Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET log shows potentially unwanted


  • This topic is locked This topic is locked
7 replies to this topic

#1 consultantbis

consultantbis

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 25 April 2015 - 11:07 PM

HI, I have a log attached from ESET that has some potential threats. I don't want to delete anything good, and I have just been trying to do a good sweep on this pc.

 

 

 

Logfile of random's system information tool 1.10 (written by random/random)
Run by Man at 2015-04-25 22:56:43
Microsoft Windows 8.1
System drive C: has 403 GB (94%) free of 428 GB
Total RAM: 3962 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:51 PM, on 4/25/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\trend micro\Man.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
O4 - HKLM\..\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN48C391CD05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther VPN Project at University of Tsukuba, Japan. - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7406 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\WLANExt.exe 128414572384
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
dashost.exe {32a62849-3928-46bf-849f88d7314473d6}
"C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /service
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-638bf63c-434f-4afc-be4c-7ffe3f76d578 -SystemEventPortName:HostProcess-b9183faa-9124-46d7-b182-03d4576cd420 -IoCancelEventPortName:HostProcess-7e75606e-bc46-4f35-9785-4633d8c09ec7 -NonStateChangingEventPortName:HostProcess-b9055411-3d1c-4adb-a227-8636d5e6f482 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:beabd6ab-9ca3-48d4-b2f8-d4dd5ee1371b -DeviceGroupId:WudfDefaultDevicePool

winlogon.exe
"dwm.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
taskhostex.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"
igfxEM.exe
igfxHK.exe
"C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\USB Camera\VM331STI.EXE"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\WINDOWS\system32\wuauclt.exe"
taskhost.exe $(Arg0)
taskhost.exe /RuntimeWide
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k defragsvc
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding

"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 952 956 964 65536 960
"C:\Users\Man\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  

=========Mozilla firefox=========

ProfilePath - C:\Users\Man\AppData\Roaming\Mozilla\Firefox\Profiles\pmcpq4ae.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2015-02-10 448912]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe []
"Persistence"=C:\windows\system32\igfxpers.exe []
"SoftEther VPN Client UI Helper"=C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2015-02-10 4409400]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2015-02-13 17079376]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2015-02-13 191568]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-20 1426136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2015-02-10 7780120]
"HP Officejet 4630 series (NET)"=C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [2015-02-10 3487240]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331STI.EXE [2015-02-10 548864]
"ZALFree"=C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [2015-02-10 8205944]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2015-02-10 96056]
""= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SoftEther VPN Client Manager Startup.lnk - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-04-25 22:56:44 ----D---- C:\Program Files\trend micro
2015-04-25 22:56:43 ----D---- C:\rsit
2015-04-25 21:27:35 ----D---- C:\Program Files (x86)\ESET
2015-04-25 20:49:41 ----D---- C:\SUPERDelete
2015-04-20 17:02:29 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2015-04-20 17:02:28 ----D---- C:\ProgramData\RogueKiller
2015-04-20 16:05:32 ----D---- C:\AdwCleaner
2015-04-17 15:31:15 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2015-04-17 15:31:15 ----A---- C:\WINDOWS\system32\tdh.dll
2015-04-17 15:31:15 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2015-04-17 15:31:15 ----A---- C:\WINDOWS\system32\ntdll.dll
2015-04-17 15:31:14 ----A---- C:\WINDOWS\SYSWOW64\tracerpt.exe
2015-04-17 15:31:14 ----A---- C:\WINDOWS\SYSWOW64\tdh.dll
2015-04-17 15:31:14 ----A---- C:\WINDOWS\SYSWOW64\sechost.dll
2015-04-17 15:31:14 ----A---- C:\WINDOWS\system32\wow64cpu.dll
2015-04-17 15:31:14 ----A---- C:\WINDOWS\system32\wow64.dll
2015-04-17 15:31:14 ----A---- C:\WINDOWS\system32\tracerpt.exe
2015-04-17 15:31:14 ----A---- C:\WINDOWS\system32\sechost.dll
2015-04-17 15:31:14 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-17 15:30:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2015-04-17 15:30:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2015-04-17 15:30:53 ----A---- C:\WINDOWS\system32\jscript9.dll
2015-04-17 15:30:52 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2015-04-17 15:30:52 ----A---- C:\WINDOWS\system32\ieframe.dll
2015-04-17 15:30:51 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2015-04-17 15:30:50 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2015-04-17 15:30:50 ----A---- C:\WINDOWS\system32\wininet.dll
2015-04-17 15:30:49 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2015-04-17 15:30:49 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2015-04-17 15:30:49 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2015-04-17 15:30:49 ----A---- C:\WINDOWS\system32\urlmon.dll
2015-04-17 15:30:49 ----A---- C:\WINDOWS\system32\mshtmled.dll
2015-04-17 15:30:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2015-04-17 15:30:49 ----A---- C:\WINDOWS\system32\iertutil.dll
2015-04-17 15:30:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2015-04-17 15:30:48 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2015-04-17 15:30:48 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2015-04-17 15:30:48 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2015-04-17 15:30:48 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2015-04-17 15:30:48 ----A---- C:\WINDOWS\system32\vbscript.dll
2015-04-17 15:30:48 ----A---- C:\WINDOWS\system32\msfeeds.dll
2015-04-17 15:30:48 ----A---- C:\WINDOWS\system32\jscript.dll
2015-04-17 15:30:48 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2015-04-17 15:26:03 ----A---- C:\WINDOWS\SYSWOW64\pku2u.dll
2015-04-17 15:26:03 ----A---- C:\WINDOWS\system32\pku2u.dll
2015-04-17 15:26:03 ----A---- C:\WINDOWS\system32\lsm.dll
2015-04-16 14:15:51 ----A---- C:\WINDOWS\system32\invagent.dll
2015-04-16 14:15:51 ----A---- C:\WINDOWS\system32\generaltel.dll
2015-04-16 14:15:51 ----A---- C:\WINDOWS\system32\devinv.dll
2015-04-16 14:15:51 ----A---- C:\WINDOWS\system32\appraiser.dll
2015-04-16 14:15:51 ----A---- C:\WINDOWS\system32\aeinv.dll
2015-04-16 14:15:51 ----A---- C:\WINDOWS\system32\acmigration.dll
2015-04-16 14:15:50 ----A---- C:\WINDOWS\system32\aepdu.dll
2015-04-16 14:12:36 ----A---- C:\WINDOWS\SYSWOW64\clfsw32.dll
2015-04-16 14:12:36 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2015-04-16 14:12:36 ----A---- C:\WINDOWS\system32\clfsw32.dll
2015-04-16 13:47:36 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2015-04-16 13:47:36 ----A---- C:\WINDOWS\system32\wucltux.dll
2015-04-16 13:47:36 ----A---- C:\WINDOWS\system32\wuaueng.dll
2015-04-16 13:47:36 ----A---- C:\WINDOWS\system32\wuauclt.exe
2015-04-16 13:47:36 ----A---- C:\WINDOWS\system32\wuapi.dll
2015-04-16 13:47:36 ----A---- C:\WINDOWS\system32\WinSetupUI.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\wuwebv.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\wups2.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\wups.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\wudriver.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\wuapp.exe
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\wuaext.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-16 13:47:35 ----A---- C:\WINDOWS\system32\storewuauth.dll

======List of files/folders modified in the last 1 month======

2015-04-25 22:56:44 ----RD---- C:\Program Files
2015-04-25 22:45:28 ----D---- C:\WINDOWS\system32\config
2015-04-25 22:45:22 ----D---- C:\WINDOWS\Temp
2015-04-25 22:43:39 ----D---- C:\WINDOWS\Microsoft.NET
2015-04-25 22:43:26 ----D---- C:\WINDOWS\Prefetch
2015-04-25 22:34:45 ----D---- C:\WINDOWS\rescache
2015-04-25 22:00:00 ----D---- C:\WINDOWS\system32\sru
2015-04-25 21:30:20 ----RD---- C:\WINDOWS\System32
2015-04-25 21:30:20 ----D---- C:\WINDOWS\Inf
2015-04-25 21:30:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-25 21:27:35 ----RD---- C:\Program Files (x86)
2015-04-25 20:55:18 ----D---- C:\Program Files\SoftEther VPN Client
2015-04-25 20:51:43 ----D---- C:\WINDOWS\CbsTemp
2015-04-25 20:41:28 ----D---- C:\WINDOWS\system32\drivers
2015-04-25 20:12:41 ----D---- C:\WINDOWS\WinSxS
2015-04-25 20:10:23 ----SHD---- C:\System Volume Information
2015-04-25 19:52:57 ----D---- C:\WINDOWS\system32\catroot
2015-04-25 19:37:08 ----D---- C:\Program Files\SUPERAntiSpyware
2015-04-25 19:31:52 ----RD---- C:\WINDOWS\assembly
2015-04-25 19:10:27 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-25 19:07:28 ----D---- C:\WINDOWS\AppCompat
2015-04-20 17:10:34 ----D---- C:\WINDOWS\AppReadiness
2015-04-20 17:10:33 ----HD---- C:\Program Files\WindowsApps
2015-04-20 17:02:28 ----HD---- C:\ProgramData
2015-04-20 16:47:23 ----D---- C:\WINDOWS\SysWOW64
2015-04-20 16:46:07 ----D---- C:\WINDOWS\system32\en-US
2015-04-20 16:46:07 ----D---- C:\WINDOWS\apppatch
2015-04-20 16:46:07 ----D---- C:\Program Files\Internet Explorer
2015-04-20 16:19:53 ----SHD---- C:\WINDOWS\Installer
2015-04-17 15:25:50 ----D---- C:\WINDOWS\system32\catroot2
2015-04-16 15:25:17 ----SD---- C:\WINDOWS\system32\CompatTel
2015-04-16 15:25:17 ----D---- C:\WINDOWS\system32\appraiser
2015-04-01 12:48:24 ----A---- C:\WINDOWS\system32\cmdcsr.dll
2015-04-01 12:48:18 ----A---- C:\WINDOWS\SYSWOW64\guard32.dll
2015-04-01 12:48:15 ----A---- C:\WINDOWS\system32\guard64.dll
2015-04-01 12:47:18 ----A---- C:\WINDOWS\system32\cmdvrt64.dll
2015-04-01 12:46:51 ----A---- C:\WINDOWS\system32\cmdkbd64.dll
2015-04-01 12:45:54 ----A---- C:\WINDOWS\SYSWOW64\cmdvrt32.dll
2015-04-01 12:45:27 ----A---- C:\WINDOWS\SYSWOW64\cmdkbd32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 LHDmgr;LHDmgr; C:\WINDOWS\System32\DRIVERS\LhdX64.sys [2015-02-13 39008]
R0 Wof;Windows Overlay File System Filter Driver; C:\WINDOWS\system32\drivers\Wof.sys [2014-11-21 157016]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2015-04-01 20696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2015-04-01 820952]
R1 cmdhlp;COMODO Internet Security Helper Driver; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2015-04-01 35080]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-02-10 26528]
R1 inspect;@oem13.inf,%inspect_Desc%;COMODO Internet Security Firewall Driver; C:\WINDOWS\system32\DRIVERS\inspect.sys [2015-04-01 126720]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R3 ACPIVPC;@oem14.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2015-02-13 33560]
R3 BCM43XX;@oem5.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [2015-02-10 6835784]
R3 CnxtHdAudService;@oem7.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-02-10 1608864]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-02-10 3828152]
R3 iwdbus;@oem24.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-08-01 27032]
R3 keycrypt;keycrypt; C:\WINDOWS\system32\DRIVERS\KeyCrypt64.sys [2015-02-10 76520]
R3 L1C;@oem3.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\L1C63x64.sys [2015-02-10 130248]
R3 MEIx64;@oem17.inf,%TEE_SvcDesc%;Intel® Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2015-02-10 99288]
R3 Neo_VPN;@oem8.inf,%Neo.Service.DispName%;VPN Client Device Driver - VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [2015-02-10 28640]
R3 StillCam;@sti.inf,%StillCam.SvcDesc%;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2014-11-21 11776]
R3 vm331avs;@oem6.inf,%USBCamera.DeviceDesc2%;Digital Camera 1; C:\WINDOWS\System32\Drivers\vm331avs.sys [2015-02-10 975104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S3 intaud_WaveExtensible;@oem23.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-08-01 38296]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2015-04-25 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2015-04-25 64216]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2015-04-20 35064]
S3 wsvd;wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [2012-06-13 102376]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2015-02-10 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-03-18 81088]
R2 ChromodoUpdater;COMODO Chromodo Update Service; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2015-01-23 2368712]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2015-04-20 5540424]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-02-10 319376]
R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-09-18 14624]
R2 SEVPNCLIENT;SoftEther VPN Client; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2015-02-10 4409400]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-02-15 43696]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-25 1871160]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-25 1080120]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-01-02 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20 268464]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-11-21 38792]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2015-04-20 2265816]
S3 cphs;Intel® Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-02-10 281488]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-22 148080]

-----------------EOF-----------------
 

 

info.txt logfile of random's system information tool 1.10 2015-04-25 22:56:56

======MBR======

0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000869E940E000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Adobe Flash Player 17 NPAPI-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.10)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}
AntiLogger Free version 1.8.2.198-->"C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe"
Chromodo-->"C:\Program Files (x86)\Comodo\Chromodo\uninstall.exe"
COMODO Internet Security Premium-->MsiExec.exe /I{68BE8BAB-5375-4C99-9116-1808F5968D40}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -IEDGCC2wa.inf
Driver Booster 2.2-->"C:\Program Files (x86)\IObit\Driver Booster\unins000.exe"
Energy Management-->"C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Energy Management-->MsiExec.exe /I{D0956C11-0F60-43FE-99AD-524E833471BB}
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
HP Officejet 4630 series Basic Device Software-->MsiExec.exe /I{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}
HP Officejet 4630 series Help-->MsiExec.exe /I{9F79230F-EE1C-407E-94E1-D69021954C9B}
HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exe
HP Update-->MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2}
I.R.I.S. OCR-->MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61}
Intel® Driver Update Utility 2.0-->MsiExec.exe /X{59DB38EB-F864-4E10-841D-38CFBCF864B0}
Intel® Processor Graphics-->"C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe" -uninstall
Intel® Driver Update Utility-->"C:\ProgramData\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe"  /uninstall
Lenovo EasyCamera-->C:\Program Files (x86)\USB Camera\vm331Rmv.exe vm331Rmv.ini
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Malwarebytes Anti-Malware version 2.1.6.1022-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox 36.0.4 (x86 en-US)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Product Improvement Study for HP Officejet 4630 series-->MsiExec.exe /I{EE629820-EACD-4AAE-966D-DF1560A0ED2D}
Skype™ 7.1-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
SoftEther VPN Client-->"C:\Program Files\SoftEther VPN Client\vpnsetup.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
TurboTax 2014 waziper-->MsiExec.exe /I{7CD6E829-3E7D-41B7-AA35-A1F16441C2B7}
TurboTax 2014 WinPerFedFormset-->MsiExec.exe /I{35EEDA1E-9D45-4580-8554-734F45D48A73}
TurboTax 2014 WinPerReleaseEngine-->MsiExec.exe /I{F2283AA1-869C-4497-8F18-09E36C67A014}
TurboTax 2014 WinPerTaxSupport-->MsiExec.exe /I{5FB042CB-B08A-481E-B076-DC6D0FEB0595}
TurboTax 2014 wrapper-->MsiExec.exe /I{F5890CC6-26B7-481E-A90E-ACE938AD294F}
TurboTax 2014-->C:\Program Files (x86)\TurboTax\Deluxe 2014\Installer\TurboTax 2014 Installer.exe /u /t /a
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)-->C:\PROGRA~1\DIFX\8C6574~1\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\vpc.inf_amd64_37c65821ee7b9e70\vpc.inf
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)-->C:\PROGRA~1\DIFX\8C6574~1\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\wudfvhidmini.inf_amd64_4f86ecaa9af0d5de\wudfvhidmini.inf

======System event log======

Computer Name: idea-PC
Event Code: 10010
Message: The server Microsoft.WindowsLive.Platform.Service.RemoteProcess did not register with DCOM within the required timeout.
Record Number: 524
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20150210211322.655854-000
Event Type: Error
User: idea-PC\Man

Computer Name: idea-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 498
Source Name: Microsoft-Windows-Time-Service
Time Written: 20150210210927.382085-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: idea-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 497
Source Name: Microsoft-Windows-Time-Service
Time Written: 20150210210925.881998-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: idea-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 496
Source Name: Microsoft-Windows-Time-Service
Time Written: 20150210210925.881998-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: idea-PC
Event Code: 46
Message: Crash dump initialization failed!
Record Number: 472
Source Name: volmgr
Time Written: 20150210210712.590100-000
Event Type: Error
User:

=====Application event log=====

Computer Name: idea-PC
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Record Number: 151
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20150210211049.000000-000
Event Type: Error
User:

Computer Name: idea-PC
Event Code: 1014
Message: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
Record Number: 148
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20150210211049.000000-000
Event Type: Error
User:

Computer Name: idea-PC
Event Code: 8200
Message: License acquisition failure details.
hr=0x80072EE7
Record Number: 147
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20150210211049.000000-000
Event Type: Error
User:

Computer Name: idea-PC
Event Code: 1534
Message: Profile notification of event Delete for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is ???.


Record Number: 142
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20150210210801.860219-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-8EKP00SAM9T
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.  

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-2925387527-242748195-4043741739-500:
Process 988 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2925387527-242748195-4043741739-500\Software\Microsoft\Windows\CurrentVersion\Uninstall

Record Number: 135
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20150123030254.486268-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: WIN-8EKP00SAM9T
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
    Security ID:        S-1-5-18
    Account Name:        SYSTEM
    Account Domain:        NT AUTHORITY
    Logon ID:        0x3E7

Privileges:        SeAssignPrimaryTokenPrivilege
            SeTcbPrivilege
            SeSecurityPrivilege
            SeTakeOwnershipPrivilege
            SeLoadDriverPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeDebugPrivilege
            SeAuditPrivilege
            SeSystemEnvironmentPrivilege
            SeImpersonatePrivilege
Record Number: 924
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150123030239.280558-000
Event Type: Audit Success
User:

Computer Name: WIN-8EKP00SAM9T
Event Code: 4624
Message: An account was successfully logged on.

Subject:
    Security ID:        S-1-5-18
    Account Name:        WIN-8EKP00SAM9T$
    Account Domain:        WORKGROUP
    Logon ID:        0x3E7

Logon Type:            5

Impersonation Level:        Impersonation

New Logon:
    Security ID:        S-1-5-18
    Account Name:        SYSTEM
    Account Domain:        NT AUTHORITY
    Logon ID:        0x3E7
    Logon GUID:        {00000000-0000-0000-0000-000000000000}

Process Information:
    Process ID:        0x20c
    Process Name:        C:\Windows\System32\services.exe

Network Information:
    Workstation Name:    
    Source Network Address:    -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:        Advapi  
    Authentication Package:    Negotiate
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 923
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150123030239.280558-000
Event Type: Audit Success
User:

Computer Name: WIN-8EKP00SAM9T
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
    Security ID:        S-1-5-18
    Account Name:        SYSTEM
    Account Domain:        NT AUTHORITY
    Logon ID:        0x3E7

Privileges:        SeAssignPrimaryTokenPrivilege
            SeTcbPrivilege
            SeSecurityPrivilege
            SeTakeOwnershipPrivilege
            SeLoadDriverPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeDebugPrivilege
            SeAuditPrivilege
            SeSystemEnvironmentPrivilege
            SeImpersonatePrivilege
Record Number: 922
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150123030238.827393-000
Event Type: Audit Success
User:

Computer Name: WIN-8EKP00SAM9T
Event Code: 4624
Message: An account was successfully logged on.

Subject:
    Security ID:        S-1-5-18
    Account Name:        WIN-8EKP00SAM9T$
    Account Domain:        WORKGROUP
    Logon ID:        0x3E7

Logon Type:            5

Impersonation Level:        Impersonation

New Logon:
    Security ID:        S-1-5-18
    Account Name:        SYSTEM
    Account Domain:        NT AUTHORITY
    Logon ID:        0x3E7
    Logon GUID:        {00000000-0000-0000-0000-000000000000}

Process Information:
    Process ID:        0x20c
    Process Name:        C:\Windows\System32\services.exe

Network Information:
    Workstation Name:    
    Source Network Address:    -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:        Advapi  
    Authentication Package:    Negotiate
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 921
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150123030238.827393-000
Event Type: Audit Success
User:

Computer Name: WIN-8EKP00SAM9T
Event Code: 1102
Message: The audit log was cleared.
Subject:
    Security ID:    S-1-5-21-2925387527-242748195-4043741739-500
    Account Name:    Administrator
    Domain Name:    WIN-8EKP00SAM9T
    Logon ID:    0x168AD
Record Number: 920
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150123030237.327331-000
Event Type: Audit Success
User:

======Environment variables======

"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"configsetroot"=%SystemRoot%\ConfigSetRoot

-----------------EOF-----------------

 

ESET log:

C:\Users\Man\Downloads\driver_booster_setup.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Man\Downloads\OJ4630_198.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Man\Downloads\SXAntivirusKit.zip a variant of Win32/SecurityXploded.A potentially unsafe application
C:\Users\Man\Downloads\vpngate-client-2015.02.07-build-9530.131781-23142006.exe a variant of Win32/WinWrapper.A potentially unwanted application

Attached Files

  • Attached File  eset.txt   469bytes   3 downloads

Edited by xXToffeeXx, 26 April 2015 - 04:55 AM.
Posted ESET log~


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 29 April 2015 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

All the files identified by Eset are in your Download folder.
Delete them
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#3 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 29 April 2015 - 11:49 AM

HI, the computer runs well.

 

 

# AdwCleaner v4.202 - Logfile created 29/04/2015 at 11:38:21
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Man - IDEA-PC
# Running from : C:\Users\Man\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


*************************

AdwCleaner[R0].txt - [731 bytes] - [20/04/2015 16:05:34]
AdwCleaner[R1].txt - [789 bytes] - [20/04/2015 16:37:21]
AdwCleaner[R2].txt - [904 bytes] - [20/04/2015 17:00:56]
AdwCleaner[R3].txt - [963 bytes] - [25/04/2015 20:52:32]
AdwCleaner[R4].txt - [1079 bytes] - [29/04/2015 11:36:23]
AdwCleaner[S0].txt - [852 bytes] - [20/04/2015 16:45:52]
AdwCleaner[S1].txt - [1026 bytes] - [25/04/2015 20:53:39]
AdwCleaner[S2].txt - [1005 bytes] - [29/04/2015 11:38:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1064  bytes] ##########
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Man (administrator) on IDEA-PC on 29-04-2015 11:41:44
Running from C:\Users\Man\Desktop
Loaded Profiles: Man (Available profiles: Man)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Farbar) C:\Users\Man\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4409400 2015-02-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2015-02-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2015-02-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-20] (COMODO)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2015-02-10] (Vimicro)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2015-02-10] (Zemana Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2015-02-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2925387527-242748195-4043741739-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-10] (SUPERAntiSpyware)
HKU\S-1-5-21-2925387527-242748195-4043741739-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2015-02-10] (Hewlett-Packard Development Company, LP)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-02-10]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2925387527-242748195-4043741739-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKU\S-1-5-21-2925387527-242748195-4043741739-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-2925387527-242748195-4043741739-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-2925387527-242748195-4043741739-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2925387527-242748195-4043741739-1001 -> {44046AF9-B462-4183-B971-457387DA006F} URL =
Tcpip\Parameters: [DhcpNameServer] 10.71.0.1

FireFox:
========
FF ProfilePath: C:\Users\Man\AppData\Roaming\Mozilla\Firefox\Profiles\pmcpq4ae.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Man\AppData\Roaming\Mozilla\Firefox\Profiles\pmcpq4ae.default\Extensions\firefox@ghostery.com.xpi [2015-02-10]
FF Extension: S3.Google Translator - C:\Users\Man\AppData\Roaming\Mozilla\Firefox\Profiles\pmcpq4ae.default\Extensions\s3google@translator.xpi [2015-02-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-10] (SUPERAntiSpyware.com)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-03-26] (Comodo)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-20] (COMODO)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2015-02-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-25] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-25] (Malwarebytes Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4409400 2015-02-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2015-02-10] (Broadcom Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820952 2015-04-01] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-04-01] (COMODO)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-10] (REALiX™)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126720 2015-04-01] (COMODO)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2015-02-10] (Zemana Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-25] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-25] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2015-02-10] (Intel Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28640 2015-02-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-20] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2015-02-10] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 11:41 - 2015-04-29 11:42 - 00010839 _____ () C:\Users\Man\Desktop\FRST.txt
2015-04-29 11:41 - 2015-04-29 11:41 - 00000000 ____D () C:\FRST
2015-04-29 11:40 - 2015-04-29 11:40 - 00001144 _____ () C:\Users\Man\Desktop\AdwCleaner[S2].txt
2015-04-29 11:26 - 2015-04-29 11:27 - 02101248 _____ (Farbar) C:\Users\Man\Desktop\FRST64(1).exe
2015-04-28 08:40 - 2015-04-28 08:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-28 08:12 - 2015-04-28 08:12 - 00027400 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2015-04-28 08:12 - 2015-04-28 08:12 - 00024328 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2015-04-28 08:12 - 2015-04-28 08:12 - 00023272 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.exe
2015-04-28 08:12 - 2015-04-28 08:12 - 00003300 _____ () C:\WINDOWS\System32\Tasks\COMODO CertSentry Updater
2015-04-28 08:12 - 2015-04-28 08:12 - 00003296 _____ () C:\WINDOWS\System32\Tasks\COMODO CertSentry Updater Weekly
2015-04-28 08:11 - 2015-04-28 08:11 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-26 15:55 - 2015-04-28 08:17 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-26 15:55 - 2015-04-26 15:55 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-26 15:16 - 2015-04-26 15:16 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-26 15:16 - 2015-04-26 15:16 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-26 15:11 - 2015-04-26 15:11 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-26 15:07 - 2014-07-21 19:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\HPDiscoPMC611.dll
2015-04-26 15:02 - 2015-04-26 15:02 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-04-26 14:44 - 2015-04-29 11:38 - 00348196 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2015-04-26 14:44 - 2015-04-26 14:44 - 00000000 ___HD () C:\VTRoot
2015-04-25 22:58 - 2015-04-25 22:58 - 00016311 _____ () C:\Users\Man\Desktop\info.txt
2015-04-25 22:56 - 2015-04-25 22:56 - 00000000 ____D () C:\rsit
2015-04-25 22:56 - 2015-04-25 22:56 - 00000000 ____D () C:\Program Files\trend micro
2015-04-25 22:50 - 2015-04-25 22:50 - 01222144 _____ () C:\Users\Man\Desktop\RSITx64.exe
2015-04-25 22:27 - 2015-04-25 22:27 - 02099712 _____ (Farbar) C:\Users\Man\Downloads\FRST64.exe
2015-04-25 21:27 - 2015-04-25 21:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-25 20:49 - 2015-04-25 20:49 - 00000000 ____D () C:\SUPERDelete
2015-04-25 19:35 - 2015-04-25 19:35 - 02347384 _____ (ESET) C:\Users\Man\Downloads\esetsmartinstaller_enu.exe
2015-04-25 19:08 - 2015-04-25 19:08 - 02224640 _____ () C:\Users\Man\Desktop\adwcleaner_4.202.exe
2015-04-25 19:07 - 2015-04-25 19:07 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Man\Downloads\iExplore.exe
2015-04-20 17:12 - 2015-04-20 17:12 - 00003831 _____ () C:\Users\Man\Desktop\RKreport_DEL_04202015_171129.log
2015-04-20 17:02 - 2015-04-20 17:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-20 17:02 - 2015-04-20 17:02 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-04-20 16:59 - 2015-04-25 19:12 - 00002190 _____ () C:\Users\Man\Desktop\Rkill.txt
2015-04-20 16:05 - 2015-04-29 11:38 - 00000000 ____D () C:\AdwCleaner
2015-04-20 16:01 - 2015-04-20 16:04 - 16884312 _____ () C:\Users\Man\Downloads\RogueKiller.exe
2015-04-20 16:01 - 2015-04-20 16:01 - 02217984 _____ () C:\Users\Man\Downloads\adwcleaner_4.201.exe
2015-04-20 16:01 - 2015-04-20 16:01 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Man\Downloads\rkill.exe
2015-04-17 15:31 - 2015-04-17 15:31 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-17 15:31 - 2015-04-17 15:31 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-17 15:31 - 2015-04-17 15:31 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-17 15:31 - 2015-04-17 15:31 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-17 15:31 - 2015-04-17 15:31 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-17 15:31 - 2015-04-17 15:31 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-17 15:31 - 2015-04-17 15:31 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-17 15:31 - 2015-04-17 15:31 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-17 15:31 - 2015-04-17 15:31 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-17 15:31 - 2015-04-17 15:31 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-17 15:31 - 2015-04-17 15:31 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-17 15:31 - 2015-04-17 15:31 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-17 15:30 - 2015-04-17 15:30 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-17 15:30 - 2015-04-17 15:30 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-17 15:26 - 2015-04-17 15:26 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-17 15:26 - 2015-04-17 15:26 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-17 15:26 - 2015-04-17 15:26 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-16 14:31 - 2015-04-16 14:31 - 00000004 _____ () C:\Users\Man\Downloads\FAP5077.tmp
2015-04-16 14:20 - 2015-04-16 14:20 - 00000004 _____ () C:\Users\Man\Downloads\FAP5BE2.tmp
2015-04-16 14:15 - 2015-04-16 14:15 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-16 14:15 - 2015-04-16 14:15 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-16 14:15 - 2015-04-16 14:15 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-16 14:15 - 2015-04-16 14:15 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-16 14:15 - 2015-04-16 14:15 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-16 14:15 - 2015-04-16 14:15 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-16 14:15 - 2015-04-16 14:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-16 14:12 - 2015-04-16 14:12 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-16 14:12 - 2015-04-16 14:12 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-16 14:12 - 2015-04-16 14:12 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-16 14:10 - 2015-04-16 15:23 - 52428800 _____ () C:\Users\Man\Downloads\thing.txt
2015-04-16 14:10 - 2015-04-16 15:23 - 05242880 _____ () C:\Users\Man\Downloads\thing2.txt
2015-04-16 14:09 - 2015-04-16 14:10 - 00243200 _____ (Support.com) C:\Users\Man\Downloads\sysprof2.exe
2015-04-16 13:47 - 2015-04-16 13:47 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-16 13:47 - 2015-04-16 13:47 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-16 13:47 - 2015-04-16 13:47 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-16 13:47 - 2015-04-16 13:47 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-16 13:47 - 2015-04-16 13:47 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 11:41 - 2015-02-17 03:22 - 01550966 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-29 11:40 - 2015-02-10 16:59 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-29 11:39 - 2015-02-10 16:57 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-04-29 11:39 - 2013-08-22 09:46 - 00292686 _____ () C:\WINDOWS\setupact.log
2015-04-29 11:39 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-29 11:38 - 2015-02-10 16:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-29 11:38 - 2014-11-21 03:34 - 00017878 _____ () C:\WINDOWS\PFRO.log
2015-04-29 11:29 - 2015-02-10 16:23 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2015-04-29 11:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-29 11:18 - 2015-03-07 01:48 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3D4DD92A-DCEB-42AE-B8BE-AF8F7E959311}
2015-04-29 11:14 - 2015-02-10 17:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-28 08:17 - 2014-11-21 03:44 - 01161006 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-26 15:58 - 2015-02-10 21:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-26 15:56 - 2015-02-10 21:30 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-26 15:56 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-26 15:55 - 2015-02-17 03:29 - 00000000 ____D () C:\Users\Man
2015-04-26 15:21 - 2015-02-10 16:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2925387527-242748195-4043741739-1001
2015-04-26 15:10 - 2015-02-10 17:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-26 15:10 - 2014-11-21 11:03 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-26 15:10 - 2014-11-21 11:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-26 15:07 - 2015-02-10 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-25 22:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-25 21:26 - 2015-02-10 16:28 - 00002868 _____ () C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Man)
2015-04-25 20:53 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-25 19:10 - 2015-02-10 16:59 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-25 19:10 - 2015-02-10 16:59 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-25 19:10 - 2015-02-10 16:59 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-25 19:10 - 2015-02-10 16:59 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 19:10 - 2015-02-10 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 19:10 - 2015-02-10 16:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-25 19:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-20 17:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-20 16:24 - 2015-02-10 16:23 - 00001985 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-04-20 16:12 - 2015-02-10 17:34 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-16 15:25 - 2015-02-11 00:33 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-16 15:25 - 2014-11-21 10:56 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-01 12:50 - 2015-01-30 15:28 - 00820952 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-04-01 12:50 - 2015-01-30 15:28 - 00126720 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-04-01 12:50 - 2015-01-30 15:28 - 00035080 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-04-01 12:50 - 2015-01-30 15:28 - 00020696 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-04-01 12:48 - 2015-01-30 15:27 - 00576848 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-04-01 12:48 - 2015-01-30 15:27 - 00444472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-04-01 12:48 - 2015-01-30 15:27 - 00041248 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-04-01 12:47 - 2015-01-30 15:27 - 00358104 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-04-01 12:46 - 2015-01-30 15:27 - 00045784 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-04-01 12:45 - 2015-01-30 15:27 - 00288472 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-04-01 12:45 - 2015-01-30 15:27 - 00040664 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll

==================== Files in the root of some directories =======

2015-02-10 21:24 - 2015-02-10 21:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-10 16:48 - 2015-02-10 16:48 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2015-03-18 17:08 - 2015-03-19 15:15 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Man\AppData\Local\Temp\Quarantine.exe
C:\Users\Man\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 22:42

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 29 April 2015 - 12:46 PM

The logs are clean.




If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 29 April 2015 - 01:03 PM

Yes, other than the last time we worked on the pc. The same issues remain. But I don't think that I can figure out the how; thus, I think we are good, unless you have any other advice.

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 30 April 2015 - 06:51 AM

Are you having any problems with this computer?

#7 consultantbis

consultantbis
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 April 2015 - 10:36 AM

Recently, the HIPS on Comodo started asking me a bunch of questions regarding trusting programs and what not. It hadn't asked me this in a while. Not sure if programs were out of date or what not. But most of the questions were about stuff I didn't recognize, some I did. I guess that for performance, the computer runs well. When I reformatted the computer comodo immediately noticed something called second@Trojan@Generation or something to that effect, Then comodo immediately was sufficed and allowed the program without needing permission. When I researched online with the MS.tmp file, it said it was an .odt file false positive. I thought this was weird because a clean install for a windows pc usually wouldn't, I assume have any open office items on it; however, I am no expert. I deleted the MS file and couldn't log in to my pc and had to use one key recovery to a previous image. Last time we worked on the same pc, and you told me it was a hardware issue; thus, I take your word for it, and this is just to explain.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 06 May 2015 - 10:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users