Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unkown, Unsigned startup program


  • This topic is locked This topic is locked
44 replies to this topic

#1 consultantbis

consultantbis

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 20 April 2015 - 02:15 PM

Mod Edit: Moved to Malware logs forum ~~ boopme


Hi, I have a start up program that has no signiture that I can't find good info online about and would like to know that it's safe.
 
Logfile of random's system information tool 1.10 (written by random/random)
Run by Homie at 2015-04-20 14:59:46
Microsoft® Windows Vista™ Business  Service Pack 2
System drive C: has 78 GB (51%) free of 153 GB
Total RAM: 3931 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:59:51 PM, on 4/20/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16636)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe
C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe
C:\Windows\SysWOW64\ctfmon.exe
c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\agcp.exe
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Homie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE6407~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bitdefender Anti-Theft Service (atserv) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender Anti-Theft\atserv.exe (file missing)
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther VPN Project at University of Tsukuba, Japan. - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Anti-Theft Update Service (UPDATESRV_ANTITHEFT) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender Anti-Theft\updatesrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: NETGEAR A6200 Service (WNDA6200) - Unknown owner - C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe

--
End of file - 8118 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe 2123520
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe"
"C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /service
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {C2C9C437-2FD8-4A2C-8356-20EE8315B6D2}
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {E51F00E8-3B32-4716-99F2-BCF60A916122}
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
"C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
"C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe" /startup
"C:\\Program Files (x86)\\NETGEAR\\A6200\\A6200.exe" -s
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
"C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
"C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe" -s
"C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe" -d id=0 sid=1548
ctfmon.exe
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI=VirtualKiosk
agcp.exe 5692 2168
"C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5464.1cacd350.317882056 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 5464 "\\.\pipe\gecko-crash-server-pipe.5464" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe" --proxy-stub-channel=Flash4144.6644BE28.32076 --host-broker-channel=Flash4144.6644BE28.14735 --host-pid=4144 --host-npapi-version=28 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe" --channel=5232.0014F404.385417471 --proxy-stub-channel=Flash4144.6644BE28.32076 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll" --host-npapi-version=28 --type=renderer
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 1000 1004 1012 65536 1008
"C:\Users\Homie\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-07-20 2471744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1584184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-07-20 163384]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-07-20 387640]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-07-20 418360]
"THXCfg64"=C:\Windows\system32\THXCfg64.dll [2010-09-14 25600]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
"SoftEther VPN Client UI Helper"=C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2014-08-23 4352568]
"GENIE"=C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [2013-02-18 348888]
"LanuchApp"=C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [2012-07-11 15136]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-20 1426136]
"InstallerLauncher"=C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2014-07-20 1310720]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"ZALFree"=C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [2015-04-17 8205944]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SoftEther VPN Client Manager Startup.lnk - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\KEYCRY~1\KE6709~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-07-20 272384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-04-20 14:59:46 ----D---- C:\rsit
2015-04-20 14:59:46 ----D---- C:\Program Files\trend micro
2015-04-20 14:51:46 ----HD---- C:\VTRoot
2015-04-20 14:43:12 ----D---- C:\AdwCleaner
2015-04-19 19:51:23 ----D---- C:\ProgramData\Cisco Systems
2015-04-19 16:58:42 ----A---- C:\TDSSKiller.3.0.0.44_19.04.2015_16.58.42_log.txt
2015-04-17 14:25:23 ----D---- C:\Program Files (x86)\Zemana AntiLogger Free
2015-04-17 14:25:23 ----A---- C:\Windows\system32\drivers\KeyCrypt64.sys
2015-04-15 11:40:57 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 11:40:57 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 11:40:30 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-04-15 11:40:30 ----A---- C:\Windows\SYSWOW64\user.exe
2015-04-15 11:40:30 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-04-15 11:40:30 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-04-15 11:40:30 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-04-15 11:40:30 ----A---- C:\Windows\system32\wow64win.dll
2015-04-15 11:40:30 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-15 11:40:30 ----A---- C:\Windows\system32\wow64.dll
2015-04-15 11:40:30 ----A---- C:\Windows\system32\ntvdm64.dll
2015-04-15 11:40:29 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-15 11:40:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:40:29 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 11:33:10 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-15 11:33:10 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 11:33:10 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 11:32:51 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 11:32:51 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 10:13:40 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-15 10:13:40 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-04-15 10:13:40 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-15 10:13:40 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-04-15 10:13:40 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-04-15 10:13:40 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 10:13:40 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 10:13:39 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-15 10:13:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-04-15 10:13:39 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-04-15 10:13:39 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 10:13:39 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-15 10:13:39 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-15 10:13:38 ----A---- C:\Windows\system32\jscript.dll
2015-04-15 10:13:38 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-15 10:13:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-15 10:13:37 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 10:13:37 ----A---- C:\Windows\system32\ieui.dll
2015-04-15 10:13:36 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 10:13:35 ----A---- C:\Windows\SYSWOW64\url.dll
2015-04-15 10:13:35 ----A---- C:\Windows\SYSWOW64\mshta.exe
2015-04-15 10:13:35 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2015-04-15 10:13:35 ----A---- C:\Windows\system32\mshta.exe
2015-04-15 10:13:35 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-04-15 10:13:35 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 10:13:34 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-15 10:13:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-04-15 10:13:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-04-15 10:13:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-15 10:13:34 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 10:13:34 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-15 10:13:34 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 10:13:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-15 10:13:33 ----A---- C:\Windows\system32\url.dll
2015-04-15 10:13:33 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 10:13:32 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2015-04-15 10:13:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-15 10:13:32 ----A---- C:\Windows\system32\msfeedssync.exe
2015-04-08 21:38:57 ----D---- C:\Users\Homie\AppData\Roaming\Intuit
2015-04-08 21:27:52 ----D---- C:\Program Files (x86)\TurboTax
2015-04-08 21:27:14 ----D---- C:\ProgramData\Intuit
2015-04-08 17:10:37 ----D---- C:\Program Files (x86)\Sophos
2015-04-05 16:55:48 ----A---- C:\Windows\system32\certsentry.exe
2015-04-02 20:00:09 ----A---- C:\Windows\dd_vcredistMSI7647.txt
2015-04-02 20:00:08 ----A---- C:\Windows\dd_vcredistUI7647.txt
2015-04-02 19:45:40 ----D---- C:\Windows\Minidump
2015-04-02 19:43:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-04-01 20:58:16 ----D---- C:\Program Files (x86)\SecurityXploded
2015-04-01 16:52:44 ----D---- C:\Program Files (x86)\KeyCryptSDK
2015-04-01 16:52:44 ----A---- C:\Windows\SYSWOW64\ZALSDKCore.dll
2015-04-01 14:50:51 ----A---- C:\Windows\system32\drivers\sfi.dat
2015-04-01 14:47:48 ----D---- C:\ProgramData\Shared Space
2015-04-01 14:46:26 ----D---- C:\Program Files\COMODO
2015-04-01 14:45:53 ----D---- C:\ProgramData\Comodo Downloader
2015-04-01 11:54:01 ----A---- C:\Windows\SYSWOW64\msi.dll
2015-04-01 11:54:01 ----A---- C:\Windows\system32\msi.dll
2015-04-01 11:53:55 ----A---- C:\Windows\system32\oleaut32.dll
2015-04-01 11:53:54 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-04-01 11:42:38 ----A---- C:\Windows\SYSWOW64\tzres.dll
2015-04-01 11:42:38 ----A---- C:\Windows\system32\tzres.dll
2015-03-31 21:37:18 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-31 21:37:18 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-31 21:37:18 ----A---- C:\Windows\system32\atmlib.dll
2015-03-31 21:37:18 ----A---- C:\Windows\system32\atmfd.dll
2015-03-31 21:36:30 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-03-31 21:36:30 ----A---- C:\Windows\system32\scesrv.dll
2015-03-31 21:34:09 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-31 21:34:09 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-31 21:33:53 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-03-31 21:33:38 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-31 21:33:38 ----A---- C:\Windows\system32\msctf.dll
2015-03-31 21:33:04 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2015-03-31 21:33:04 ----A---- C:\Windows\system32\IMJP10K.DLL
2015-03-31 21:32:50 ----A---- C:\Windows\system32\win32k.sys
2015-03-31 21:32:28 ----A---- C:\Windows\SYSWOW64\mscories.dll
2015-03-31 21:32:28 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2015-03-31 21:32:28 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2015-03-31 21:32:28 ----A---- C:\Windows\system32\mscories.dll
2015-03-31 21:32:28 ----A---- C:\Windows\system32\mscorier.dll
2015-03-31 21:32:27 ----A---- C:\Windows\system32\dfshim.dll
2015-03-31 21:32:15 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-31 21:32:15 ----A---- C:\Windows\system32\kerberos.dll
2015-03-31 21:32:03 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-31 21:32:03 ----A---- C:\Windows\system32\shell32.dll
2015-03-31 21:31:28 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-31 21:31:28 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-31 21:31:28 ----A---- C:\Windows\system32\msaudite.dll
2015-03-31 21:31:28 ----A---- C:\Windows\system32\adtschema.dll
2015-03-31 21:31:27 ----A---- C:\Windows\system32\termsrv.dll
2015-03-31 21:31:10 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-31 21:31:10 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-31 21:31:10 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-31 21:31:10 ----A---- C:\Windows\SYSWOW64\audiodg.exe
2015-03-31 21:31:10 ----A---- C:\Windows\system32\EncDump.dll
2015-03-31 21:31:10 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-31 21:31:10 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-31 21:31:10 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-31 21:25:04 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-03-31 21:25:04 ----A---- C:\Windows\system32\WMPhoto.dll
2015-03-31 21:23:52 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-03-31 21:23:52 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-03-31 21:23:52 ----A---- C:\Windows\system32\nlasvc.dll
2015-03-31 21:23:52 ----A---- C:\Windows\system32\nlaapi.dll
2015-03-31 21:23:48 ----A---- C:\Windows\system32\profsvc.dll
2015-03-31 21:23:45 ----A---- C:\Windows\SYSWOW64\packager.dll
2015-03-31 21:23:45 ----A---- C:\Windows\system32\packager.dll
2015-03-31 21:23:41 ----A---- C:\Windows\system32\drivers\fastfat.sys
2015-03-31 21:23:36 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-03-31 21:23:36 ----A---- C:\Windows\system32\msxml3r.dll
2015-03-31 21:23:16 ----A---- C:\Windows\system32\smss.exe
2015-03-31 21:23:16 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-31 21:22:33 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-31 21:22:30 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-31 21:22:30 ----A---- C:\Windows\system32\schannel.dll
2015-03-31 21:22:30 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-31 21:22:30 ----A---- C:\Windows\system32\drivers\ksecdd.sys

======List of files/folders modified in the last 1 month======

2015-04-20 14:59:51 ----D---- C:\Windows\Prefetch
2015-04-20 14:59:50 ----D---- C:\Windows\Temp
2015-04-20 14:59:46 ----RD---- C:\Program Files
2015-04-20 14:55:42 ----D---- C:\Program Files\SoftEther VPN Client
2015-04-20 14:52:33 ----D---- C:\Windows\System32
2015-04-20 14:52:33 ----D---- C:\Windows\inf
2015-04-20 14:52:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-20 14:51:40 ----D---- C:\Windows\system32\drivers
2015-04-20 14:45:29 ----D---- C:\ProgramData
2015-04-20 12:15:47 ----D---- C:\Windows\SysWOW64
2015-04-20 10:46:43 ----SHD---- C:\Windows\Installer
2015-04-20 09:47:38 ----D---- C:\Windows\system32\catroot2
2015-04-19 21:35:34 ----SHD---- C:\System Volume Information
2015-04-18 20:46:39 ----D---- C:\Program Files\SUPERAntiSpyware
2015-04-17 14:25:23 ----RD---- C:\Program Files (x86)
2015-04-15 20:25:44 ----D---- C:\Windows\Microsoft.NET
2015-04-15 20:24:16 ----RSD---- C:\Windows\assembly
2015-04-15 19:25:51 ----D---- C:\ProgramData\ProductData
2015-04-15 14:46:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-15 11:51:53 ----D---- C:\Windows\AppPatch
2015-04-15 11:51:51 ----D---- C:\Windows\SYSWOW64\migration
2015-04-15 11:51:51 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-15 11:51:50 ----D---- C:\Windows\system32\migration
2015-04-15 11:51:49 ----D---- C:\Program Files\Internet Explorer
2015-04-15 11:41:07 ----D---- C:\Windows\winsxs
2015-04-15 11:41:05 ----D---- C:\Windows\system32\catroot
2015-04-15 11:38:44 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 11:37:31 ----D---- C:\Windows\system32\MRT
2015-04-15 11:33:34 ----A---- C:\Windows\system32\mrt.exe
2015-04-14 22:22:46 ----D---- C:\Windows\system32\WDI
2015-04-13 19:39:45 ----D---- C:\Users\Homie\AppData\Roaming\Skype
2015-04-09 10:44:44 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 21:38:43 ----RSD---- C:\Windows\Fonts
2015-04-08 21:34:32 ----D---- C:\Program Files (x86)\Common Files
2015-04-08 17:17:50 ----D---- C:\ProgramData\Sophos
2015-04-08 17:08:04 ----D---- C:\Users\Homie\AppData\Roaming\Microsoft
2015-04-06 17:51:07 ----D---- C:\Windows\twain_32
2015-04-06 17:51:07 ----D---- C:\ProgramData\HP
2015-04-06 17:46:33 ----D---- C:\Program Files (x86)\MathMagic for Captivate
2015-04-05 17:31:03 ----D---- C:\Windows\system32\Tasks
2015-04-05 17:31:02 ----A---- C:\Windows\SYSWOW64\certsentry.dll
2015-04-05 17:31:02 ----A---- C:\Windows\system32\certsentry.dll
2015-04-05 16:55:34 ----D---- C:\Program Files (x86)\Comodo
2015-04-02 20:00:11 ----D---- C:\Windows
2015-04-01 16:37:24 ----D---- C:\Program Files\Bitdefender
2015-04-01 16:24:36 ----D---- C:\Program Files\Common Files\Bitdefender
2015-04-01 16:22:53 ----A---- C:\bdlog.txt
2015-04-01 16:22:15 ----D---- C:\Windows\system32\drivers\etc
2015-04-01 14:52:20 ----D---- C:\ProgramData\Comodo
2015-04-01 13:48:24 ----A---- C:\Windows\system32\cmdcsr.dll
2015-04-01 13:48:18 ----A---- C:\Windows\SYSWOW64\guard32.dll
2015-04-01 13:48:15 ----A---- C:\Windows\system32\guard64.dll
2015-04-01 13:47:18 ----A---- C:\Windows\system32\cmdvrt64.dll
2015-04-01 13:46:51 ----A---- C:\Windows\system32\cmdkbd64.dll
2015-04-01 13:45:54 ----A---- C:\Windows\SYSWOW64\cmdvrt32.dll
2015-04-01 13:45:27 ----A---- C:\Windows\SYSWOW64\cmdkbd32.dll
2015-04-01 13:17:09 ----D---- C:\Program Files\Common Files
2015-04-01 12:23:25 ----D---- C:\Windows\rescache
2015-04-01 11:42:57 ----D---- C:\Windows\SYSWOW64\en-US
2015-04-01 11:42:57 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2015-04-01 20696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2015-04-01 798816]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2015-04-01 44856]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2015-04-01 104608]
R1 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-26 35344]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R3 A6200;NETGEAR A6200 WiFi Adapter Driver; C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [2013-03-07 1974576]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2014-07-20 499200]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k60x64.sys [2010-04-06 279216]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2014-07-20 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-07-20 10629408]
R3 keycrypt;keycrypt; C:\Windows\system32\DRIVERS\KeyCrypt64.sys [2015-04-17 76520]
R3 Neo_VPN;VPN Client Device Driver - VPN; C:\Windows\system32\DRIVERS\Neo_0025.sys [2014-08-23 29536]
R3 Neo_VPN2;VPN Client Device Driver - VPN2; C:\Windows\system32\DRIVERS\Neo_0008.sys [2014-08-23 29536]
R3 Neo_VPN3;VPN Client Device Driver - VPN3; C:\Windows\system32\DRIVERS\Neo_0066.sys [2014-08-23 29536]
R3 Neo_VPN4;VPN Client Device Driver - VPN4; C:\Windows\system32\DRIVERS\Neo_0080.sys [2014-08-23 29536]
R3 Neo_VPN5;VPN Client Device Driver - VPN5; C:\Windows\system32\DRIVERS\Neo_0034.sys [2014-08-23 29536]
R3 Neo_VPN6;VPN Client Device Driver - VPN6; C:\Windows\system32\DRIVERS\Neo_0098.sys [2014-08-23 29536]
R3 SEE;SoftEther Ethernet Layer Driver; C:\Windows\system32\drivers\see.sys [2014-08-06 38240]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-25 87040]
S1 AntiLog32;AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys []
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-20 119296]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-20 119296]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]
S3 SRS_AE_Service;SRS Audio; C:\Windows\system32\drivers\SRS_AE_amd64.sys [2012-06-21 549704]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2014-05-16 42184]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-11 19456]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-02 40960]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-25 198656]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-22 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 ChromodoUpdater;COMODO Chromodo Update Service; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2015-04-05 2306248]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2015-04-20 5540424]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2015-03-11 2370240]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2015-04-08 14624]
R2 SEVPNCLIENT;SoftEther VPN Client; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2014-08-23 4352568]
R2 WNDA6200;NETGEAR A6200 Service; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [2012-09-24 29984]
R3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2015-04-20 2265816]
S2 atserv;Bitdefender Anti-Theft Service; C:\Program Files\Bitdefender\Bitdefender Anti-Theft\atserv.exe /service []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-12 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-23 116648]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-05-04 2152736]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S2 UPDATESRV_ANTITHEFT;Bitdefender Anti-Theft Update Service; C:\Program Files\Bitdefender\Bitdefender Anti-Theft\updatesrv.exe id UPDATESRV_ANTITHEFT /service []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-23 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-08 148080]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-04-12 1009864]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-12 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Edited by boopme, 20 April 2015 - 02:36 PM.


BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 20 April 2015 - 03:59 PM

Hello consultantbis and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 20 April 2015 - 06:20 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Homie (administrator) on HOMIE-PC on 20-04-2015 19:12:57
Running from C:\Users\Homie\Downloads
Loaded Profiles: Homie (Available profiles: Homie)
Platform: Windows Vista ™ Business Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(NETGEAR,Inc.) C:\Program Files (x86)\NETGEAR\A6200\A6200.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\agcp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [348888 2013-02-18] (NETGEAR,Inc.)
HKLM\...\Run: [LanuchApp] => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [15136 2012-07-11] ()
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-20] (COMODO)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2014-07-20] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2015-04-17] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\...\MountPoints2: {5ca674a6-1413-11e4-adde-0026b97d6cab} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE6709~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll [94664 2015-04-17] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KE6407~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll [86400 2015-04-17] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-08-23]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-07-20] (IObit)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
Tcpip\Parameters: [DhcpNameServer] 10.71.0.1

FireFox:
========
FF ProfilePath: C:\Users\Homie\AppData\Roaming\Mozilla\Firefox\Profiles\7o0jmdb8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2013-08-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2013-08-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Extension: Ghostery - C:\Users\Homie\AppData\Roaming\Mozilla\Firefox\Profiles\7o0jmdb8.default\Extensions\firefox@ghostery.com.xpi [2014-08-24]
FF Extension: S3.Google Translator - C:\Users\Homie\AppData\Roaming\Mozilla\Firefox\Profiles\7o0jmdb8.default\Extensions\s3google@translator.xpi [2014-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-20]

Chrome:
=======
CHR Profile: C:\Users\Homie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Homie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\Homie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-04-05] (Comodo)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-20] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-20] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2015-03-11] (Comodo Security Solutions, Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [29984 2012-09-24] ()
S2 atserv; "C:\Program Files\Bitdefender\Bitdefender Anti-Theft\atserv.exe" /service [X]
S2 UPDATESRV_ANTITHEFT; "C:\Program Files\Bitdefender\Bitdefender Anti-Theft\updatesrv.exe" id UPDATESRV_ANTITHEFT /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [1974576 2013-03-07] (Broadcom Corporation)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [798816 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [44856 2015-04-01] (COMODO)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [279216 2010-04-06] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2015-04-17] (Zemana Ltd.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0025.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0008.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN3; C:\Windows\System32\DRIVERS\Neo_0066.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN4; C:\Windows\System32\DRIVERS\Neo_0080.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN5; C:\Windows\System32\DRIVERS\Neo_0034.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN6; C:\Windows\System32\DRIVERS\Neo_0098.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-08-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-20] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-24] ()
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 19:12 - 2015-04-20 19:13 - 00014581 _____ () C:\Users\Homie\Downloads\FRST.txt
2015-04-20 19:12 - 2015-04-20 19:13 - 00000000 ____D () C:\FRST
2015-04-20 19:10 - 2015-04-20 19:10 - 02099712 _____ (Farbar) C:\Users\Homie\Downloads\FRST64.exe
2015-04-20 17:45 - 2015-04-20 19:03 - 00351388 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-04-20 17:39 - 2015-04-20 17:39 - 00000000 ___HD () C:\VTRoot
2015-04-20 15:36 - 2015-04-20 15:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 15:36 - 2015-04-20 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-20 15:28 - 2015-04-20 15:28 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-20 15:18 - 2015-04-20 15:19 - 16884312 _____ () C:\Users\Homie\Downloads\RogueKiller.exe
2015-04-20 15:11 - 2015-04-20 15:11 - 00018471 _____ () C:\Users\Homie\Desktop\info.txt
2015-04-20 14:59 - 2015-04-20 14:59 - 01222144 _____ () C:\Users\Homie\Downloads\RSITx64.exe
2015-04-20 14:59 - 2015-04-20 14:59 - 00000000 ____D () C:\rsit
2015-04-20 14:59 - 2015-04-20 14:59 - 00000000 ____D () C:\Program Files\trend micro
2015-04-20 14:43 - 2015-04-20 14:44 - 00000000 ____D () C:\AdwCleaner
2015-04-20 14:41 - 2015-04-20 14:42 - 00002320 _____ () C:\Users\Homie\Desktop\Rkill.txt
2015-04-20 14:40 - 2015-04-20 14:41 - 02217984 _____ () C:\Users\Homie\Downloads\adwcleaner_4.201.exe
2015-04-20 14:40 - 2015-04-20 14:40 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Homie\Downloads\rkill.com
2015-04-19 19:51 - 2015-04-19 19:51 - 00000000 ____D () C:\ProgramData\Cisco Systems
2015-04-19 16:58 - 2015-04-19 16:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Homie\Downloads\tdsskiller.exe
2015-04-17 14:39 - 2015-04-17 14:39 - 00000000 ____D () C:\Users\Homie\Downloads\Order Id 819974
2015-04-17 14:38 - 2015-04-17 14:38 - 00024144 _____ () C:\Users\Homie\Downloads\Order Id 819974.zip
2015-04-17 14:25 - 2015-04-17 14:25 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-04-17 14:25 - 2015-04-17 14:25 - 00000979 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-04-17 14:25 - 2015-04-17 14:25 - 00000000 ____D () C:\Users\Homie\AppData\Local\AntiLogger Free
2015-04-17 14:25 - 2015-04-17 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-04-17 14:25 - 2015-04-17 14:25 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2015-04-17 14:24 - 2015-04-17 14:24 - 03688000 _____ (Zemana Ltd. ) C:\Users\Homie\Downloads\AntiLoggerFree_Setup_1.8.2.198.exe
2015-04-15 23:30 - 2015-04-15 23:30 - 05242880 _____ () C:\Users\Homie\Downloads\thing2.txt
2015-04-15 23:26 - 2015-04-15 23:30 - 52428800 _____ () C:\Users\Homie\Downloads\thing.txt
2015-04-15 23:24 - 2015-04-15 23:24 - 00243200 _____ (Support.com) C:\Users\Homie\Downloads\sysprof.exe
2015-04-15 11:40 - 2015-03-13 22:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:40 - 2015-03-13 22:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:40 - 2015-03-12 21:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:40 - 2015-03-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 11:40 - 2015-03-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 11:40 - 2015-03-12 21:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 11:40 - 2015-03-12 21:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:40 - 2015-03-12 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:40 - 2015-03-12 21:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 11:40 - 2015-03-12 20:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 11:40 - 2015-03-12 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 11:40 - 2015-03-12 20:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 11:40 - 2015-03-04 22:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 11:40 - 2015-03-04 21:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 11:33 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 11:33 - 2015-03-04 22:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 11:33 - 2015-03-04 21:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:32 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 11:32 - 2015-03-08 20:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:13 - 2015-04-15 10:13 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:13 - 2015-04-15 10:13 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-15 10:13 - 2015-03-09 20:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:13 - 2015-03-09 20:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:13 - 2015-03-09 19:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:13 - 2015-03-09 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-09 20:47 - 2015-04-09 20:47 - 00158576 _____ (Oracle) C:\Users\Homie\Downloads\llLauncher_15099kKAgIRG0oCctZvEkUVJYBrY1w.exe
2015-04-08 21:57 - 2015-04-09 21:01 - 00773352 _____ () C:\Users\Homie\Desktop\2014 Fontes A Form 1040  Individual Tax Return.tax2014
2015-04-08 21:39 - 2015-04-08 21:39 - 00000000 ____D () C:\Users\Homie\Documents\TurboTax
2015-04-08 21:39 - 2015-04-08 21:39 - 00000000 ____D () C:\Users\Homie\AppData\Local\IsolatedStorage
2015-04-08 21:38 - 2015-04-08 21:38 - 00000000 ____D () C:\Users\Homie\AppData\Roaming\Intuit
2015-04-08 21:36 - 2015-04-08 23:01 - 00000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-04-08 21:36 - 2015-04-08 21:36 - 00001892 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-04-08 21:36 - 2015-04-08 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-04-08 21:27 - 2015-04-08 21:35 - 00000000 ____D () C:\ProgramData\Intuit
2015-04-08 21:27 - 2015-04-08 21:27 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-04-08 21:15 - 2015-04-08 21:22 - 119233288 _____ () C:\Users\Homie\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe
2015-04-08 20:57 - 2015-04-08 20:57 - 00437536 _____ () C:\Users\Homie\Downloads\TurboTaxReturn.tax2013
2015-04-08 17:23 - 2015-04-08 17:23 - 00000000 ____D () C:\Users\Homie\Desktop\New Folder
2015-04-08 17:10 - 2015-04-08 17:10 - 00001990 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-04-08 17:10 - 2015-04-08 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-04-08 17:10 - 2015-04-08 17:10 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-04-08 16:48 - 2015-04-08 17:01 - 116180992 _____ (Sophos Limited) C:\Users\Homie\Downloads\Sophos Virus Removal Tool(1).exe
2015-04-05 16:55 - 2015-04-05 17:31 - 00024296 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.exe
2015-04-05 16:55 - 2015-04-05 17:31 - 00001842 _____ () C:\Windows\System32\Tasks\COMODO CertSentry Updater
2015-04-02 20:00 - 2015-04-02 20:00 - 00348178 _____ () C:\Windows\dd_vcredistMSI7647.txt
2015-04-02 20:00 - 2015-04-02 20:00 - 00011284 _____ () C:\Windows\dd_vcredistUI7647.txt
2015-04-02 19:45 - 2015-04-02 19:45 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 19:43 - 2015-04-09 10:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-01 20:58 - 2015-04-01 20:58 - 00001082 _____ () C:\Users\Homie\Desktop\SpyDLLRemover.lnk
2015-04-01 20:58 - 2015-04-01 20:58 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2015-04-01 20:57 - 2015-04-01 20:57 - 00000000 ____D () C:\Users\Homie\Downloads\SpyDLLRemover
2015-04-01 20:55 - 2015-04-01 20:56 - 04727205 _____ () C:\Users\Homie\Downloads\SpyDLLRemover.zip
2015-04-01 16:52 - 2015-04-17 17:48 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2015-04-01 16:52 - 2015-04-01 16:53 - 00000000 ____D () C:\Users\Homie\AppData\Local\Zemana
2015-04-01 16:52 - 2015-04-01 16:52 - 07039960 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2015-04-01 16:24 - 2015-04-01 16:24 - 00247913 _____ () C:\ProgramData\1427919725.bdinstall.bin
2015-04-01 14:52 - 2015-04-01 14:52 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-04-01 14:50 - 2015-04-20 19:11 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-04-01 14:48 - 2015-04-20 11:44 - 00001795 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-04-01 14:47 - 2015-04-01 14:47 - 00000000 ____D () C:\ProgramData\Shared Space
2015-04-01 14:46 - 2015-04-06 17:52 - 00000000 ____D () C:\Program Files\COMODO
2015-04-01 14:46 - 2015-04-01 14:46 - 00000957 _____ () C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-04-01 14:45 - 2015-04-01 14:45 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-04-01 14:25 - 2015-04-01 14:44 - 229979832 _____ (COMODO) C:\Users\Homie\Downloads\cispremium_installer.exe
2015-04-01 12:15 - 2015-04-01 12:15 - 00231390 _____ () C:\Users\Homie\Downloads\RootkitRevealer.zip
2015-04-01 12:15 - 2015-04-01 12:15 - 00000000 ____D () C:\Users\Homie\Downloads\RootkitRevealer
2015-04-01 11:54 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-01 11:54 - 2014-10-12 20:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-01 11:53 - 2014-11-25 22:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-01 11:53 - 2014-11-25 21:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-01 11:42 - 2014-11-03 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-01 11:42 - 2014-11-03 20:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-03-31 21:37 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-31 21:37 - 2015-02-19 21:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-31 21:37 - 2015-02-19 20:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-31 21:37 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-31 21:36 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-31 21:36 - 2014-12-07 21:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-31 21:34 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-31 21:34 - 2015-01-28 21:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-31 21:33 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-31 21:33 - 2015-01-20 21:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-31 21:33 - 2014-12-18 20:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-31 21:33 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-03-31 21:33 - 2014-08-11 22:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-31 21:32 - 2015-02-25 20:31 - 02792960 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-31 21:32 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-31 21:32 - 2015-02-17 21:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-31 21:32 - 2014-10-23 21:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-31 21:32 - 2014-10-23 20:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-31 21:32 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-31 21:32 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-31 21:32 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-03-31 21:32 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-03-31 21:32 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-31 21:32 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-31 21:31 - 2014-10-09 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-31 21:31 - 2014-10-09 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-31 21:31 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-31 21:31 - 2014-10-09 19:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-31 21:31 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-31 21:31 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-31 21:31 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-31 21:31 - 2014-10-02 21:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-31 21:31 - 2014-10-02 21:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-31 21:31 - 2014-10-02 21:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-31 21:31 - 2014-10-02 21:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-31 21:31 - 2014-10-02 21:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-31 21:31 - 2014-10-02 19:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2015-03-31 21:25 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-31 21:25 - 2015-01-28 21:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-31 21:23 - 2015-01-08 21:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-31 21:23 - 2015-01-08 20:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-31 21:23 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-03-31 21:23 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-31 21:23 - 2014-12-05 22:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-31 21:23 - 2014-12-05 22:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-31 21:23 - 2014-12-05 22:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-03-31 21:23 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-03-31 21:23 - 2014-10-23 20:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-31 21:23 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-03-31 21:23 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-03-31 21:23 - 2014-08-26 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-31 21:22 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-31 21:22 - 2015-03-05 23:35 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-31 21:22 - 2015-01-15 02:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-31 21:22 - 2015-01-15 00:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-31 21:22 - 2014-10-09 21:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 19:11 - 2014-08-23 15:32 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-04-20 19:07 - 2006-11-02 08:46 - 00834626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 19:04 - 2008-01-20 21:52 - 01532417 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 19:01 - 2014-08-23 01:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 19:01 - 2006-11-02 11:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 19:01 - 2006-11-02 11:20 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 19:01 - 2006-11-02 11:20 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 18:32 - 2006-11-02 11:38 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 17:38 - 2014-07-20 23:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-20 16:46 - 2014-08-23 01:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 15:36 - 2014-07-21 15:47 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-20 15:36 - 2014-07-21 15:47 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 15:33 - 2014-07-24 23:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-20 12:15 - 2008-01-20 21:50 - 00103926 _____ () C:\Windows\PFRO.log
2015-04-18 20:46 - 2014-07-30 15:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-17 18:52 - 2014-08-23 01:45 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 19:25 - 2014-07-20 23:15 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-15 14:46 - 2014-07-20 23:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 14:46 - 2014-07-20 23:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 14:46 - 2014-07-20 23:16 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 11:38 - 2014-07-23 20:27 - 00855494 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:37 - 2014-07-20 21:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:33 - 2006-11-02 08:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-13 19:39 - 2014-07-21 15:47 - 00000000 ____D () C:\Users\Homie\AppData\Roaming\Skype
2015-04-11 21:54 - 2014-08-28 18:23 - 00000000 ____D () C:\Users\Homie\AppData\Local\Adobe
2015-04-09 10:44 - 2014-07-21 04:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 10:44 - 2006-11-02 11:20 - 00266768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 21:39 - 2014-07-20 19:37 - 00057720 _____ () C:\Users\Homie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 17:17 - 2014-08-25 06:06 - 00000000 ____D () C:\ProgramData\Sophos
2015-04-06 17:53 - 2014-08-14 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Easy Burner
2015-04-06 17:52 - 2014-07-20 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-06 17:51 - 2014-08-13 13:53 - 00000000 ____D () C:\ProgramData\HP
2015-04-06 17:46 - 2014-08-10 03:40 - 00000000 ____D () C:\Program Files (x86)\MathMagic for Captivate
2015-04-05 17:31 - 2014-07-20 20:50 - 00024328 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-04-05 17:31 - 2014-07-20 20:00 - 00027400 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-04-05 16:55 - 2013-08-16 07:55 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-02 19:49 - 2006-11-02 11:25 - 00032134 _____ () C:\Windows\setupact.log
2015-04-02 19:45 - 2014-06-30 05:02 - 00319279 _____ () C:\Windows\Minidump\Mini040215-01.dmp
2015-04-01 21:01 - 2014-07-25 01:07 - 00000000 ____D () C:\Users\Homie\AppData\Local\CrashDumps
2015-04-01 16:37 - 2014-08-21 12:19 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-01 16:24 - 2014-08-21 12:18 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-04-01 14:52 - 2014-08-21 16:57 - 00020008 _____ () C:\Windows\system32\spsys.log
2015-04-01 14:52 - 2014-07-20 19:59 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-01 14:48 - 2014-07-20 19:36 - 00000000 ____D () C:\Users\Homie
2015-04-01 14:46 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Homie\AppData\Local\Comodo
2015-04-01 13:49 - 2015-01-30 15:27 - 00798816 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-04-01 13:49 - 2015-01-30 15:27 - 00104608 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-04-01 13:49 - 2015-01-30 15:27 - 00044856 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-04-01 13:49 - 2015-01-30 15:27 - 00020696 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-04-01 13:48 - 2015-01-30 15:27 - 00576848 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-04-01 13:48 - 2015-01-30 15:27 - 00444472 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-04-01 13:48 - 2015-01-30 15:27 - 00041248 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-04-01 13:47 - 2015-01-30 15:27 - 00358104 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-04-01 13:46 - 2015-01-30 15:27 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-04-01 13:45 - 2015-01-30 15:27 - 00288472 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-04-01 13:45 - 2015-01-30 15:27 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-04-01 12:23 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2015-04-01 11:44 - 2014-08-10 04:31 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

==================== Files in the root of some directories =======

2014-08-13 03:21 - 2014-08-13 03:21 - 0000680 _____ () C:\Users\Homie\AppData\Local\d3d9caps.dat
2014-07-20 19:36 - 2014-08-11 09:18 - 0008540 _____ () C:\Users\Homie\AppData\Local\d3d9caps64.dat
2014-07-20 23:50 - 2014-07-20 23:52 - 0452828 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI0444.txt
2014-08-10 03:36 - 2014-08-10 03:36 - 0460518 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI4BF0.txt
2014-08-10 03:37 - 2014-08-10 03:37 - 0376944 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI4CD1.txt
2014-08-10 14:58 - 2014-08-10 14:58 - 0387256 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI5609.txt
2014-08-10 14:58 - 2014-08-10 14:58 - 0376186 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI5634.txt
2014-08-23 23:32 - 2014-08-23 23:32 - 0441312 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI5706.txt
2013-08-16 07:32 - 2013-08-16 07:32 - 0440576 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI6EF3.txt
2014-08-10 04:28 - 2014-08-10 04:28 - 0387306 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI73C3.txt
2014-08-10 04:28 - 2014-08-10 04:28 - 0375726 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI7439.txt
2014-08-14 22:53 - 2014-08-14 22:53 - 0377834 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI79DD.txt
2014-08-14 22:53 - 2014-08-14 22:53 - 0387044 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI79FA.txt
2014-07-20 23:50 - 2014-07-20 23:52 - 0013076 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI0444.txt
2014-08-10 03:36 - 2014-08-10 03:36 - 0011614 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI4BF0.txt
2014-08-10 03:37 - 2014-08-10 03:37 - 0011454 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI4CD1.txt
2014-08-10 14:58 - 2014-08-10 14:58 - 0011422 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI5609.txt
2014-08-10 14:58 - 2014-08-10 14:58 - 0011406 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI5634.txt
2014-08-23 23:32 - 2014-08-23 23:32 - 0011382 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI5706.txt
2013-08-16 07:32 - 2013-08-16 07:32 - 0011366 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI6EF3.txt
2014-08-10 04:28 - 2014-08-10 04:28 - 0011438 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI73C3.txt
2014-08-10 04:28 - 2014-08-10 04:28 - 0011406 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI7439.txt
2014-08-14 22:53 - 2014-08-14 22:53 - 0014648 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI79DD.txt
2014-08-14 22:53 - 2014-08-14 22:53 - 0014584 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI79FA.txt
2014-08-21 12:41 - 2014-08-21 12:41 - 0856126 _____ () C:\ProgramData\1408637944.bdinstall.bin
2014-08-23 18:16 - 2014-08-23 22:18 - 0050577 _____ () C:\ProgramData\1408832199.1208.bin
2014-08-23 18:16 - 2014-08-23 18:35 - 0036704 _____ () C:\ProgramData\1408832199.4432.bin
2014-08-23 18:16 - 2014-08-23 18:16 - 0004368 _____ () C:\ProgramData\1408832199.5232.bin
2014-08-23 18:16 - 2014-08-23 18:35 - 0009494 _____ () C:\ProgramData\1408832199.5404.bin
2014-08-23 18:16 - 2014-08-23 18:17 - 0002680 _____ () C:\ProgramData\1408832199.5896.bin
2014-08-23 18:16 - 2014-08-23 18:17 - 0056050 _____ () C:\ProgramData\1408832199.5924.bin
2014-08-23 18:35 - 2014-08-23 18:35 - 0163301 _____ () C:\ProgramData\1408832199.bdinstall.bin
2014-08-23 18:35 - 2014-08-23 21:07 - 0045886 _____ () C:\ProgramData\1408833350.1292.bin
2014-08-23 18:35 - 2014-08-23 18:35 - 0001872 _____ () C:\ProgramData\1408833350.4544.bin
2014-08-23 18:35 - 2014-08-23 18:36 - 0101063 _____ () C:\ProgramData\1408833350.5412.bin
2014-08-23 18:35 - 2014-08-23 21:07 - 0004493 _____ () C:\ProgramData\1408833350.5576.bin
2014-08-23 22:16 - 2014-08-23 22:16 - 0048912 _____ () C:\ProgramData\1408846575.bdinstall.bin
2014-08-23 22:16 - 2014-08-23 22:16 - 0103314 _____ () C:\ProgramData\1408846592.bdinstall.bin
2014-08-24 00:35 - 2014-08-24 00:37 - 0100785 _____ () C:\ProgramData\1408854909.1912.bin
2014-08-24 00:35 - 2014-08-24 00:37 - 0009157 _____ () C:\ProgramData\1408854909.5308.bin
2014-08-24 00:35 - 2014-08-24 00:37 - 0046072 _____ () C:\ProgramData\1408854909.5576.bin
2014-08-24 00:36 - 2014-08-24 00:37 - 0001872 _____ () C:\ProgramData\1408854909.5580.bin
2014-08-24 01:33 - 2014-08-24 01:33 - 0049270 _____ () C:\ProgramData\1408858415.bdinstall.bin
2014-08-24 17:30 - 2014-08-24 17:30 - 0129365 _____ () C:\ProgramData\1408915800.bdinstall.bin
2015-04-01 16:24 - 2015-04-01 16:24 - 0247913 _____ () C:\ProgramData\1427919725.bdinstall.bin
2014-08-13 13:52 - 2014-08-13 13:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-08 21:36 - 2015-04-08 23:01 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Homie\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Homie\AppData\Local\Temp\Quarantine.exe
C:\Users\Homie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-20 19:07

==================== End Of Log ============================

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 21 April 2015 - 05:53 PM

Hi consultantbis,

 

Uninstall/remove all entries related to 10Bit or Advanced System Care, that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/

 

Next......

 

Uninstalling a Program using Add/Remove Program

I recommend the uninstalling of the below listed program(s).

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

IObit Uninstaller
IObit\Advanced SystemCare
Sophos Virus Removal Tool
SpyDLLRemover
Bitdefender

  • Reboot your computer

----------------------------------------------------------------------------------------------------------------------

Step1:

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Users\Homie\Downloads\llLauncher_15099kKAgIRG0oCctZvEkUVJYBrY1w.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

 

Step2:

Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 21 April 2015 - 07:20 PM

Hi, I also didn't find the Bitdefender on the pc. And I ran rogue killer and it showed some processes, before I posted, but I didn't do any deleting because I don't know what they are. Below are the requested items.

 

Link        

 

https://www.virustotal.com/en/file/d2732fb83c8fbfaad500533a5b3edc63418fec04667fe75040aa9f53c4a18609/analysis/1429659149/

 

Combo fix

 

ComboFix 15-04-19.01 - Homie 04/21/2015  19:44:09.1.2 - x64
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3931.2433 [GMT -4:00]
Running from: c:\users\Homie\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
FW: COMODO Firewall *Disabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1408637944.bdinstall.bin
c:\programdata\1408832199.1208.bin
c:\programdata\1408832199.4432.bin
c:\programdata\1408832199.5232.bin
c:\programdata\1408832199.5404.bin
c:\programdata\1408832199.5896.bin
c:\programdata\1408832199.5924.bin
c:\programdata\1408832199.bdinstall.bin
c:\programdata\1408833350.1292.bin
c:\programdata\1408833350.4544.bin
c:\programdata\1408833350.5412.bin
c:\programdata\1408833350.5576.bin
c:\programdata\1408846575.bdinstall.bin
c:\programdata\1408846592.bdinstall.bin
c:\programdata\1408854909.1912.bin
c:\programdata\1408854909.5308.bin
c:\programdata\1408854909.5576.bin
c:\programdata\1408854909.5580.bin
c:\programdata\1408858415.bdinstall.bin
c:\programdata\1408915800.bdinstall.bin
c:\programdata\1427919725.bdinstall.bin
c:\users\Homie\AppData\Local\Temp\VPN_D18E\B7091C83.dll
c:\windows\TEMP\VPN_EE87\48616C33.dll
c:\windows\TEMP\VPN_EE87\B7091C83.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-21 to 2015-04-21  )))))))))))))))))))))))))))))))
.
.
2015-04-21 23:53 . 2015-04-21 23:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-04-21 23:12 . 2015-04-21 23:15    --------    d-----w-    c:\windows\system32\appmgmt
2015-04-21 15:42 . 2015-04-04 06:25    12032440    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{51ABEF87-1C3D-4DE5-A9C9-4ED696CAACAB}\mpengine.dll
2015-04-20 23:12 . 2015-04-20 23:14    --------    d-----w-    C:\FRST
2015-04-20 19:36 . 2015-04-20 19:36    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2015-04-20 19:36 . 2015-04-20 19:36    --------    d-----r-    c:\program files (x86)\Skype
2015-04-20 19:28 . 2015-04-20 19:28    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-04-20 18:59 . 2015-04-20 18:59    --------    d-----w-    C:\rsit
2015-04-20 18:59 . 2015-04-20 18:59    --------    d-----w-    c:\program files\trend micro
2015-04-20 18:43 . 2015-04-20 18:44    --------    d-----w-    C:\AdwCleaner
2015-04-19 23:51 . 2015-04-19 23:51    --------    d-----w-    c:\programdata\Cisco Systems
2015-04-17 18:25 . 2015-04-17 18:25    --------    d-----w-    c:\program files (x86)\Zemana AntiLogger Free
2015-04-17 18:25 . 2015-04-17 18:25    76520    ----a-w-    c:\windows\system32\drivers\KeyCrypt64.sys
2015-04-17 18:25 . 2015-04-17 18:25    --------    d-----w-    c:\users\Homie\AppData\Local\AntiLogger Free
2015-04-15 15:33 . 2015-03-05 02:23    57344    ----a-w-    c:\windows\SysWow64\clfsw32.dll
2015-04-15 15:33 . 2015-03-05 02:14    360384    ----a-w-    c:\windows\system32\clfs.sys
2015-04-15 15:33 . 2015-03-05 01:58    77824    ----a-w-    c:\windows\system32\clfsw32.dll
2015-04-15 15:32 . 2015-03-09 01:01    1249280    ----a-w-    c:\windows\SysWow64\msxml3.dll
2015-04-15 15:32 . 2015-03-09 00:40    1869824    ----a-w-    c:\windows\system32\msxml3.dll
2015-04-09 01:39 . 2015-04-09 01:39    --------    d-----w-    c:\users\Homie\AppData\Local\IsolatedStorage
2015-04-09 01:38 . 2015-04-09 01:38    --------    d-----w-    c:\users\Homie\AppData\Roaming\Intuit
2015-04-09 01:34 . 2015-04-09 01:35    --------    d-----w-    c:\program files (x86)\Common Files\Intuit
2015-04-09 01:27 . 2015-04-09 01:27    --------    d-----w-    c:\program files (x86)\TurboTax
2015-04-09 01:27 . 2015-04-09 01:35    --------    d-----w-    c:\programdata\Intuit
2015-04-05 20:55 . 2015-04-05 21:31    24296    ----a-w-    c:\windows\system32\certsentry.exe
2015-04-02 00:58 . 2015-04-02 00:58    --------    d-----w-    c:\program files (x86)\SecurityXploded
2015-04-01 20:52 . 2015-04-17 21:48    --------    d-----w-    c:\program files (x86)\KeyCryptSDK
2015-04-01 20:52 . 2015-04-01 20:53    --------    d-----w-    c:\users\Homie\AppData\Local\Zemana
2015-04-01 20:52 . 2015-04-01 20:52    7039960    ----a-w-    c:\windows\SysWow64\ZALSDKCore.dll
2015-04-01 18:47 . 2015-04-01 18:47    --------    d-----w-    c:\programdata\Shared Space
2015-04-01 18:46 . 2015-04-06 21:52    --------    d-----w-    c:\program files\COMODO
2015-04-01 18:45 . 2015-04-01 18:45    --------    d-----w-    c:\programdata\Comodo Downloader
2015-04-01 15:54 . 2014-10-13 01:12    2264064    ----a-w-    c:\windows\SysWow64\msi.dll
2015-04-01 15:54 . 2014-10-13 00:56    3137536    ----a-w-    c:\windows\system32\msi.dll
2015-04-01 15:53 . 2014-11-26 01:42    847360    ----a-w-    c:\windows\system32\oleaut32.dll
2015-04-01 15:53 . 2014-11-26 02:05    564224    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2015-04-01 15:42 . 2014-11-04 00:35    2048    ----a-w-    c:\windows\system32\tzres.dll
2015-04-01 15:42 . 2014-11-04 00:19    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2015-04-01 01:37 . 2015-02-20 02:03    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-04-01 01:37 . 2015-02-20 01:44    48128    ----a-w-    c:\windows\system32\atmlib.dll
2015-04-01 01:37 . 2015-02-20 00:39    372224    ----a-w-    c:\windows\system32\atmfd.dll
2015-04-01 01:37 . 2015-02-20 00:28    296960    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-04-01 01:36 . 2014-12-08 01:59    306176    ----a-w-    c:\windows\SysWow64\scesrv.dll
2015-04-01 01:36 . 2014-12-08 01:37    399360    ----a-w-    c:\windows\system32\scesrv.dll
2015-04-01 01:34 . 2015-01-29 01:35    975360    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2015-04-01 01:34 . 2015-01-29 01:33    1209856    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-04-01 01:33 . 2014-12-19 00:26    139776    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2015-04-01 01:33 . 2015-01-21 02:02    807936    ----a-w-    c:\windows\SysWow64\msctf.dll
2015-04-01 01:33 . 2015-01-21 01:42    1040896    ----a-w-    c:\windows\system32\msctf.dll
2015-04-01 01:33 . 2014-08-12 02:25    729600    ----a-w-    c:\windows\SysWow64\IMJP10K.DLL
2015-04-01 01:33 . 2014-08-12 02:11    923136    ----a-w-    c:\windows\system32\IMJP10K.DLL
2015-04-01 01:32 . 2015-02-26 00:31    2792960    ----a-w-    c:\windows\system32\win32k.sys
2015-04-01 01:32 . 2014-06-15 22:18    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll
2015-04-01 01:32 . 2014-06-13 18:22    81560    ----a-w-    c:\windows\SysWow64\mscories.dll
2015-04-01 01:32 . 2014-06-13 18:22    156824    ----a-w-    c:\windows\SysWow64\mscorier.dll
2015-04-01 01:32 . 2014-06-13 17:36    73880    ----a-w-    c:\windows\system32\mscories.dll
2015-04-01 01:32 . 2014-06-13 17:36    156312    ----a-w-    c:\windows\system32\mscorier.dll
2015-04-01 01:32 . 2014-06-15 22:18    1943696    ----a-w-    c:\windows\system32\dfshim.dll
2015-04-01 01:32 . 2014-10-24 01:03    499200    ----a-w-    c:\windows\SysWow64\kerberos.dll
2015-04-01 01:32 . 2014-10-24 00:39    656384    ----a-w-    c:\windows\system32\kerberos.dll
2015-04-01 01:32 . 2015-02-18 01:42    12899840    ----a-w-    c:\windows\system32\shell32.dll
2015-04-01 01:25 . 2015-01-29 01:35    369664    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2015-04-01 01:25 . 2015-01-29 01:33    449024    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-04-01 01:23 . 2014-12-06 03:14    48640    ----a-w-    c:\windows\SysWow64\nlaapi.dll
2015-04-01 01:23 . 2014-12-06 03:14    93184    ----a-w-    c:\windows\SysWow64\ncsi.dll
2015-04-01 01:23 . 2014-12-06 02:54    61440    ----a-w-    c:\windows\system32\nlaapi.dll
2015-04-01 01:23 . 2014-12-06 02:54    205824    ----a-w-    c:\windows\system32\nlasvc.dll
2015-04-01 01:23 . 2014-12-06 02:54    178688    ----a-w-    c:\windows\system32\profsvc.dll
2015-04-01 01:23 . 2014-10-24 01:04    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2015-04-01 01:23 . 2014-10-24 00:39    77312    ----a-w-    c:\windows\system32\packager.dll
2015-04-01 01:23 . 2014-09-04 23:38    198656    ----a-w-    c:\windows\system32\drivers\fastfat.sys
2015-04-01 01:23 . 2014-08-27 00:55    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2015-04-01 01:23 . 2014-08-27 00:41    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-04-01 01:23 . 2015-01-09 01:41    85504    ----a-w-    c:\windows\system32\csrsrv.dll
2015-04-01 01:23 . 2015-01-09 00:29    75264    ----a-w-    c:\windows\system32\smss.exe
2015-04-01 01:22 . 2015-01-15 06:53    77312    ----a-w-    c:\windows\SysWow64\secur32.dll
2015-04-01 01:22 . 2015-03-06 04:01    279040    ----a-w-    c:\windows\SysWow64\schannel.dll
2015-04-01 01:22 . 2015-03-06 03:35    347136    ----a-w-    c:\windows\system32\schannel.dll
2015-04-01 01:22 . 2015-01-15 04:08    516536    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-04-01 01:22 . 2014-10-10 01:09    1689600    ----a-w-    c:\windows\system32\lsasrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-21 02:41 . 2014-07-21 03:16    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-21 02:41 . 2014-07-21 03:16    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 15:33 . 2006-11-02 12:35    128913832    ----a-w-    c:\windows\system32\mrt.exe
2015-04-05 21:31 . 2014-07-21 00:50    24328    ----a-w-    c:\windows\SysWow64\certsentry.dll
2015-04-05 21:31 . 2014-07-21 00:00    27400    ----a-w-    c:\windows\system32\certsentry.dll
2015-04-01 17:49 . 2015-01-30 19:27    104608    ----a-w-    c:\windows\system32\drivers\inspect.sys
2015-04-01 17:49 . 2015-01-30 19:27    44856    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
2015-04-01 17:49 . 2015-01-30 19:27    798816    ----a-w-    c:\windows\system32\drivers\cmdguard.sys
2015-04-01 17:49 . 2015-01-30 19:27    20696    ----a-w-    c:\windows\system32\drivers\cmderd.sys
2015-04-01 17:48 . 2015-01-30 19:27    41248    ----a-w-    c:\windows\system32\cmdcsr.dll
2015-04-01 17:48 . 2015-01-30 19:27    444472    ----a-w-    c:\windows\SysWow64\guard32.dll
2015-04-01 17:48 . 2015-01-30 19:27    576848    ----a-w-    c:\windows\system32\guard64.dll
2015-04-01 17:47 . 2015-01-30 19:27    358104    ----a-w-    c:\windows\system32\cmdvrt64.dll
2015-04-01 17:46 . 2015-01-30 19:27    45784    ----a-w-    c:\windows\system32\cmdkbd64.dll
2015-04-01 17:45 . 2015-01-30 19:27    288472    ----a-w-    c:\windows\SysWow64\cmdvrt32.dll
2015-04-01 17:45 . 2015-01-30 19:27    40664    ----a-w-    c:\windows\SysWow64\cmdkbd32.dll
2015-03-18 02:30 . 2015-03-18 02:30    10    ----a-w-    c:\windows\Fonts\wfonts.key
2015-03-13 01:43 . 2015-04-15 15:40    43008    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-02-24 08:17 . 2014-08-19 16:17    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-04 16:23 . 2015-02-04 16:23    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 16:13 . 2015-02-04 16:13    869536    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2014-07-21 1310720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"ZALFree"="c:\program files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" [2015-04-17 8205944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr_x64.exe /startup [2014-8-23 4543544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(2).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-17 22:47    988488    ----a-w-    c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-21 02:41]
.
2015-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-23 05:43]
.
2015-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-23 05:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-07-21 163384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-07-21 387640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-07-21 418360]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2014-08-23 4352568]
"GENIE"="c:\program files (x86)\NETGEAR\A6200\A6200.exe" [2013-02-19 348888]
"LanuchApp"="c:\program files (x86)\NETGEAR\A6200\LanuchApp.exe" [2012-07-11 15136]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-04-20 1426136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(2).dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.71.0.1
FF - ProfilePath - c:\users\Homie\AppData\Roaming\Mozilla\Firefox\Profiles\7o0jmdb8.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-Bitdefender Wallet Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender Wallet - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender Wallet Application Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe
c:\program files (x86)\Comodo\Dragon\dragon_updater.exe
c:\program files (x86)\NETGEAR\A6200\WifiService.exe
c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2015-04-21  20:04:43 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-22 00:04
.
Pre-Run: 82,108,104,704 bytes free
Post-Run: 82,084,761,600 bytes free
.
- - End Of File - - 09E57DAC825B70D5509168B8D94BD594
5C616939100B85E558DA92B899A0FC36
 



#6 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 22 April 2015 - 01:58 PM

Hi consultantbis,

Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   10.95KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:

Boot to Safemode with Networking

To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode
 
next....

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 

Next......
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 3:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 24 April 2015 - 12:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Homie at 2015-04-22 15:39:57 Run:2
Running from C:\Users\Homie\Desktop
Loaded Profiles: Homie (Available profiles: Homie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters)
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\...\MountPoints2: {5ca674a6-1413-11e4-adde-0026b97d6cab} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-07-20] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S2 atserv; "C:\Program Files\Bitdefender\Bitdefender Anti-Theft\atserv.exe" /service [X]
S2 UPDATESRV_ANTITHEFT; "C:\Program Files\Bitdefender\Bitdefender Anti-Theft\updatesrv.exe" id UPDATESRV_ANTITHEFT /service [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys
2015-04-20 14:59 - 2015-04-20 14:59 - 01222144 _____ () C:\Users\Homie\Downloads\RSITx64.exe
2015-04-20 14:59 - 2015-04-20 14:59 - 00000000 ____D () C:\rsit
2015-04-08 17:10 - 2015-04-08 17:10 - 00001990 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-04-08 17:10 - 2015-04-08 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-04-08 17:10 - 2015-04-08 17:10 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-04-08 16:48 - 2015-04-08 17:01 - 116180992 _____ (Sophos Limited) C:\Users\Homie\Downloads\Sophos Virus Removal Tool(1).exe
2015-04-01 20:58 - 2015-04-01 20:58 - 00001082 _____ () C:\Users\Homie\Desktop\SpyDLLRemover.lnk
2015-04-01 20:57 - 2015-04-01 20:57 - 00000000 ____D () C:\Users\Homie\Downloads\SpyDLLRemover
2015-04-01 20:55 - 2015-04-01 20:56 - 04727205 _____ () C:\Users\Homie\Downloads\SpyDLLRemover.zip
2015-04-01 16:24 - 2015-04-01 16:24 - 00247913 _____ () C:\ProgramData\1427919725.bdinstall.bin
2015-04-01 12:15 - 2015-04-01 12:15 - 00231390 _____ () C:\Users\Homie\Downloads\RootkitRevealer.zip
2015-04-01 12:15 - 2015-04-01 12:15 - 00000000 ____D () C:\Users\Homie\Downloads\RootkitRevealer
2015-04-08 17:17 - 2014-08-25 06:06 - 00000000 ____D () C:\ProgramData\Sophos
2015-04-01 16:37 - 2014-08-21 12:19 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-01 16:24 - 2014-08-21 12:18 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-08-21 12:41 - 2014-08-21 12:41 - 0856126 _____ () C:\ProgramData\1408637944.bdinstall.bin
2014-08-23 18:16 - 2014-08-23 22:18 - 0050577 _____ () C:\ProgramData\1408832199.1208.bin
2014-08-23 18:16 - 2014-08-23 18:35 - 0036704 _____ () C:\ProgramData\1408832199.4432.bin
2014-08-23 18:16 - 2014-08-23 18:16 - 0004368 _____ () C:\ProgramData\1408832199.5232.bin
2014-08-23 18:16 - 2014-08-23 18:35 - 0009494 _____ () C:\ProgramData\1408832199.5404.bin
2014-08-23 18:16 - 2014-08-23 18:17 - 0002680 _____ () C:\ProgramData\1408832199.5896.bin
2014-08-23 18:16 - 2014-08-23 18:17 - 0056050 _____ () C:\ProgramData\1408832199.5924.bin
2014-08-23 18:35 - 2014-08-23 18:35 - 0163301 _____ () C:\ProgramData\1408832199.bdinstall.bin
2014-08-23 18:35 - 2014-08-23 21:07 - 0045886 _____ () C:\ProgramData\1408833350.1292.bin
2014-08-23 18:35 - 2014-08-23 18:35 - 0001872 _____ () C:\ProgramData\1408833350.4544.bin
2014-08-23 18:35 - 2014-08-23 18:36 - 0101063 _____ () C:\ProgramData\1408833350.5412.bin
2014-08-23 18:35 - 2014-08-23 21:07 - 0004493 _____ () C:\ProgramData\1408833350.5576.bin
2014-08-23 22:16 - 2014-08-23 22:16 - 0048912 _____ () C:\ProgramData\1408846575.bdinstall.bin
2014-08-23 22:16 - 2014-08-23 22:16 - 0103314 _____ () C:\ProgramData\1408846592.bdinstall.bin
2014-08-24 00:35 - 2014-08-24 00:37 - 0100785 _____ () C:\ProgramData\1408854909.1912.bin
2014-08-24 00:35 - 2014-08-24 00:37 - 0009157 _____ () C:\ProgramData\1408854909.5308.bin
2014-08-24 00:35 - 2014-08-24 00:37 - 0046072 _____ () C:\ProgramData\1408854909.5576.bin
2014-08-24 00:36 - 2014-08-24 00:37 - 0001872 _____ () C:\ProgramData\1408854909.5580.bin
2014-08-24 01:33 - 2014-08-24 01:33 - 0049270 _____ () C:\ProgramData\1408858415.bdinstall.bin
2014-08-24 17:30 - 2014-08-24 17:30 - 0129365 _____ () C:\ProgramData\1408915800.bdinstall.bin
2015-04-01 16:24 - 2015-04-01 16:24 - 0247913 _____ () C:\ProgramData\1427919725.bdinstall.bin
2014-08-13 13:52 - 2014-08-13 13:52 - 0000057 _____ () C:\ProgramData\Ament.ini
C:\Users\Homie\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Homie\AppData\Local\Temp\Quarantine.exe
C:\Users\Homie\AppData\Local\Temp\sqlite3.dll
Task: {2FDA8B59-166A-489E-8E81-774A18383E90} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
Task: {35D2D58C-032E-4087-8B41-044FFD2F9E86} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {D1D73278-7ABE-4281-AF92-5F75CDA51255} - System32\Tasks\ASC7_SkipUac_Homie => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
AlternateDataStreams: C:\Windows\system32\certsentry.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeedsbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\url.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ZALSDKCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\KeyCrypt64.sys:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\adwcleaner_4.201.exe:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\AntiLoggerFree_Setup_1.8.2.198.exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\AntiLoggerFree_Setup_1.8.2.198.exe:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\cispremium_installer.exe:BDU
AlternateDataStreams: C:\Users\Homie\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\llLauncher_15099kKAgIRG0oCctZvEkUVJYBrY1w.exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\llLauncher_15099kKAgIRG0oCctZvEkUVJYBrY1w.exe:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\rkill.com:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\RogueKiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\RSITx64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\RSITx64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\Sophos Virus Removal Tool(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\Sophos Virus Removal Tool(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\SpyDLLRemover.zip:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\sysprof.exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\TOEIC Speaking Test Tutorial.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\TOEIC Speaking Test Tutorial.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\TurboTaxReturn.tax2013:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\TurboTaxReturn.tax2013:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe:$CmdZnID
AlternateDataStreams: C:\Users\Homie\Downloads\Year End All Payment Methods040815.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Homie\Downloads\Year End All Payment Methods040815.pdf:$CmdZnID
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\InstallerLauncher => Value not found.
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ca674a6-1413-11e4-adde-0026b97d6cab} => Key not found.
HKCR\CLSID\{5ca674a6-1413-11e4-adde-0026b97d6cab} => Key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent => Value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found.
LiveUpdateSvc => Service not found.
atserv => Service not found.
UPDATESRV_ANTITHEFT => Service not found.
IpInIp => Service not found.
"C:\Users\Homie\Downloads\RSITx64.exe" => File/Directory not found.
"C:\rsit" => File/Directory not found.
"C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos" => File/Directory not found.
"C:\Program Files (x86)\Sophos" => File/Directory not found.
"C:\Users\Homie\Downloads\Sophos Virus Removal Tool(1).exe" => File/Directory not found.
"C:\Users\Homie\Desktop\SpyDLLRemover.lnk" => File/Directory not found.
"C:\Users\Homie\Downloads\SpyDLLRemover" => File/Directory not found.
"C:\Users\Homie\Downloads\SpyDLLRemover.zip" => File/Directory not found.
"C:\ProgramData\1427919725.bdinstall.bin" => File/Directory not found.
"C:\Users\Homie\Downloads\RootkitRevealer.zip" => File/Directory not found.
"C:\Users\Homie\Downloads\RootkitRevealer" => File/Directory not found.
"C:\ProgramData\Sophos" => File/Directory not found.
"C:\Program Files\Bitdefender" => File/Directory not found.
"C:\Program Files\Common Files\Bitdefender" => File/Directory not found.
"C:\ProgramData\1408637944.bdinstall.bin" => File/Directory not found.
"C:\ProgramData\1408832199.1208.bin" => File/Directory not found.
"C:\ProgramData\1408832199.4432.bin" => File/Directory not found.
"C:\ProgramData\1408832199.5232.bin" => File/Directory not found.
"C:\ProgramData\1408832199.5404.bin" => File/Directory not found.
"C:\ProgramData\1408832199.5896.bin" => File/Directory not found.
"C:\ProgramData\1408832199.5924.bin" => File/Directory not found.
"C:\ProgramData\1408832199.bdinstall.bin" => File/Directory not found.
"C:\ProgramData\1408833350.1292.bin" => File/Directory not found.
"C:\ProgramData\1408833350.4544.bin" => File/Directory not found.
"C:\ProgramData\1408833350.5412.bin" => File/Directory not found.
"C:\ProgramData\1408833350.5576.bin" => File/Directory not found.
"C:\ProgramData\1408846575.bdinstall.bin" => File/Directory not found.
"C:\ProgramData\1408846592.bdinstall.bin" => File/Directory not found.
"C:\ProgramData\1408854909.1912.bin" => File/Directory not found.
"C:\ProgramData\1408854909.5308.bin" => File/Directory not found.
"C:\ProgramData\1408854909.5576.bin" => File/Directory not found.
"C:\ProgramData\1408854909.5580.bin" => File/Directory not found.
"C:\ProgramData\1408858415.bdinstall.bin" => File/Directory not found.
"C:\ProgramData\1408915800.bdinstall.bin" => File/Directory not found.
"C:\ProgramData\1427919725.bdinstall.bin" => File/Directory not found.
"C:\ProgramData\Ament.ini" => File/Directory not found.
"C:\Users\Homie\AppData\Local\Temp\dllnt_dump.dll" => File/Directory not found.
"C:\Users\Homie\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Homie\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDA8B59-166A-489E-8E81-774A18383E90} => Key not found.
C:\Windows\System32\Tasks\ASC7_PerformanceMonitor not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_PerformanceMonitor => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35D2D58C-032E-4087-8B41-044FFD2F9E86} => Key not found.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D73278-7ABE-4281-AF92-5F75CDA51255} => Key not found.
C:\Windows\System32\Tasks\ASC7_SkipUac_Homie not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Homie => Key not found.
"C:\Windows\system32\certsentry.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msfeedsbs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msfeedssync.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshta.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\url.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msfeedsbs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msfeedssync.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshta.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\url.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ZALSDKCore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\KeyCrypt64.sys" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\adwcleaner_4.201.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\AntiLoggerFree_Setup_1.8.2.198.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\AntiLoggerFree_Setup_1.8.2.198.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\cispremium_installer.exe" => ":BDU" ADS not found.
"C:\Users\Homie\Downloads\FRST64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\FRST64.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\llLauncher_15099kKAgIRG0oCctZvEkUVJYBrY1w.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\llLauncher_15099kKAgIRG0oCctZvEkUVJYBrY1w.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\rkill.com" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\RogueKiller.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\RogueKiller.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\RSITx64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\RSITx64.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\Sophos Virus Removal Tool(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\Sophos Virus Removal Tool(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\SpyDLLRemover.zip" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\sysprof.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\tdsskiller.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\TOEIC Speaking Test Tutorial.pdf" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\TOEIC Speaking Test Tutorial.pdf" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\TurboTaxReturn.tax2013" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\TurboTaxReturn.tax2013" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Homie\Downloads\Year End All Payment Methods040815.pdf" => ":$CmdTcID" ADS not found.
"C:\Users\Homie\Downloads\Year End All Payment Methods040815.pdf" => ":$CmdZnID" ADS not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Echo Request, failed.
Access is denied.

Reseting Interface, OK!
A reboot is required to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Echo Request, failed.
Access is denied.

There's no user specified settings to be reset.


========= End of CMD: =========

EmptyTemp: => Removed 30.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:40:34 ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/22/2015
Scan Time: 4:32:49 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.22.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Homie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338018
Time Elapsed: 7 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Homie [Administrator]
Started from : C:\Users\Homie\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/22/2015  17:10:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05F035C6-6605-4F5C-8EAE-A930127B2242} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 19cf7d97bd761abf4d855c27d3006555
[BSP] 1febd08600ad0214fbdfb119fb05d060 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152585 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 66bcb544846ba82aa9cf11490fbfeff8
[BSP] 9ab224430cae5d4642efe916dd8f39b0 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 30543 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_07242014_200809.log - RKreport_SCN_07242014_202410.log - RKreport_SCN_07242014_202633.log - RKreport_SCN_08232014_193453.log
RKreport_DEL_08232014_193825.log - RKreport_SCN_08232014_195317.log - RKreport_SCN_04202015_153242.log - RKreport_DEL_04202015_153302.log



#8 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 24 April 2015 - 07:00 PM

You are using a VPN.
I think this information belongs to you.

 

10.211.254.254 8.8.8.8
10.71.0.1

 

--------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Version: 2.00.4.1028

New version is 2.1.6

 

Please try run 2.step. and post rkill +MBAM Logs.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 24 April 2015 - 10:34 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/24/2015 10:59:54 PM in x64 mode. (Safe Mode)
Windows Version: Windows Vista ™ Business Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (AFD) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * WPCSvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/24/2015 11:02:07 PM
Execution time: 0 hours(s), 2 minute(s), and 12 seconds(s)
 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/24/2015
Scan Time: 11:04:15 PM
Logfile: mbamb.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.24.08
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Homie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342506
Time Elapsed: 7 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

=======================================================================================================================

 

 

RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Homie [Administrator]
Started from : C:\Users\Homie\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/22/2015  17:10:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05F035C6-6605-4F5C-8EAE-A930127B2242} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 19cf7d97bd761abf4d855c27d3006555
[BSP] 1febd08600ad0214fbdfb119fb05d060 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152585 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 66bcb544846ba82aa9cf11490fbfeff8
[BSP] 9ab224430cae5d4642efe916dd8f39b0 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 30543 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================

RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Homie [Administrator]
Started from : C:\Users\Homie\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/22/2015  17:10:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05F035C6-6605-4F5C-8EAE-A930127B2242} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 19cf7d97bd761abf4d855c27d3006555
[BSP] 1febd08600ad0214fbdfb119fb05d060 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152585 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 66bcb544846ba82aa9cf11490fbfeff8
[BSP] 9ab224430cae5d4642efe916dd8f39b0 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 30543 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Homie [Administrator]
Started from : C:\Users\Homie\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/22/2015  17:10:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05F035C6-6605-4F5C-8EAE-A930127B2242} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0A810063-1545-45F2-98C4-832EB49F7B2A} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9FE84757-7291-4F1A-960D-7E6BD9E07BD8} | DhcpNameServer : 10.211.254.254 8.8.8.8 [X][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CB2F0594-FA1E-48EA-A15D-E06C0D982BB6} | DhcpNameServer : 10.71.0.1 [X]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 19cf7d97bd761abf4d855c27d3006555
[BSP] 1febd08600ad0214fbdfb119fb05d060 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152585 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 66bcb544846ba82aa9cf11490fbfeff8
[BSP] 9ab224430cae5d4642efe916dd8f39b0 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 30543 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
 



#10 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 25 April 2015 - 10:35 AM

Please do the following,

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear
Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

empty directory check, delete
emptyfolderscheck;delete
ielook;
firefoxlook;
chromelook;

ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
------------------------------------------------------------------------------------
Please post a fresh FRST logfile for my review. (Frst.txt and Additional.txt)
-----------------------------------
How is the computer doing now? Please let me know.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 25 April 2015 - 12:35 PM

Should I disable antivirus for FRST scan



#12 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 25 April 2015 - 01:14 PM

Yes. Please.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 25 April 2015 - 01:55 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Homie (administrator) on HOMIE-PC on 25-04-2015 14:48:26
Running from C:\Users\Homie\Desktop
Loaded Profiles: Homie (Available profiles: Homie)
Platform: Windows Vista ™ Business Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(NETGEAR,Inc.) C:\Program Files (x86)\NETGEAR\A6200\A6200.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [348888 2013-02-18] (NETGEAR,Inc.)
HKLM\...\Run: [LanuchApp] => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [15136 2012-07-11] ()
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-20] (COMODO)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2014-07-20] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2015-04-17] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(2).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll [94664 2015-04-17] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(2).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll [86400 2015-04-17] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-08-23]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-116106242-1928824188-2471662636-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-116106242-1928824188-2471662636-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
Tcpip\Parameters: [DhcpNameServer] 10.71.0.1

FireFox:
========
FF ProfilePath: C:\Users\Homie\AppData\Roaming\Mozilla\Firefox\Profiles\7o0jmdb8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2013-08-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2013-08-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Extension: S3.Google Translator - C:\Users\Homie\AppData\Roaming\Mozilla\Firefox\Profiles\7o0jmdb8.default\Extensions\s3google@translator.xpi [2014-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-20]

Chrome:
=======
CHR Profile: C:\Users\Homie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Homie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\Homie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-04-05] (Comodo)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-20] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2015-03-11] (Comodo Security Solutions, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [29984 2012-09-24] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [1974576 2013-03-07] (Broadcom Corporation)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
S1 Beep; No ImagePath
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [798816 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [44856 2015-04-01] (COMODO)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [279216 2010-04-06] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2015-04-17] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0025.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0008.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN3; C:\Windows\System32\DRIVERS\Neo_0066.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN4; C:\Windows\System32\DRIVERS\Neo_0080.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN5; C:\Windows\System32\DRIVERS\Neo_0034.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 Neo_VPN6; C:\Windows\System32\DRIVERS\Neo_0098.sys [29536 2014-08-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-08-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-24] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-24] ()
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-25 13:26 - 2015-04-25 13:26 - 00000000 ____D () C:\Users\Homie\AppData\Local\VirtualStore
2015-04-25 13:26 - 2015-04-25 13:26 - 00000000 ____D () C:\Users\Homie\AppData\Local\AntiLogger Free
2015-04-25 13:21 - 2015-04-25 12:41 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-25 12:42 - 2015-04-25 12:33 - 00008477 _____ () C:\zoek-results2015-04-25-163335.log
2015-04-25 12:34 - 2015-04-25 13:26 - 00007290 _____ () C:\Users\Homie\Desktop\zoek-results.txt
2015-04-25 11:51 - 2015-04-25 13:25 - 00007290 _____ () C:\zoek-results.log
2015-04-25 11:50 - 2015-04-25 12:25 - 00000000 ____D () C:\zoek_backup
2015-04-25 11:45 - 2015-04-25 11:45 - 01305600 _____ () C:\Users\Homie\Desktop\zoek.exe
2015-04-24 23:30 - 2015-04-24 23:30 - 00006094 _____ () C:\Users\Homie\Desktop\RKreport_SCN_04242015_232957.log
2015-04-24 23:20 - 2015-04-24 23:20 - 00001061 _____ () C:\Users\Homie\Desktop\mbamb.txt
2015-04-24 23:02 - 2015-04-25 11:40 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 23:02 - 2015-04-24 23:02 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-24 23:02 - 2015-04-24 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-24 23:02 - 2015-04-24 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-24 23:02 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-24 23:02 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-24 23:02 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-24 22:59 - 2015-04-24 22:59 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Homie\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-24 13:12 - 2015-04-24 13:13 - 02224640 _____ () C:\Users\Homie\Downloads\adwcleaner_4.202.exe
2015-04-22 17:10 - 2015-04-22 17:10 - 00004825 _____ () C:\Users\Homie\Desktop\RKreport_SCN_04222015_171033.log
2015-04-21 20:19 - 2015-04-21 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 20:05 - 2015-04-21 20:05 - 00022709 _____ () C:\Users\Homie\Desktop\combo file.txt
2015-04-21 20:04 - 2015-04-21 20:04 - 00022709 _____ () C:\ComboFix.txt
2015-04-21 19:42 - 2015-04-21 19:41 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-21 19:42 - 2015-04-21 19:41 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-21 19:42 - 2015-04-21 19:41 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-21 19:42 - 2015-04-21 19:41 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-21 19:42 - 2015-04-21 19:41 - 00098816 _____ () C:\Windows\sed.exe
2015-04-21 19:42 - 2015-04-21 19:41 - 00080412 _____ () C:\Windows\grep.exe
2015-04-21 19:42 - 2015-04-21 19:41 - 00068096 _____ () C:\Windows\zip.exe
2015-04-21 19:42 - 2015-04-21 19:41 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-21 19:41 - 2015-04-21 20:05 - 00000000 ____D () C:\Qoobox
2015-04-21 19:41 - 2015-04-21 20:02 - 00000000 ____D () C:\Windows\erdnt
2015-04-21 19:40 - 2015-04-21 19:41 - 00000714 _____ () C:\Users\Homie\Desktop\New Text Document (2).txt
2015-04-21 19:36 - 2015-04-22 15:24 - 00003287 _____ () C:\Users\Homie\Desktop\New Text Document.txt
2015-04-21 19:35 - 2015-04-21 19:35 - 05619466 ____R (Swearware) C:\Users\Homie\Desktop\ComboFix.exe
2015-04-21 19:22 - 2015-04-21 19:22 - 00017920 _____ () C:\Users\Homie\Desktop\04_assessment-overview-response-template-spring-2015.xls
2015-04-21 19:12 - 2015-04-21 19:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-20 19:15 - 2015-04-25 14:48 - 00012821 _____ () C:\Users\Homie\Desktop\FRST.txt
2015-04-20 19:15 - 2015-04-20 19:15 - 00029928 _____ () C:\Users\Homie\Desktop\Addition.txt
2015-04-20 19:14 - 2015-04-20 19:14 - 00029928 _____ () C:\Users\Homie\Downloads\Addition.txt
2015-04-20 19:12 - 2015-04-25 14:48 - 00000000 ____D () C:\FRST
2015-04-20 19:12 - 2015-04-20 19:14 - 00047396 _____ () C:\Users\Homie\Downloads\FRST.txt
2015-04-20 19:10 - 2015-04-20 19:10 - 02099712 _____ (Farbar) C:\Users\Homie\Desktop\FRST64.exe
2015-04-20 15:36 - 2015-04-20 15:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 15:36 - 2015-04-20 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-20 15:28 - 2015-04-24 23:23 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-20 15:18 - 2015-04-20 15:19 - 16884312 _____ () C:\Users\Homie\Downloads\RogueKiller.exe
2015-04-20 15:11 - 2015-04-20 15:11 - 00018471 _____ () C:\Users\Homie\Desktop\info.txt
2015-04-20 14:59 - 2015-04-20 14:59 - 00000000 ____D () C:\Program Files\trend micro
2015-04-20 14:43 - 2015-04-20 14:44 - 00000000 ____D () C:\AdwCleaner
2015-04-20 14:41 - 2015-04-24 23:02 - 00003098 _____ () C:\Users\Homie\Desktop\Rkill.txt
2015-04-20 14:40 - 2015-04-20 14:40 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Homie\Downloads\rkill.com
2015-04-19 19:51 - 2015-04-19 19:51 - 00000000 ____D () C:\ProgramData\Cisco Systems
2015-04-19 16:58 - 2015-04-19 16:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Homie\Downloads\tdsskiller.exe
2015-04-17 14:39 - 2015-04-17 14:39 - 00000000 ____D () C:\Users\Homie\Downloads\Order Id 819974
2015-04-17 14:38 - 2015-04-17 14:38 - 00024144 _____ () C:\Users\Homie\Downloads\Order Id 819974.zip
2015-04-17 14:25 - 2015-04-17 14:25 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-04-17 14:25 - 2015-04-17 14:25 - 00000979 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-04-17 14:25 - 2015-04-17 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-04-17 14:25 - 2015-04-17 14:25 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2015-04-17 14:24 - 2015-04-17 14:24 - 03688000 _____ (Zemana Ltd. ) C:\Users\Homie\Downloads\AntiLoggerFree_Setup_1.8.2.198.exe
2015-04-15 23:30 - 2015-04-15 23:30 - 05242880 _____ () C:\Users\Homie\Downloads\thing2.txt
2015-04-15 23:26 - 2015-04-15 23:30 - 52428800 _____ () C:\Users\Homie\Downloads\thing.txt
2015-04-15 23:24 - 2015-04-15 23:24 - 00243200 _____ (Support.com) C:\Users\Homie\Downloads\sysprof.exe
2015-04-15 11:40 - 2015-03-13 22:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:40 - 2015-03-13 22:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:40 - 2015-03-12 21:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:40 - 2015-03-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 11:40 - 2015-03-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 11:40 - 2015-03-12 21:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 11:40 - 2015-03-12 21:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:40 - 2015-03-12 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:40 - 2015-03-12 21:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 11:40 - 2015-03-12 20:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 11:40 - 2015-03-12 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 11:40 - 2015-03-12 20:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 11:40 - 2015-03-04 22:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 11:40 - 2015-03-04 21:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 11:33 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 11:33 - 2015-03-04 22:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 11:33 - 2015-03-04 21:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:32 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 11:32 - 2015-03-08 20:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:13 - 2015-04-15 10:13 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:13 - 2015-04-15 10:13 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 10:13 - 2015-04-15 10:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 10:13 - 2015-04-15 10:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-15 10:13 - 2015-03-09 20:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:13 - 2015-03-09 20:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:13 - 2015-03-09 19:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:13 - 2015-03-09 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-09 20:47 - 2015-04-09 20:47 - 00158576 _____ (Oracle) C:\Users\Homie\Downloads\llLauncher_15099kKAgIRG0oCctZvEkUVJYBrY1w.exe
2015-04-08 21:57 - 2015-04-09 21:01 - 00773352 _____ () C:\Users\Homie\Desktop\2014 Fontes A Form 1040  Individual Tax Return.tax2014
2015-04-08 21:39 - 2015-04-08 21:39 - 00000000 ____D () C:\Users\Homie\Documents\TurboTax
2015-04-08 21:39 - 2015-04-08 21:39 - 00000000 ____D () C:\Users\Homie\AppData\Local\IsolatedStorage
2015-04-08 21:38 - 2015-04-08 21:38 - 00000000 ____D () C:\Users\Homie\AppData\Roaming\Intuit
2015-04-08 21:36 - 2015-04-08 23:01 - 00000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-04-08 21:36 - 2015-04-08 21:36 - 00001892 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-04-08 21:36 - 2015-04-08 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-04-08 21:27 - 2015-04-08 21:35 - 00000000 ____D () C:\ProgramData\Intuit
2015-04-08 21:27 - 2015-04-08 21:27 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-04-08 21:15 - 2015-04-08 21:22 - 119233288 _____ () C:\Users\Homie\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe
2015-04-08 20:57 - 2015-04-08 20:57 - 00437536 _____ () C:\Users\Homie\Downloads\TurboTaxReturn.tax2013
2015-04-08 17:23 - 2015-04-08 17:23 - 00000000 ____D () C:\Users\Homie\Desktop\New Folder
2015-04-05 16:55 - 2015-04-05 17:31 - 00024296 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.exe
2015-04-05 16:55 - 2015-04-05 17:31 - 00001842 _____ () C:\Windows\System32\Tasks\COMODO CertSentry Updater
2015-04-02 20:00 - 2015-04-02 20:00 - 00348178 _____ () C:\Windows\dd_vcredistMSI7647.txt
2015-04-02 20:00 - 2015-04-02 20:00 - 00011284 _____ () C:\Windows\dd_vcredistUI7647.txt
2015-04-02 19:45 - 2015-04-02 19:45 - 00000000 ____D () C:\Windows\Minidump
2015-04-01 20:58 - 2015-04-01 20:58 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2015-04-01 16:52 - 2015-04-17 17:48 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2015-04-01 16:52 - 2015-04-01 16:53 - 00000000 ____D () C:\Users\Homie\AppData\Local\Zemana
2015-04-01 16:52 - 2015-04-01 16:52 - 07039960 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2015-04-01 14:52 - 2015-04-01 14:52 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-04-01 14:50 - 2015-04-25 14:43 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-04-01 14:48 - 2015-04-20 11:44 - 00001795 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-04-01 14:46 - 2015-04-06 17:52 - 00000000 ____D () C:\Program Files\COMODO
2015-04-01 14:46 - 2015-04-01 14:46 - 00000957 _____ () C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-04-01 14:45 - 2015-04-01 14:45 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-04-01 14:25 - 2015-04-01 14:44 - 229979832 _____ (COMODO) C:\Users\Homie\Downloads\cispremium_installer.exe
2015-04-01 11:54 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-01 11:54 - 2014-10-12 20:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-01 11:53 - 2014-11-25 22:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-01 11:53 - 2014-11-25 21:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-01 11:42 - 2014-11-03 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-01 11:42 - 2014-11-03 20:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-03-31 21:37 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-31 21:37 - 2015-02-19 21:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-31 21:37 - 2015-02-19 20:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-31 21:37 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-31 21:36 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-31 21:36 - 2014-12-07 21:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-31 21:34 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-31 21:34 - 2015-01-28 21:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-31 21:33 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-31 21:33 - 2015-01-20 21:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-31 21:33 - 2014-12-18 20:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-31 21:33 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-03-31 21:33 - 2014-08-11 22:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-31 21:32 - 2015-02-25 20:31 - 02792960 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-31 21:32 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-31 21:32 - 2015-02-17 21:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-31 21:32 - 2014-10-23 21:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-31 21:32 - 2014-10-23 20:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-31 21:32 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-31 21:32 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-31 21:32 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-03-31 21:32 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-03-31 21:32 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-31 21:32 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-31 21:31 - 2014-10-09 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-31 21:31 - 2014-10-09 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-31 21:31 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-31 21:31 - 2014-10-09 19:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-31 21:31 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-31 21:31 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-31 21:31 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-31 21:31 - 2014-10-02 21:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-31 21:31 - 2014-10-02 21:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-31 21:31 - 2014-10-02 21:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-31 21:31 - 2014-10-02 21:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-31 21:31 - 2014-10-02 21:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-31 21:31 - 2014-10-02 19:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2015-03-31 21:25 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-31 21:25 - 2015-01-28 21:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-31 21:23 - 2015-01-08 21:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-31 21:23 - 2015-01-08 20:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-31 21:23 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-03-31 21:23 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-31 21:23 - 2014-12-05 22:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-31 21:23 - 2014-12-05 22:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-31 21:23 - 2014-12-05 22:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-03-31 21:23 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-03-31 21:23 - 2014-10-23 20:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-31 21:23 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-03-31 21:23 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-03-31 21:23 - 2014-08-26 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-31 21:22 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-31 21:22 - 2015-03-05 23:35 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-31 21:22 - 2015-01-15 02:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-31 21:22 - 2015-01-15 00:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-31 21:22 - 2014-10-09 21:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-25 14:48 - 2014-08-23 15:32 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-04-25 14:46 - 2014-08-23 01:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 14:38 - 2014-07-20 23:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 14:36 - 2014-08-23 01:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-25 14:36 - 2008-01-20 21:52 - 01704706 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 14:33 - 2006-11-02 11:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 14:33 - 2006-11-02 11:20 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-25 14:33 - 2006-11-02 11:20 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 13:53 - 2006-11-02 11:38 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-25 13:24 - 2008-01-20 21:50 - 00108820 _____ () C:\Windows\PFRO.log
2015-04-24 22:49 - 2006-11-02 08:46 - 00834626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 17:38 - 2014-07-25 01:07 - 00000000 ____D () C:\Users\Homie\AppData\Local\CrashDumps
2015-04-22 14:08 - 2014-07-21 04:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 20:05 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2015-04-21 19:57 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-21 19:54 - 2006-11-02 08:33 - 53215232 _____ () C:\Windows\system32\config\software.bak
2015-04-21 19:54 - 2006-11-02 08:33 - 52953088 _____ () C:\Windows\system32\config\components.bak
2015-04-21 19:54 - 2006-11-02 08:33 - 23068672 _____ () C:\Windows\system32\config\system.bak
2015-04-21 19:54 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-04-21 19:54 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-04-21 19:54 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\default.bak
2015-04-21 19:41 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-04-21 19:18 - 2014-07-23 12:42 - 00000000 ____D () C:\Users\Homie\Documents\Bulvgari
2015-04-20 22:41 - 2014-08-28 18:23 - 00000000 ____D () C:\Users\Homie\AppData\Local\Adobe
2015-04-20 22:41 - 2014-07-20 23:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-20 22:41 - 2014-07-20 23:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-20 22:41 - 2014-07-20 23:16 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-20 15:36 - 2014-07-21 15:47 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-20 15:36 - 2014-07-21 15:47 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 15:33 - 2014-07-24 23:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-18 20:46 - 2014-07-30 15:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-17 18:52 - 2014-08-23 01:45 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 11:38 - 2014-07-23 20:27 - 00855494 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:37 - 2014-07-20 21:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:33 - 2006-11-02 08:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-13 19:39 - 2014-07-21 15:47 - 00000000 ____D () C:\Users\Homie\AppData\Roaming\Skype
2015-04-09 10:44 - 2006-11-02 11:20 - 00266768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 21:39 - 2014-07-20 19:37 - 00057720 _____ () C:\Users\Homie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 17:53 - 2014-08-14 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Easy Burner
2015-04-06 17:52 - 2014-07-20 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-06 17:51 - 2014-08-13 13:53 - 00000000 ____D () C:\ProgramData\HP
2015-04-06 17:46 - 2014-08-10 03:40 - 00000000 ____D () C:\Program Files (x86)\MathMagic for Captivate
2015-04-05 17:31 - 2014-07-20 20:50 - 00024328 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-04-05 17:31 - 2014-07-20 20:00 - 00027400 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-04-05 16:55 - 2013-08-16 07:55 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-02 19:49 - 2006-11-02 11:25 - 00032134 _____ () C:\Windows\setupact.log
2015-04-02 19:45 - 2014-06-30 05:02 - 00319279 _____ () C:\Windows\Minidump\Mini040215-01.dmp
2015-04-01 14:52 - 2014-08-21 16:57 - 00020008 _____ () C:\Windows\system32\spsys.log
2015-04-01 14:52 - 2014-07-20 19:59 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-01 14:48 - 2014-07-20 19:36 - 00000000 ____D () C:\Users\Homie
2015-04-01 14:46 - 2014-07-20 20:00 - 00000000 ____D () C:\Users\Homie\AppData\Local\Comodo
2015-04-01 13:49 - 2015-01-30 15:27 - 00798816 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-04-01 13:49 - 2015-01-30 15:27 - 00104608 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-04-01 13:49 - 2015-01-30 15:27 - 00044856 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-04-01 13:49 - 2015-01-30 15:27 - 00020696 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-04-01 13:48 - 2015-01-30 15:27 - 00576848 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-04-01 13:48 - 2015-01-30 15:27 - 00444472 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-04-01 13:48 - 2015-01-30 15:27 - 00041248 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-04-01 13:47 - 2015-01-30 15:27 - 00358104 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-04-01 13:46 - 2015-01-30 15:27 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-04-01 13:45 - 2015-01-30 15:27 - 00288472 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-04-01 13:45 - 2015-01-30 15:27 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-04-01 12:23 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2015-04-01 11:44 - 2014-08-10 04:31 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

==================== Files in the root of some directories =======

2014-08-13 03:21 - 2014-08-13 03:21 - 0000680 _____ () C:\Users\Homie\AppData\Local\d3d9caps.dat
2014-07-20 19:36 - 2014-08-11 09:18 - 0008540 _____ () C:\Users\Homie\AppData\Local\d3d9caps64.dat
2014-07-20 23:50 - 2014-07-20 23:52 - 0452828 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI0444.txt
2014-08-10 03:36 - 2014-08-10 03:36 - 0460518 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI4BF0.txt
2014-08-10 03:37 - 2014-08-10 03:37 - 0376944 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI4CD1.txt
2014-08-10 14:58 - 2014-08-10 14:58 - 0387256 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI5609.txt
2014-08-10 14:58 - 2014-08-10 14:58 - 0376186 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI5634.txt
2014-08-23 23:32 - 2014-08-23 23:32 - 0441312 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI5706.txt
2013-08-16 07:32 - 2013-08-16 07:32 - 0440576 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI6EF3.txt
2014-08-10 04:28 - 2014-08-10 04:28 - 0387306 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI73C3.txt
2014-08-10 04:28 - 2014-08-10 04:28 - 0375726 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI7439.txt
2014-08-14 22:53 - 2014-08-14 22:53 - 0377834 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI79DD.txt
2014-08-14 22:53 - 2014-08-14 22:53 - 0387044 _____ () C:\Users\Homie\AppData\Local\dd_vcredistMSI79FA.txt
2014-07-20 23:50 - 2014-07-20 23:52 - 0013076 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI0444.txt
2014-08-10 03:36 - 2014-08-10 03:36 - 0011614 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI4BF0.txt
2014-08-10 03:37 - 2014-08-10 03:37 - 0011454 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI4CD1.txt
2014-08-10 14:58 - 2014-08-10 14:58 - 0011422 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI5609.txt
2014-08-10 14:58 - 2014-08-10 14:58 - 0011406 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI5634.txt
2014-08-23 23:32 - 2014-08-23 23:32 - 0011382 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI5706.txt
2013-08-16 07:32 - 2013-08-16 07:32 - 0011366 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI6EF3.txt
2014-08-10 04:28 - 2014-08-10 04:28 - 0011438 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI73C3.txt
2014-08-10 04:28 - 2014-08-10 04:28 - 0011406 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI7439.txt
2014-08-14 22:53 - 2014-08-14 22:53 - 0014648 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI79DD.txt
2014-08-14 22:53 - 2014-08-14 22:53 - 0014584 _____ () C:\Users\Homie\AppData\Local\dd_vcredistUI79FA.txt
2015-04-08 21:36 - 2015-04-08 23:01 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 14:42

==================== End Of Log ============================

 

 

 

Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by Homie on Sat 04/25/2015 at 12:41:33.71.
Microsoft® Windows Vista™ Business  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Homie\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-25-163335.log    8477 bytes

==== System Restore Info ======================

4/25/2015 12:42:34 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Homie\AppData\Local\AntiLogger Free deleted successfully
C:\Users\Homie\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [07/20/2014 11:47 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Homie\AppData\Roaming\Mozilla\Firefox\Profiles\7o0jmdb8.default
- Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- S3.Google Translator - %ProfilePath%\extensions\s3google@translator.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Homie\AppData\Roaming\Mozilla\Firefox\Profiles\7o0jmdb8.default
AB87EEFFD18F2BAAFC274E7075EA6C67    - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation
9AE02005247DA91AB1743F5208DBEF76    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -    Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 42.0.2311.90 (Latest Stable version: 42.0.2311.90) [z-db]


Chrome Hotword Shared Module - Homie\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Homie\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Comodo Drag&Drop Service - Homie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Homie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Homie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Dragon Browser Light Theme - Homie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kglppafajjeikfgmjjegogphhkjnnmgc
Comodo Share Page Service - Homie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Bitdefender QuickScan - Homie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
Chrome Hotword Shared Module - Homie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Homie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Homie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Homie\AppData\Local\Mozilla\Firefox\Profiles\7o0jmdb8.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Homie\AppData\Local\Comodo\Chromodo\User Data\Default\Cache emptied successfully
C:\Users\Homie\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\Homie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=507 folders=37 14461252 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Homie\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Homie\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Homie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on Sat 04/25/2015 at 13:25:54.32 ======================
 



#14 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 25 April 2015 - 02:01 PM

Let me know if I should I re-run any of your programs with firewalls down. I noticed that I didn't for some.


the last one logs I did.



#15 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 25 April 2015 - 02:10 PM

Let me know if I should I re-run any of your programs with firewalls down. I noticed that I didn't for some.


the last one logs I did.

 Windows Defender (Enabled)

 

I do not see Additional.txt logfile


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users