015-02-05 12:24 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-24-30.084-aswFe.exe-3764.log
2015-02-05 12:24 - 2015-02-05 12:24 - 00000197 _____ () C:\Windows\system32\2015-02-05-10-24-26.029-AvastVBoxSVC.exe-972.log
2015-02-05 07:19 - 2015-02-11 08:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-05 07:18 - 2015-02-05 07:19 - 132469808 _____ (AVAST Software) C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe
2015-02-05 07:01 - 2015-02-05 07:01 - 05040384 _____ (AVAST Software) C:\Users\g3rman\Downloads\avastclear(1).exe
C:\Users\g3rman\Downloads\RogueKillerX64(1).exe
C:\ProgramData\Ament.ini
C:\Users\g3rman\AppData\Local\Temp\dllnt_dump.dll
C:\Users\g3rman\AppData\Local\Temp\{06D48137-20E6-45E2-AE4A-5B6F72CFC0EB}.exe
AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Desktop\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Desktop\udreatrai.jpg:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\adwcleaner_4.109.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\adwcleaner_4.109.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\avastclear(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\gionyro_mp3s_archives_kavalla_-_ina_izvor_tu_paduri.rar:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\kavalla_-_haidi_na_martsa_707_versuri.mp3:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\kavalla_-_ina_izvor_tu_paduri.mp3:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\logonfix_1.1.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\logonfix_1.1.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\ojz39m5v.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\RogueKillerX64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\RogueKillerX64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\rootkitremover.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\rootkitremover.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\tdsskiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\vba32arkit.zip:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\winupdatefix_1.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\winupdatefix_1.3.exe:$CmdZnID
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75871648.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75871648.sys
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"C:\Users\g3rman\Desktop\FRST64(1).exe" => File/Directory not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Simp => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipediaro.xml" => not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi not found.
McComponentHostService => Service not found.
MFE_RR => Service not found.
"C:\Windows\system32\2015-02-11-06-12-53.049-AvastVBoxSVC.exe-4952.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-11-59-13.082-AvastVBoxSVC.exe-2080.log" => File/Directory not found.
"C:\Users\g3rman\Downloads\RootkitRemover_20150210_200135.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-17-52-55.014-AvastVBoxSVC.exe-" => File/Directory not found.
"C:\Windows\system32\2015-02-10-13-24-02.087-AvastVBoxSVC.exe-3200.log" => File/Directory not found.
"C:\Users\g3rman\Downloads\vba32arkit.zip" => File/Directory not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\ojz39m5v.exe" => File/Directory not found.
"C:\Windows\system32\2015-02-10-07-06-38.045-AvastVBoxSVC.exe-4076.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-06-49-38.002-AvastVBoxSVC.exe-3400.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-18-48-52.054-AvastVBoxSVC.exe-1448.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-18-34-04.008-AvastVBoxSVC.exe-3960.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-03-17-30.059-AvastVBoxSVC.exe-3404.log" => File/Directory not found.
"C:\Windows\system32\2015-02-07-23-14-58.041-AvastVBoxSVC.exe-5008.log" => File/Directory not found.
"C:\Windows\system32\2015-02-07-01-00-49.083-AvastVBoxSVC.exe-2180.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-14-19-35.017-AvastVBoxSVC.exe-4664.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-12-26-54.007-AvastVBoxSVC.exe-3744.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-12-14-10.025-AvastVBoxSVC.exe-3272.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-09-30-50.031-AvastVBoxSVC.exe-3476.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-22-55-52.002-AvastVBoxSVC.exe-3264.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-35-13.085-aswFe.exe-4780.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-24-30.084-aswFe.exe-3764.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-24-26.029-AvastVBoxSVC.exe-972.log" => File/Directory not found.
"C:\ProgramData\AVAST Software" => File/Directory not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\avastclear(1).exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => File/Directory not found.
"C:\ProgramData\Ament.ini" => File/Directory not found.
"C:\Users\g3rman\AppData\Local\Temp\dllnt_dump.dll" => File/Directory not found.
"C:\Users\g3rman\AppData\Local\Temp\{06D48137-20E6-45E2-AE4A-5B6F72CFC0EB}.exe" => File/Directory not found.
"C:\Windows\grep.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\MBR.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\NIRCMD.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\PEV.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\sed.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWREG.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWSC.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWXCACLS.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\zip.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ie4uinit.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwcollector.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwcollectorres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MsSpellCheckingFacility.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncsi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Desktop\FRST64(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Desktop\udreatrai.jpg" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\adwcleaner_4.109.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\adwcleaner_4.109.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\avastclear(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\ComboFix.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\ComboFix.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\gionyro_mp3s_archives_kavalla_-_ina_izvor_tu_paduri.rar" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\kavalla_-_haidi_na_martsa_707_versuri.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\kavalla_-_ina_izvor_tu_paduri.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\logonfix_1.1.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\logonfix_1.1.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\ojz39m5v.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\tdsskiller.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\tdsskiller.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\vba32arkit.zip" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\winupdatefix_1.3.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\winupdatefix_1.3.exe" => ":$CmdZnID" ADS not found.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75871648.sys => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75871648.sys => Error: No automatic fix found for this entry.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 390.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:29:33 ====


Edited by george0000, 12 February 2015 - 01:53 PM.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 12 February 2015 - 03:38 PM

Transactions failed. I have edited too attachment. Please try step 1 again.

 

Please, Start FRST with Administrator privileges. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 george0000

george0000
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 12 February 2015 - 04:06 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by g3rman at 2015-02-12 23:03:10 Run:6
Running from C:\Users\g3rman\Desktop
Loaded Profiles: g3rman (Available profiles: g3rman)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

HKLM-x32\...\Run: [] => [X]
C:\Users\g3rman\Desktop\FRST64(1).exe
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Run: [Simp] => C:\Program Files (x86)\Secway\SimpLite-Yahoo 2.5\SimpLite-Yahoo.exe [2044416 2012-04-17]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipediaro.xml
FF HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
S3 MFE_RR; \??\C:\Users\g3rman\AppData\Local\Temp\mfe_rr.sys [X]
C:\Windows\system32\2015-02-11-06-12-53.049-AvastVBoxSVC.exe-4952.log
C:\Windows\system32\2015-02-10-11-59-13.082-AvastVBoxSVC.exe-2080.log
2015-02-10 20:01 - 2015-02-10 20:01 - 00000310 _____ () C:\Users\g3rman\Downloads\RootkitRemover_20150210_200135.log
2015-02-10 19:52 - 2015-02-10 19:53 - 00000197 _____ () C:\Windows\system32\2015-02-10-17-52-55.014-AvastVBoxSVC.exe-
2015-02-10 15:24 - 2015-02-10 15:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-13-24-02.087-AvastVBoxSVC.exe-3200.log
2015-02-10 14:26 - 2015-02-10 14:26 - 01472131 _____ () C:\Users\g3rman\Downloads\vba32arkit.zip
2015-02-10 14:26 - 2015-02-10 14:26 - 00783120 _____ (McAfee, Inc.) C:\Users\g3rman\Downloads\rootkitremover.exe
C:\Users\g3rman\Downloads\ojz39m5v.exe
2015-02-10 09:06 - 2015-02-10 09:06 - 00000197 _____ () C:\Windows\system32\2015-02-10-07-06-38.045-AvastVBoxSVC.exe-4076.log
2015-02-10 08:49 - 2015-02-10 08:49 - 00000197 _____ () C:\Windows\system32\2015-02-10-06-49-38.002-AvastVBoxSVC.exe-3400.log
2015-02-09 20:48 - 2015-02-09 20:48 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-48-52.054-AvastVBoxSVC.exe-1448.log
2015-02-09 20:34 - 2015-02-09 20:34 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-34-04.008-AvastVBoxSVC.exe-3960.log
2015-02-09 05:17 - 2015-02-09 05:17 - 00000197 _____ () C:\Windows\system32\2015-02-09-03-17-30.059-AvastVBoxSVC.exe-3404.log
2015-02-08 01:14 - 2015-02-08 01:15 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-14-58.041-AvastVBoxSVC.exe-5008.log
2015-02-07 03:00 - 2015-02-07 03:00 - 00000197 _____ () C:\Windows\system32\2015-02-07-01-00-49.083-AvastVBoxSVC.exe-2180.log
2015-02-06 16:19 - 2015-02-06 16:19 - 00000197 _____ () C:\Windows\system32\2015-02-06-14-19-35.017-AvastVBoxSVC.exe-4664.log
2015-02-06 14:26 - 2015-02-06 14:26 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-26-54.007-AvastVBoxSVC.exe-3744.log
2015-02-06 14:14 - 2015-02-06 14:14 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-14-10.025-AvastVBoxSVC.exe-3272.log
2015-02-06 11:30 - 2015-02-06 11:30 - 00000197 _____ () C:\Windows\system32\2015-02-06-09-30-50.031-AvastVBoxSVC.exe-3476.log
2015-02-06 00:55 - 2015-02-06 00:56 - 00000197 _____ () C:\Windows\system32\2015-02-05-22-55-52.002-AvastVBoxSVC.exe-3264.log
2015-02-05 12:35 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-35-13.085-aswFe.exe-4780.log
2015-02-05 12:24 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-24-30.084-aswFe.exe-3764.log
2015-02-05 12:24 - 2015-02-05 12:24 - 00000197 _____ () C:\Windows\system32\2015-02-05-10-24-26.029-AvastVBoxSVC.exe-972.log
2015-02-05 07:19 - 2015-02-11 08:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-05 07:18 - 2015-02-05 07:19 - 132469808 _____ (AVAST Software) C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe
2015-02-05 07:01 - 2015-02-05 07:01 - 05040384 _____ (AVAST Software) C:\Users\g3rman\Downloads\avastclear(1).exe
C:\Users\g3rman\Downloads\RogueKillerX64(1).exe
C:\ProgramData\Ament.ini
C:\Users\g3rman\AppData\Local\Temp\dllnt_dump.dll
C:\Users\g3rman\AppData\Local\Temp\{06D48137-20E6-45E2-AE4A-5B6F72CFC0EB}.exe
AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Desktop\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Desktop\udreatrai.jpg:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\adwcleaner_4.109.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\adwcleaner_4.109.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\avastclear(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\gionyro_mp3s_archives_kavalla_-_ina_izvor_tu_paduri.rar:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\kavalla_-_haidi_na_martsa_707_versuri.mp3:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\kavalla_-_ina_izvor_tu_paduri.mp3:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\logonfix_1.1.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\logonfix_1.1.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\ojz39m5v.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\RogueKillerX64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\RogueKillerX64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\rootkitremover.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\rootkitremover.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\tdsskiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\vba32arkit.zip:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\winupdatefix_1.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\winupdatefix_1.3.exe:$CmdZnID
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75871648.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75871648.sys
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"C:\Users\g3rman\Desktop\FRST64(1).exe" => File/Directory not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Simp => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipediaro.xml" => not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi not found.
McComponentHostService => Service not found.
MFE_RR => Service not found.
"C:\Windows\system32\2015-02-11-06-12-53.049-AvastVBoxSVC.exe-4952.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-11-59-13.082-AvastVBoxSVC.exe-2080.log" => File/Directory not found.
"C:\Users\g3rman\Downloads\RootkitRemover_20150210_200135.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-17-52-55.014-AvastVBoxSVC.exe-" => File/Directory not found.
"C:\Windows\system32\2015-02-10-13-24-02.087-AvastVBoxSVC.exe-3200.log" => File/Directory not found.
"C:\Users\g3rman\Downloads\vba32arkit.zip" => File/Directory not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\ojz39m5v.exe" => File/Directory not found.
"C:\Windows\system32\2015-02-10-07-06-38.045-AvastVBoxSVC.exe-4076.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-06-49-38.002-AvastVBoxSVC.exe-3400.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-18-48-52.054-AvastVBoxSVC.exe-1448.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-18-34-04.008-AvastVBoxSVC.exe-3960.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-03-17-30.059-AvastVBoxSVC.exe-3404.log" => File/Directory not found.
"C:\Windows\system32\2015-02-07-23-14-58.041-AvastVBoxSVC.exe-5008.log" => File/Directory not found.
"C:\Windows\system32\2015-02-07-01-00-49.083-AvastVBoxSVC.exe-2180.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-14-19-35.017-AvastVBoxSVC.exe-4664.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-12-26-54.007-AvastVBoxSVC.exe-3744.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-12-14-10.025-AvastVBoxSVC.exe-3272.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-09-30-50.031-AvastVBoxSVC.exe-3476.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-22-55-52.002-AvastVBoxSVC.exe-3264.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-35-13.085-aswFe.exe-4780.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-24-30.084-aswFe.exe-3764.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-24-26.029-AvastVBoxSVC.exe-972.log" => File/Directory not found.
"C:\ProgramData\AVAST Software" => File/Directory not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\avastclear(1).exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => File/Directory not found.
"C:\ProgramData\Ament.ini" => File/Directory not found.
"C:\Users\g3rman\AppData\Local\Temp\dllnt_dump.dll" => File/Directory not found.
"C:\Users\g3rman\AppData\Local\Temp\{06D48137-20E6-45E2-AE4A-5B6F72CFC0EB}.exe" => File/Directory not found.
"C:\Windows\grep.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\MBR.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\NIRCMD.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\PEV.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\sed.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWREG.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWSC.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWXCACLS.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\zip.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ie4uinit.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwcollector.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwcollectorres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MsSpellCheckingFacility.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncsi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Desktop\FRST64(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Desktop\udreatrai.jpg" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\adwcleaner_4.109.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\adwcleaner_4.109.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\avastclear(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\ComboFix.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\ComboFix.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\gionyro_mp3s_archives_kavalla_-_ina_izvor_tu_paduri.rar" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\kavalla_-_haidi_na_martsa_707_versuri.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\kavalla_-_ina_izvor_tu_paduri.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\logonfix_1.1.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\logonfix_1.1.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\ojz39m5v.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\tdsskiller.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\tdsskiller.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\vba32arkit.zip" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\winupdatefix_1.3.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\winupdatefix_1.3.exe" => ":$CmdZnID" ADS not found.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75871648.sys => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75871648.sys => Error: No automatic fix found for this entry.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 176.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:03:22 ====



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 12 February 2015 - 04:28 PM

Hi george0000,
 
Transactions failed again.
 
Please run the following for me.

Farbar's Recovery Scan Tool
For this step you will need a USB flash drive.

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of attachment into the open notepad and save it on the flashdrive as fixlist.txt
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool

----------

Entering into the System Recovery Options

Option :step1:

To enter System Recovery Options in Windows 8:

Option :step2:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

Option :step3:

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next

----------

Running Farbar's Recovery Scan Tool in System Recovery

  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Attempt to reboot your computer into Normal (or Safe) Mode and check the performance
  • If you are able to boot, rerun FRST making sure to place a check mark in Addition.txt

*****************************************************************************

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

  • Does your computer boot properly?
  • FRST report(s)

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 george0000

george0000
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 13 February 2015 - 06:47 AM

i tried for several hours but it says the device e: is not ready..., and is hard to enter the recovery boot



#13 george0000

george0000
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 13 February 2015 - 07:15 AM

done in safe mode

 

but did not work

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015
Ran by g3rman at 2015-02-13 14:07:54 Run:8
Running from C:\Users\g3rman\Desktop
Loaded Profiles: g3rman (Available profiles: g3rman)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************

HKLM-x32\...\Run: [] => [X]
C:\Users\g3rman\Desktop\FRST64(1).exe
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Run: [Simp] => C:\Program Files (x86)\Secway\SimpLite-Yahoo 2.5\SimpLite-Yahoo.exe [2044416 2012-04-17]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipediaro.xml
FF HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
S3 MFE_RR; \??\C:\Users\g3rman\AppData\Local\Temp\mfe_rr.sys [X]
C:\Windows\system32\2015-02-11-06-12-53.049-AvastVBoxSVC.exe-4952.log
C:\Windows\system32\2015-02-10-11-59-13.082-AvastVBoxSVC.exe-2080.log
2015-02-10 20:01 - 2015-02-10 20:01 - 00000310 _____ () C:\Users\g3rman\Downloads\RootkitRemover_20150210_200135.log
2015-02-10 19:52 - 2015-02-10 19:53 - 00000197 _____ () C:\Windows\system32\2015-02-10-17-52-55.014-AvastVBoxSVC.exe-
2015-02-10 15:24 - 2015-02-10 15:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-13-24-02.087-AvastVBoxSVC.exe-3200.log
2015-02-10 14:26 - 2015-02-10 14:26 - 01472131 _____ () C:\Users\g3rman\Downloads\vba32arkit.zip
2015-02-10 14:26 - 2015-02-10 14:26 - 00783120 _____ (McAfee, Inc.) C:\Users\g3rman\Downloads\rootkitremover.exe
C:\Users\g3rman\Downloads\ojz39m5v.exe
2015-02-10 09:06 - 2015-02-10 09:06 - 00000197 _____ () C:\Windows\system32\2015-02-10-07-06-38.045-AvastVBoxSVC.exe-4076.log
2015-02-10 08:49 - 2015-02-10 08:49 - 00000197 _____ () C:\Windows\system32\2015-02-10-06-49-38.002-AvastVBoxSVC.exe-3400.log
2015-02-09 20:48 - 2015-02-09 20:48 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-48-52.054-AvastVBoxSVC.exe-1448.log
2015-02-09 20:34 - 2015-02-09 20:34 - 00000197 _____ () C:\Windows\system32\2015-02-09-18-34-04.008-AvastVBoxSVC.exe-3960.log
2015-02-09 05:17 - 2015-02-09 05:17 - 00000197 _____ () C:\Windows\system32\2015-02-09-03-17-30.059-AvastVBoxSVC.exe-3404.log
2015-02-08 01:14 - 2015-02-08 01:15 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-14-58.041-AvastVBoxSVC.exe-5008.log
2015-02-07 03:00 - 2015-02-07 03:00 - 00000197 _____ () C:\Windows\system32\2015-02-07-01-00-49.083-AvastVBoxSVC.exe-2180.log
2015-02-06 16:19 - 2015-02-06 16:19 - 00000197 _____ () C:\Windows\system32\2015-02-06-14-19-35.017-AvastVBoxSVC.exe-4664.log
2015-02-06 14:26 - 2015-02-06 14:26 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-26-54.007-AvastVBoxSVC.exe-3744.log
2015-02-06 14:14 - 2015-02-06 14:14 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-14-10.025-AvastVBoxSVC.exe-3272.log
2015-02-06 11:30 - 2015-02-06 11:30 - 00000197 _____ () C:\Windows\system32\2015-02-06-09-30-50.031-AvastVBoxSVC.exe-3476.log
2015-02-06 00:55 - 2015-02-06 00:56 - 00000197 _____ () C:\Windows\system32\2015-02-05-22-55-52.002-AvastVBoxSVC.exe-3264.log
2015-02-05 12:35 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-35-13.085-aswFe.exe-4780.log
2015-02-05 12:24 - 2015-02-05 12:35 - 00000247 _____ () C:\Windows\system32\2015-02-05-10-24-30.084-aswFe.exe-3764.log
2015-02-05 12:24 - 2015-02-05 12:24 - 00000197 _____ () C:\Windows\system32\2015-02-05-10-24-26.029-AvastVBoxSVC.exe-972.log
2015-02-05 07:19 - 2015-02-11 08:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-05 07:18 - 2015-02-05 07:19 - 132469808 _____ (AVAST Software) C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe
2015-02-05 07:01 - 2015-02-05 07:01 - 05040384 _____ (AVAST Software) C:\Users\g3rman\Downloads\avastclear(1).exe
C:\Users\g3rman\Downloads\RogueKillerX64(1).exe
C:\ProgramData\Ament.ini
C:\Users\g3rman\AppData\Local\Temp\dllnt_dump.dll
C:\Users\g3rman\AppData\Local\Temp\{06D48137-20E6-45E2-AE4A-5B6F72CFC0EB}.exe
AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Desktop\FRST64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Desktop\udreatrai.jpg:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\adwcleaner_4.109.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\adwcleaner_4.109.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\avastclear(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\gionyro_mp3s_archives_kavalla_-_ina_izvor_tu_paduri.rar:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\kavalla_-_haidi_na_martsa_707_versuri.mp3:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\kavalla_-_ina_izvor_tu_paduri.mp3:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\logonfix_1.1.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\logonfix_1.1.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\ojz39m5v.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\RogueKillerX64(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\RogueKillerX64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\rootkitremover.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\rootkitremover.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\tdsskiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\vba32arkit.zip:$CmdZnID
AlternateDataStreams: C:\Users\g3rman\Downloads\winupdatefix_1.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\g3rman\Downloads\winupdatefix_1.3.exe:$CmdZnID
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75871648.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75871648.sys
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"C:\Users\g3rman\Desktop\FRST64(1).exe" => File/Directory not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Simp => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipediaro.xml" => not found.
HKU\S-1-5-21-2932890408-3273430557-4101837277-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi not found.
McComponentHostService => Service not found.
MFE_RR => Service not found.
"C:\Windows\system32\2015-02-11-06-12-53.049-AvastVBoxSVC.exe-4952.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-11-59-13.082-AvastVBoxSVC.exe-2080.log" => File/Directory not found.
"C:\Users\g3rman\Downloads\RootkitRemover_20150210_200135.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-17-52-55.014-AvastVBoxSVC.exe-" => File/Directory not found.
"C:\Windows\system32\2015-02-10-13-24-02.087-AvastVBoxSVC.exe-3200.log" => File/Directory not found.
"C:\Users\g3rman\Downloads\vba32arkit.zip" => File/Directory not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\ojz39m5v.exe" => File/Directory not found.
"C:\Windows\system32\2015-02-10-07-06-38.045-AvastVBoxSVC.exe-4076.log" => File/Directory not found.
"C:\Windows\system32\2015-02-10-06-49-38.002-AvastVBoxSVC.exe-3400.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-18-48-52.054-AvastVBoxSVC.exe-1448.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-18-34-04.008-AvastVBoxSVC.exe-3960.log" => File/Directory not found.
"C:\Windows\system32\2015-02-09-03-17-30.059-AvastVBoxSVC.exe-3404.log" => File/Directory not found.
"C:\Windows\system32\2015-02-07-23-14-58.041-AvastVBoxSVC.exe-5008.log" => File/Directory not found.
"C:\Windows\system32\2015-02-07-01-00-49.083-AvastVBoxSVC.exe-2180.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-14-19-35.017-AvastVBoxSVC.exe-4664.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-12-26-54.007-AvastVBoxSVC.exe-3744.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-12-14-10.025-AvastVBoxSVC.exe-3272.log" => File/Directory not found.
"C:\Windows\system32\2015-02-06-09-30-50.031-AvastVBoxSVC.exe-3476.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-22-55-52.002-AvastVBoxSVC.exe-3264.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-35-13.085-aswFe.exe-4780.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-24-30.084-aswFe.exe-3764.log" => File/Directory not found.
"C:\Windows\system32\2015-02-05-10-24-26.029-AvastVBoxSVC.exe-972.log" => File/Directory not found.
"C:\ProgramData\AVAST Software" => File/Directory not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\avastclear(1).exe" => File/Directory not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => File/Directory not found.
"C:\ProgramData\Ament.ini" => File/Directory not found.
"C:\Users\g3rman\AppData\Local\Temp\dllnt_dump.dll" => File/Directory not found.
"C:\Users\g3rman\AppData\Local\Temp\{06D48137-20E6-45E2-AE4A-5B6F72CFC0EB}.exe" => File/Directory not found.
"C:\Windows\grep.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\MBR.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\NIRCMD.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\PEV.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\sed.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWREG.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWSC.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SWXCACLS.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\zip.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ie4uinit.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwcollector.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwcollectorres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MsSpellCheckingFacility.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncsi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Desktop\FRST64(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Desktop\udreatrai.jpg" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\adwcleaner_4.109.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\adwcleaner_4.109.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\avastclear(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\avast_free_antivirus_setup.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\ComboFix.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\ComboFix.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\gionyro_mp3s_archives_kavalla_-_ina_izvor_tu_paduri.rar" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\kavalla_-_haidi_na_martsa_707_versuri.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\kavalla_-_ina_izvor_tu_paduri.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\logonfix_1.1.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\logonfix_1.1.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\mbam-setup-2.0.4.1028.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\ojz39m5v.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\RogueKillerX64(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\rootkitremover.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\shortcut-module_30.01.2015.3.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\tdsskiller.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\tdsskiller.exe" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\tsclean_1.1.0.5.zip" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\vba32arkit.zip" => ":$CmdZnID" ADS not found.
"C:\Users\g3rman\Downloads\winupdatefix_1.3.exe" => ":$CmdTcID" ADS not found.
"C:\Users\g3rman\Downloads\winupdatefix_1.3.exe" => ":$CmdZnID" ADS not found.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75871648.sys => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75871648.sys => Error: No automatic fix found for this entry.

=========  ipconfig /flushdns =========


Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========

EmptyTemp: => Removed 18.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:07:59 ====



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 13 February 2015 - 07:40 AM

Hi george0000,

 

Please do the following.

 

Please be sure to run our tools with administrator rights.

 

ComboFix run:

 

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 george0000

george0000
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 13 February 2015 - 07:54 AM

ComboFix 15-02-13.02 - g3rman 02/13/2015  14:44:44.11.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3991.2771 [GMT 2:00]
Running from: c:\users\g3rman\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-13 to 2015-02-13  )))))))))))))))))))))))))))))))
.
.
2015-02-13 12:50 . 2015-02-13 12:50    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-02-13 12:50 . 2015-02-13 12:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-02-12 06:31 . 2015-02-12 06:31    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-02-12 06:31 . 2015-02-12 06:31    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2015-02-12 06:31 . 2015-02-12 06:31    6041600    ----a-w-    c:\windows\system32\jscript9.dll
2015-02-12 06:31 . 2015-02-12 06:31    4300800    ----a-w-    c:\windows\SysWow64\jscript9.dll
2015-02-11 06:48 . 2015-02-11 06:48    341504    ----a-w-    c:\windows\system32\schannel.dll
2015-02-11 06:48 . 2015-02-11 06:48    248832    ----a-w-    c:\windows\SysWow64\schannel.dll
2015-02-11 06:48 . 2015-02-11 06:48    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2015-02-11 06:47 . 2015-02-11 06:47    728064    ----a-w-    c:\windows\system32\kerberos.dll
2015-02-11 06:47 . 2015-02-11 06:47    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2015-02-11 06:47 . 2015-02-11 06:47    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2015-02-11 06:47 . 2015-02-11 06:47    210944    ----a-w-    c:\windows\system32\wdigest.dll
2015-02-11 06:47 . 2015-02-11 06:47    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2015-02-11 06:47 . 2015-02-11 06:47    309760    ----a-w-    c:\windows\system32\ncrypt.dll
2015-02-11 06:47 . 2015-02-11 06:47    221184    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2015-02-11 06:47 . 2015-02-11 06:47    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2015-02-11 06:47 . 2015-02-11 06:47    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2015-02-11 06:47 . 2015-02-11 06:47    22016    ----a-w-    c:\windows\system32\credssp.dll
2015-02-11 06:47 . 2015-02-11 06:47    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2015-02-11 06:44 . 2015-02-11 06:44    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-02-11 06:44 . 2015-02-11 06:44    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2015-02-11 06:41 . 2015-02-11 06:41    49664    ----a-w-    c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-02-11 06:40 . 2015-02-11 06:40    406528    ----a-w-    c:\windows\system32\scesrv.dll
2015-02-11 06:40 . 2015-02-11 06:40    3201536    ----a-w-    c:\windows\system32\win32k.sys
2015-02-11 06:40 . 2015-02-11 06:40    308224    ----a-w-    c:\windows\SysWow64\scesrv.dll
2015-02-11 06:37 . 2015-02-11 06:37    5554112    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-02-11 06:37 . 2015-02-11 06:37    3972544    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 06:37 . 2015-02-11 06:37    3917760    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 06:37 . 2015-02-11 06:37    503808    ----a-w-    c:\windows\system32\srcore.dll
2015-02-11 06:37 . 2015-02-11 06:37    296960    ----a-w-    c:\windows\system32\rstrui.exe
2015-02-11 06:37 . 2015-02-11 06:37    50176    ----a-w-    c:\windows\system32\srclient.dll
2015-02-11 06:37 . 2015-02-11 06:37    43008    ----a-w-    c:\windows\SysWow64\srclient.dll
2015-02-11 06:18 . 2015-02-11 06:18    --------    d-s---w-    c:\windows\SysWow64\Microsoft
2015-02-05 05:28 . 2015-02-05 05:28    --------    d-----w-    c:\program files (x86)\GUM81CC.tmp
2015-02-05 05:28 . 2015-02-05 05:28    6103040    ----a-w-    c:\program files (x86)\GUT81CD.tmp
2015-02-05 05:25 . 2015-02-05 05:26    --------    d-----w-    c:\windows\SysWow64\vbox
2015-02-05 05:25 . 2015-02-05 05:26    --------    d-----w-    c:\windows\system32\vbox
2015-02-05 05:22 . 2015-02-05 05:22    --------    d-----w-    c:\users\g3rman\AppData\Local\Google
2015-02-05 05:22 . 2015-02-05 05:22    --------    d-----w-    c:\program files (x86)\Google
2015-02-05 01:18 . 2015-02-11 10:27    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-02-05 01:18 . 2015-02-05 01:18    --------    d-----w-    c:\programdata\RogueKiller
2015-02-05 00:36 . 2015-02-05 00:36    --------    d-----w-    C:\found.000
2015-01-14 13:44 . 2015-01-14 13:44    52736    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2015-01-14 13:44 . 2015-01-14 13:44    210432    ----a-w-    c:\windows\system32\profsvc.dll
2015-01-14 13:44 . 2015-01-14 13:44    303616    ----a-w-    c:\windows\system32\nlasvc.dll
2015-01-14 13:44 . 2015-01-14 13:44    52224    ----a-w-    c:\windows\SysWow64\nlaapi.dll
2015-01-14 13:44 . 2015-01-14 13:44    156672    ----a-w-    c:\windows\SysWow64\ncsi.dll
2015-01-14 13:44 . 2015-01-14 13:44    141312    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-12 19:14 . 2014-04-29 04:32    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-12 18:05 . 2014-04-29 04:31    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-02-12 18:05 . 2014-04-29 04:31    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-02-12 18:05 . 2014-04-29 04:31    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-02-11 06:24 . 2014-04-26 15:47    116773704    ----a-w-    c:\windows\system32\MRT.exe
2015-02-04 21:36 . 2014-04-26 15:14    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 21:36 . 2014-04-26 15:14    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 12:27 . 2014-04-16 19:12    45880    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
2015-01-30 12:27 . 2014-04-16 19:12    104608    ----a-w-    c:\windows\system32\drivers\inspect.sys
2015-01-30 12:27 . 2014-04-16 19:12    792648    ----a-w-    c:\windows\system32\drivers\cmdguard.sys
2015-01-30 12:27 . 2014-04-16 19:12    20184    ----a-w-    c:\windows\system32\drivers\cmderd.sys
2015-01-30 12:27 . 2014-03-25 17:22    40736    ----a-w-    c:\windows\system32\cmdcsr.dll
2015-01-30 12:27 . 2014-03-25 17:22    386768    ----a-w-    c:\windows\SysWow64\guard32.dll
2015-01-30 12:27 . 2014-03-25 17:22    481576    ----a-w-    c:\windows\system32\guard64.dll
2015-01-30 12:27 . 2014-03-25 17:22    354520    ----a-w-    c:\windows\system32\cmdvrt64.dll
2015-01-30 12:27 . 2014-03-25 17:22    45784    ----a-w-    c:\windows\system32\cmdkbd64.dll
2015-01-30 12:27 . 2014-03-25 17:22    286424    ----a-w-    c:\windows\SysWow64\cmdvrt32.dll
2015-01-30 12:27 . 2014-03-25 17:22    40664    ----a-w-    c:\windows\SysWow64\cmdkbd32.dll
2014-11-28 03:45 . 2014-11-28 03:45    48392    ----a-w-    c:\windows\SysWow64\certsentry.dll
2014-11-28 03:45 . 2014-11-24 16:28    57096    ----a-w-    c:\windows\system32\certsentry.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-01-12 18:45    1056888    ----a-w-    c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-08-13 835288]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys;c:\windows\SYSNATIVE\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys;c:\windows\SYSNATIVE\DRIVERS\Pgpwdefs.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-26 21:36]
.
2015-02-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2932890408-3273430557-4101837277-1000Core.job
- c:\users\g3rman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12 20:35]
.
2015-02-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2932890408-3273430557-4101837277-1000UA.job
- c:\users\g3rman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12 20:35]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05 05:22]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05 05:22]
.
2015-02-13 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-01-12 18:45    589432    ----a-w-    c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-05 441152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-05 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-05 398656]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-02-03 1297624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\g3rman\AppData\Roaming\Mozilla\Firefox\Profiles\b773dk2x.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-75871648.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
@DACL=(02 0000)
"Description"="Ag Player Plugin"
"GeckoVersion"="1.7.5"
"Path"="c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll"
"ProductName"="Ag Player"
"Vendor"="Microsoft"
"Version"="5.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll"
"Version"="11.0.07"
"Vendor"="Adobe Systems Incorporated. Copyright 1994-2010 All Rights Reserved"
"ProductName"="Adobe Reader Plugin for Firefox"
"Description"="Handles PDFs in-place in Firefox"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-02-13  14:53:45
ComboFix-quarantined-files.txt  2015-02-13 12:53
ComboFix2.txt  2015-02-10 11:50
ComboFix3.txt  2015-02-05 04:53
ComboFix4.txt  2014-09-30 12:18
ComboFix5.txt  2015-02-13 12:43
.
Pre-Run: 408,033,861,632 bytes free
Post-Run: 407,954,300,928 bytes free
.
- - End Of File - - 704704E16182F3BDF8D9B85A1F01D6B2
A36C5E4F47E84449FF07ED3517B43A31
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users